Last update: 2019-06-08
Information We Collect
Minsilo collects data that you a) give to us explicitly and b) that is collected automatically when you use our service. We use this data to provide our service, make enhancements to our product, detect issues with our product, and to grow our business. The manner in which specific pieces of data is outlined below.
Information you provide to us
In order to properly secure our product, we may collect your email address and the email addresses that you provide explicitly to us. Email addresses that you provide to us are used primarily for authenticating you as a user of the platform, as well as being used to send updates and notifications about activity within the platform. Additionally, email addresses you provide to us may be used notify you of important changes or improvements to our platform.
Notifications about the platform may be sent either through our application directly or via a marketing campaign in Mailchimp. You may opt-out of emails from our platform, except for emails you explicitly request (such as password resets), by following the instructions in the footer of the email or by filling out this form.
We also use your email from time-to-time as an identifier within our application analytics. Our application analytics are currently provided by Mixpanel and Bugsnag; links to our analytics providers are listed under "Third Party Services".
Personally Identifiable Information
You may provide personally identifiable information ("PII"), including your name, avatars (images that may represent you), and unstructured PII that you provide elsewhere in the application. We use this data only to provide our application and do not share this information with third parties.
You may provide specific data about your business, in order to make use of our service. Some examples of business data include, but are not limited to: "contribution" postings that are provided by you, or other users working for or on behalf of your company; "goals", "purposes", and "strategies" that are explicitly provided by user and their related data.
We only use business data for the purpose of providing the application. We do not disclose or share this information with third parties, except when required pursuant to a lawful government request.
You may also connect third-party applications to Minsilo in order to make Minsilo more useful. Integration data can be received my Minsilo manually, such as when a user creates an integration with a third party applicfation. Additionally, integration data can be received automatically, such as when a user configures a Webhook that is triggered by an event in a third party application.
Integrations are explicitly opt-in. We do not have a mechanism for automatically integrating with your applications.
Authentication data for integrations is not stored and must be configured every time you configure integrations. We do not store API keys or similar authentication data within our application; we only store them temporarily during the creation of the integration, in order to make API calls on behalf of you as a user.
Some business data may be collected from third party applications that you integrate with Minsilo. This may include data from users that are not on the Minsilo platform. This data is collected using the permissions provided by the third party platform, based on the user that is authenticated. The specific level of access is determined by the implementation provided by the third party vendor that you're integrating Minsilo with; in summary, we have the same level of access to information as the user or role that is configuring the integration.
Information we collect automatically
Minsilo also collects information automatically in order to provide our service and make it useful. This kind of information includes the following:
Some aggregate data about how you use our product is collected. This may include which features you engage with, the frequency of your interactions with our software, and the overall duration of your interactions.
IP addresses, beacons, log files, tokens and device IDs
Like many other web applications, we collect technical details about how you interact with our application.
IP addresses are collected to a) provide the application, since all Internet-based services need to have an IP address to know how to send data back to your browser; b) prevent fraud and abuse of our platform, by allowing us to detect misuse and programatically block users and systems that abuse our services; c) better understand where users are connecting from, including using IP addresses to determine geolocation of a user that connects to our platform; d) improve the performance of our application.
Cookies and other unique identifiers
We utilize cookies to make our application work properly. For example, we currently store cookies that include your authentication token and related authentication data, in order to allow you to access your user account and the resources that require you to be logged in to view.
You may elect to not allow cookies to be used in your browser, however, your access to our services may be greatly restricted. For example, if you prevent your browser from storing authentication cookies, you will not be able to access account resources from your browser.
Bug and crash data
We utilize third party bug and usage tracking services, described under "Third Party Services," in order to reliably provide our service, fix technical issues, and better understand usage patterns. We try our best to prevent sensitive data from being shared with these third parties, but some data may occasionally be shared from the application. On request, we can disable bug tracking for our application.
Access to data from consultants
Minsilo may occasionally provide professional or consulting services to clients who use our platform. In such cases, these consultants will have access to your company's Minsilo workspace as a user or administrator. This consultant will have their own separate user account within the workspace and will be identified as "Consultant Name (Minsilo)".
Consultants have the same data access privileges as any other user who holds their access level within the platform; for example, a Consultant that has "admin" account access, can view everything an admin from your company can view.
