DRAG IS COMMITTED TO COMPLYING WITH THE GENERAL DATA PROTECTION REGULATION (“GDPR”) AND STRICTLY ENFORCES THE REGULATION AS TO PROTECT THE USER DATA WE STORE. IN THIS ARTICLE, WE EXPLAIN HOW DRAG HANDLES ITS COMPLIANCE SO THAT OUR CUSTOMERS CAN BETTER UNDERSTAND HOW THEIR DATA IS COLLECTED, PROCESSED AND HANDLED. IF WE DID NOT ANSWER YOUR QUESTIONS IN THIS PAGE, YOU CAN STILL CONTACT US BY SENDING US A REQUEST TO ACCESS@DRAGAPP.COM.

Awareness of GDPR

All employees responsible of software development & infrastructure maintenance of DragApp.com Ltd, a limited company a Company incorporated in England and Wales, are fully aware of the GDPR requirements and of the confidential nature of the users’ personal data.

Communication on Privacy Policy

Our Privacy Policy and Terms are clearly communicated to users and customers in our Privacy Policy and terms. We have notified all of our users by email about the updates on our Privacy Policy to meet GDPR requirements and also keep an up-to-date version of our Privacy Policy permanently on our website.

Information we hold

We only collect data that users share with us and we do this to improve services we offer our users.  This includes 3 kinds of data:

Personal Data.
We only collect Personal Data from two sources:
– Gmail’s API (via OAuth), only when authenticated by users or;
– Information users submit when visiting our website or using our services (e.g. tasks).

General Information.
We use third party services such as Google Analytics that collect, monitor and analyze some types of information in order to increase our Service’s functionality, including your computer’s Internet Protocol (“IP”) address, browser type, browser version or specific pages accessed during your visits to our website.

Referrals information.
If you chose to tell a friend about Drag, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him/her to visit the Site or use the Services. Drag stores this information for the purpose of sending this one-time email and tracking the success of our referral program. Your friend may submit a request at access@dragapp.com to request that we remove this information from our database.

We do not store your credit card information. If you purchase our services, your credit card information is processed and stored by Stripe (https://stripe.com/).

More details on the data we hold can be found at our Privacy Policy.

Individuals’ rights

Drag customers rights regarding to GDPR are considered and enforced, including:

Right to be informed: we clearly inform our users about the use that will be made of their data;

Right of access: our users can exercise their data subject rights to correct, modify or delete the Personal Data about them that Drag holds.

If you would like to access, rectify or delete your Personal Data, please send a request to access@dragapp.com with your full name, email address and what you would like to request (a copy of your Personal Data, to amend your Personal Data or to permanently delete your Personal Data).

Consent

Consent is provided by our users explicitly via OAuth authentication when setting an account on Drag. Drag also allows it customers to submit user data within our application, for example by creating a task or adding comments to emails. This data must have been provided by the user in a consented way.

Children

Drag does not knowingly collect information from minors. To use our website or services, users must be the age of legal majority in your place of residence. By using our website or services, you hereby represent that you are at least the age of legal majority in your place of residence. We do not use an application or other mechanism to determine the age of users of our website and services. All information provided to Drag will be treated as if it was provided by an adult. If, however, we learn that a minor has submitted information about himself/herself to us, we delete the information as soon as possible.

Data breaches

Drag is a chrome extension, featured by Google (globally), on the first page of Chrome Store, more than one time. Our Chrome extension is manually reviewed by Google internal audit team to verify that no security policies have been violated and, upon approval, maintained within the Chrome store.

We also use We use JWT tokens, that define a compact and self-contained way for securely transmitting information between parties as a JSON object. We also use node express framework, that has built-in security policies.

The points listed above help reduce the probability of a major data breach occurring.

If we become aware of any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the Personal Data that is processed by us in the course of providing our Services, we commit to, without undue delay, notify the concerned users and provide them as soon as possible with a description of the incident, investigate the incident to reasonably prevent or mitigate the effects of the incident and provide periodic updates to information about the Incident to concerned users.

Consent GDPR on data processor providers

All Drag data processor providers have been checked to be all GDPR-compliant.

List of Drag’s data processor providers:

Data Processor Country Purpose GDPR-compliant
Google USA Cloud Infrastructure, Logging, Analytics Yes
Crisp IM France Helpdesk & Support Yes
Stripe USA Payment Gateway Yes
Sendgrid USA Email Delivery Service Yes
ActiveCampaign USA Email Delivery Service Yes

Contact Us

If you have any questions about these Terms, please contact us at access@dragapp.com.