Effective date: 02/27/20 (see previous version here) — Click here for key changes
Our approach to your privacy boils down to doing the right thing. You should never feel surprised about the information we know about you or when we contact you. Every interaction should be valuable to both you and us. If you ever feel like the information we know about you is surprising, please let us know.
When it comes to being stewards of your information, we'll do the right thing and won't use your information without your permission. We strive to collect the least amount of information as possible. Information takes up space, and we like space.
Why should you trust us?
Because you support us with your financial support, and our relationship with you helps us achieve our company vision. It's not good to anger people you're in a relationship with. That's bad for the taco business, our personal happiness, and helping spread kindness throughout the world.
Here's a list of sections to learn more about your privacy:
- What we collect and why
- Where your information is stored and protections
- Cookies and how we use (hint: we don't eat them)
- Who has access to your data
- How you can control your data
First, a note about who you are
If you use HeyTaco's Services you are either a Member or an Administrator. Your HeyTaco Community is made up of Members and Administrators. Administrators have access to all Member data and have control of your Community's settings and data.
If you are not an Administrator and have data questions, requests, or concerns please contact your Administrator so they can fulfill your needs. If you cannot contact your Administrator or have a dispute, please contact us at [email protected].
What we collect and why
When an Administer adds HeyTaco to your chat platform (e.g. Slack, Microsoft Teams, Discord), we collect information necessary for our Services to function. We also collect information if you give it to us.
Any of the information we collect from you may be used in one of the following ways: (a) Personalize your experience. (b) Better respond to your individual needs. (c) Operate and improve our Services. (d) Improve customer service. (e) Contact you.
Here is what we collect and why:
- Names and URLs of chat platforms you use with HeyTaco
- Used to display names in the product, identify your platform for support, and associate information about your platform to itself.
- The number of people in your chat platform
- We use this for product functionality and internal reporting.
- Your name and/or display name
- To identify you in the product so we and people in your group can find you.
- This is a picture you've chosen to represent yourself. It's collected from the picture you're using in the chat platform with HeyTaco.
- Your account admin uses this to relate your information to other systems of record.
- If you are an Administer, we may use your email to contact you regarding your product usage. This includes things like billing, troubleshooting, cancellation reasons, and welcoming you to the product. We strive to send the least email possible.
- If you are a Member, we won't email you unless you or your Administer gives us permission to do so.
- In order to operate, maintain, and provide to you the features and functionality of our Service we only collect needed information, including; message, timestamp, giver, receiver, and where the message was located (e.g. channel name, chat platform).
We only collect messages directed at the HeyTaco application. This means we cannot see all the messages in your chat platform. To see messages they must:
- Slack — (a) Have a taco emoji in the body of the message, this excludes message reactions and messages that have been edited to include a taco emoji. (b) Be in a channel or group message that HeyTaco has been invited to as a member.
- Microsoft Teams — (a) Have a taco emoji in the body of the message, this excludes messages that have been edited to include a taco emoji. (b) Include the bot username (@heytaco), (c) Be in a channel or group message that HeyTaco has been invited to as a member.
- Discord — (a) Have a taco emoji in the body of the message, this excludes messages that have been edited to include a taco emoji. (b) Be on a server that HeyTaco has been invited to as a member.
If you have any questions about the information we collect please contact us at [email protected].
Where your information is stored and protections
Security and storage
We use Heroku and Amazon Web Services as hosting providers in the United States to store and protect your information. They are up to date and set up with the latest security standards and undergo recurring security assessments to protect your information.
When you submit information via our service, your information is protected and encrypted both at rest and in transit through secure connections. We implement a variety of security measures to maintain the safety of your personal information. If your personal data is exposed to an unknown 3rd party we will notify you within 72 hours of the incident being reported.
HeyTaco may transfer your data to countries you don't live in. We offer European Union Model Clauses, known as Standard Contractual Clauses, to meet General Data Protection Regulation requirements for Administrators and Members who are citizens of the European Union. A copy of our data processing addendum, including Model Clauses, is available by contacting us.
If you have any questions about data security and storage please contact us at [email protected]
How long do we retain data about you?
We use historical data about people who use our Services to generate internal research reports and for you to view historical information about your own usage.
If you stop using the service, your data is also available to Administrators for your HeyTaco account. Your old data can be used by Administrators to see historical taco giving, messages you gave and received, and any other data collected about you.
We remove your personal data after an Administrator removes and/or stops using our Services and sufficient time has passed to warrant data removal.
The Administrators for your account are responsible for your data. In most circumstances, they must approve of any data removal or modifications. If you are a Member from the European Union and your Administrator will not request to remove your data please contact us [email protected].
Cookies and how we use them (hint: we don't eat them)
Cookies are small files a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
- To keep you logged in to the website.
- Our customer support software has cookies that enable onsite support widgets and help us better assist you.
If you ever have questions or feedback about cookies we use, please let us know at [email protected].
Who has access to your information
Your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the Services requested. We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. An example is our payment processor. They use your email address and name to send you receipts for your payments.
- Stripe (https://stripe.com)
- Billing and payment processor for purchases. (Administrator contact data only)
- Heroku (https://www.heroku.com)
- Hosting provider for app and data storage.
- Amazon Web Services (https://aws.amazon.com)
- Hosting provider for app and data storage.
- Google Analytics (https://www.google.com/analytics)
- Service analytics to track and analyze Service usage.
- ProfitWell (https://www.profitwell.com)
- Helps us do billing updates and analyze subscriptions. (Administrator contact data only)
- Help Scout (https://www.helpscout.com)
- Our customer support software.
- HotJar Ltd. (https://www.hotjar.com)
- If you leave your name or email in a survey, it’s stored with HotJar until we remove it.
- Typerform (https://www.typeform.com)
- If you leave your name or email in a survey, it’s stored with Typeform until we remove it.
- Quickbooks (https://quickbooks.intuit.com)
- Certain Administrators may do billing and payment through Quickbooks
We may also release your information when we believe releasing it is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses. An example of this would be creating an advertisement about how people who use HeyTaco on Slack recognize each other X times per month on average. This is where you aggregate data to make it so the people behind it cannot be identified.
How you can control your data
Depending on if you are an Administrator or Member, you will have different rights regarding your data. If you are an Administrator, you can request for us to send, remove or modify any information about your account. You can export data on the Admin page of your HeyTaco site or by emailing us. To permanently remove your data, you must email us at [email protected], and we will remove your data within 30 days of notice.
If you are a Member, you can export some of your personal data on your Profile page. If you would like to view, modify, or remove all or some of your data please contact your Administrator and have them email us to do so. If you don't know your Administrator or have questions please email us at. [email protected].
Data Protection Authority
Subject to applicable law, you have the right to (i) restrict HeyTaco's use of your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and would like to lodge a complaint please contact your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here. (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
on this page.
Last Updated on February 27th, 2020
- Added information that pertains to using HeyTaco on Microsoft Teams
- Provided additional clarification on how tacos are tracked