Consulting services are provided as an opt-in service only and may incur additional charges. Minsilo is under no obligation to offer consulting services; all consulting services are provided on a case-by-case basis and at the sole discretion of Minsilo.
How we use and share data we collect
Minsilo respects your privacy and takes reasonable steps to protect your data from misuse. We utilize your data in order to:
- provide our services to you and your company;
- prevent misuse of our services and software;
- better understand how you utilize our software and learn how we can improve our services;
- resolve technical issues and "bugs" that may exist in our software;
- improve the security of our platform;
- comply with lawful government and law enforcement requests;
- provide support for our services and help you to better use our software;
- inform you of changes to your account, remind you to engage with our software, and notify you of improvements to our platform
Minsilo takes security seriously and takes reasonable precautions to protect your company's data. Some steps we take to secure your data include:
- password-based authentication is implemented using industry-standard libraries that hash passwords with a per-user "salt" and a global "pepper";
- we utilize SSL throughout the application;
- each customer is placed on a separate database with separate login credentials for that database only;
- we run 100% on the cloud, within a virtual private cloud ("VPC") that cannot be accessed via the public internet, except via our public-facing proxy servers.
Third Party Services
Minsilo presently uses the following services to provide the capabilities of our application and may share data with these third parties, in order to provide our application:
- Amazon Web Services
- Notion.so — at present, we only use Notion.so for the purpose of providing documentation about our application.
- Zendesk — at present, only used for the "Help" feature of our application.
We also use these services to provide our marketing websites and email campaigns (www.minsilo.com):
- Amazon Web Services
- Google Forms
- Google Analytics
While we take reasonable precautions to protect your data from unauthorized disclosure, do understand that no computer system is completely secure or free from mistakes. The risk of unauthorized access remains a possibility with any software service or product, including Minsilo. Depending on your service level with Minsilo, we may take additional or separate steps to ensure data privacy and security.
Basis for Information Processing
We process your personal data only when we have a lawful basis. Presently, we have a legitimate interest and, in some cases, your consent as the lawful basis for processing. Our legitimate interest is to deliver the services to you. We have determined that our processing of your personal data is necessary to deliver the services to you, and that there is no less intrusive means of delivering you the services. Finally, we believe that our processing of personal data will not cause unjustified harm in a way that would override our legitimate interest basis as provided under the EU’s General Data Protection Regulations.
In some cases, we may use consent as our lawful basis for collecting and processing certain types of personal information. In such cases, you have a right to withdraw consent at any time.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Using the Services from outside the United States
The hosting facilities, servers and central database for the service are located in the United States, except for our web application frontend. If you are accessing the service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States by us as data controller and as data processor. By signing up for and using the service you agree to this transfer. Please be assured that we seek to take reasonable steps to ensure that your privacy is protected.
Static assets and web application frontend
Minsilo currently relies on Amazon's Cloudfront CDN services to provide static assets and resources for our application. Since our web application frontend is separate from the rest of our application, we are able to host and serve that
In order to provide better performance than a single hosting region, Amazon may serve you a copy of our web application from a server that is located outside of the United States. Generally, this means that you'll receive a copy of our web application frontend from a server closest to you; for example, a user in the EU may receive a copy of the web application frontend from a server located in Europe.
Our web application frontend is loaded locally onto your device and is does not itself contain any sensitive or personal information.
Minsilo retains information that you provide to us in order to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements.
Some of the data that you provide is retained at a company-level; as an individual user, you may not be able to remove data that you've posted to your company's workspace or have otherwise shared during your use of your company's Minsilo workspace. This data is preserved for the benefit of your company.
As a company administrator, you may remove data related to your organization within Minsilo. In this event, we will remove any data that resulted from user uploads or data that is stored in your company's workspace. Some copies of this data may be preserved for the short-term, such as to maintain reliable backups of our customer data; we are unable to remove data from these backups specifically, but typically these backups will be destroyed after a period of time.
Please note that we may not be able to remove your company's data in the event that we're required to retain it because of government regulations or lawful requests. In some cases, we may also be prohibited by law from notifying you that this data has been retained.
Attn: Legal Department
2 Ave de Lafayette
Boston, MA 02111