Yes, Gator is compliant with the European General Data Protection Regulation.
Most of Gator's compliance is based on the fact that Gator stores very little personally identifiable information (PII). Exactly how we handle your personal data is outlined below.
How Gator handles your personal data
Most users will never need to provide Gator with personal information.
Because Gator is a Slack application, it relies on Slack for user authentication and authorization. The Slack API provides Gator only with a non-personally identifiable unique ID for your username, like "WH58E5SM6". You do not have a separate username and password for Gator.
That said, under certain circumstances Gator may become a controller of your personal data. Here are some details:
If you include your personal data inside the contents of a message you send with Gator, then Gator will store and transmit that data securely. But Gator erases message contents as soon as a message is delivered, so the contents of most messages lives in Gator's systems for less than 24 hours. You can read more about how we handle message data here.
If you visit our website, https://www.gator.works, you will see an opt-in cookie notice. If you do nothing, our website will not set any tracking cookies in your browser. If you consent, you may choose between only those cookies which are necessary for Gator to function and those which are optional. See our Cookie Declaration for full details about the cookies we use on our site.
If you are the individual from your Slack workspace who upgrades to a paid Gator subscription, you will provide some PII to our payment processor, Stripe, for the purpose of completing the transaction. That data will include your name, zip/postal code, country, email address, and details about your payment method. Gator never stores information about your payment method, but Stripe will provide us access to your name and email address.
How Gator handles your customers' data
If you choose to include your customers' data in the contents of messages you send with Gator, then Gator could be a processor of that data.
Any customer data that you send in a Gator message will be stored and transmitted securely, like any other Gator message. And all message contents are erased as soon as a message is delivered, so most customer data you might provide to Gator will live on our systems for less than 24 hours.
If you feel this level of exposure requires a Data Protection Addendum to our Terms and Conditions, please contact us at firstname.lastname@example.org and we can work with your legal team to establish an agreement.
How Gator works with service providers
In order to provide Gator as a service to you, we work with a number of service providers (or "subprocessors"). All of these service providers are GDPR compliant and have established Data Protection Addeda with us to safeguard your data.
See the Gator Subprocessors page on our website for a complete and up-to-date list of the service providers we use.
How you can export and delete your Gator data
Gator provides tools for exporting and deleting your data.
To export your Gator data run the "/gator export" command from within Slack. See this help article for more details.
To delete your Gator data all you need to do is revoke the authorization you gave Slack to use Gator with your Slack account. Individuals who upgraded their Slack workspace to a paid Gator plan have an additional step to delete their data. Find more details on both points in this help article.
How can I get more answers about Gator and GDPR?