Data Security Policy

Data Security Policy

What is accessed


  • Your personal name and email attributes are needed as part of signup and login authentication process
  • If registered via Google, Microsoft or Github channels - we ONLY store email and name
  • We are implemented the "right to be forgotten" - when user leaves Neelix, the email and name are wiped out
  • We do NOT request other data from oauth channels


For MS Teams App (as published on MS Teams marketplace)

  • User account in MS Teams is paired by user's tenant id to the user id in Neelix
  • No other information from Microsoft eco system is used
  • Re MS Teams marketplace "App capabilities"
  • The information displayed by Microsoft is a generic one
  • We do NOT access phone numbers or addresses
  • Information is exchanged ONLY between the MS Teams app and Neelix.IO platform service
  • We do NOT exchange information with third parties


For Slack App (as published on Slack marketplace)

  • User account in Slack is paired by user's workspace id to the user id in Neelix
  • No other information from Slack eco system is used
  • Clarification
  • We do NOT store identifiable Slack data apart from user id
  • Information is exchanged ONLY between the Slack app and Neelix.IO platform service
  • We do NOT exchange information with third parties


What data is stored


  • Your name and email are stored are part of account creation process; Name, nickname and avatar can be modified within personal account
  • License configuration requires you to supply name and contact details for the payee
  • We do not store any payment details. All sensitive information required for billing is handled via © Stripe - at no stage are credit card details stored on, or even sent to, our servers. All credit card data is sent directly to Stripe’s secure servers. Invoices are available through Stripe's client portal
  • Other data that you create and control as part of managing Consortium
  • Audit of user access against a given consortium
  • Audit of configuration changes


What we do with data


  • Your name, nickname and email are stored on your account record; Data is encrypted at rest; You can modify name, nickname and avatar image link
  • Our policy is to never share or sell data to any external party


Data Retention and Archival Policy for Neelix Core Data


  • Your name, nickname, email, experiences commentary and meta data are stored for as a long as the account is maintained in the system. There is no automatic archival and there is no account deactivation policy related to lack of activity.
  • User can close the account be "forgotten" as per Account cancellation policy (see below). Consortium related user identifiable information is either deleted or anonymised on account closure. Data related to payments already processed will be securely stored in order to comply with our tax, accounting, and financial reporting obligations. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
  • Stripe data retention policy provides information about billing and payments data stored on © Stripe. At no stage are credit card details stored on, or even sent to, Neelix servers.


Data Retention and Archival Policy for Integrated Channels


  • This policy applies to Slack and Microsoft Teams integrations.
  • When Neelix app is installed in a workspace, we store name, id, and bot token and associate the workspace with the user who added it. When channel list is refreshed, we store name, id and locale for any unrecognized channel and associate all relevant channels (new and existing) with the user who triggered the refresh. These values may be updated periodically but we do not retain any other workspace or channel data.
  • If a channel is deleted, all data about the channel, including any Neelix default configuration settings and any associations with any users, are deleted. Likewise, if the app is uninstalled from a workspace, all workspace, configuration and user association data for the workspace are deleted along with the data for any channel in the workspace.


Encryption, Hosting and Geo Location of Data


  • We do not run own physical infrastructure. Instead, we leverage the power and security of Google Cloud Platform
  • Application and datastore are hosted in GCP - host region is us-central
  • Data is encrypted at rest
  • Internet communications are secure - https only


People and Access Policy


  • User can access data only with specific Consortia as per permissions administered by the maintenance user(s) of each Consortium
  • Only authenticated users can access functionality


Backups


  • 24 hour backups policy


Account cancellation


"Close Account"

is a self service process (same link is available under user's personal cabinet).

  • User can leave the system at any time. Personal name, nickname, account pairing details and email details will be deleted if the account is closed
  • Experiences commentary will be deleted and person identifiable information purged if your Consortium is not in use
  • If Consortium is in use by other permitted users, then a clear notification will be provided during the account closure process. You will have opportunity to agree with other users to archive Consortium in entirety or to purge own commentary only.

Account Support

is the preferred method when enquiring more about information about stored data, or when any other assistance is required.

Contact us

is another method of reaching out for enquiries or assistance.


Billing and Invoices Data Management


  • We do not store any payment details. All sensitive information required for billing is handled via © Stripe - at no stage are credit card details stored on, or even sent to, our servers. All credit card data is sent directly to Stripe’s secure servers. Invoices are available through Stripe's client portal.
  • Stripe data retention policy
  • provides information about billing and payments data stored on © Stripe.
  • Participants Dashboard
  • lists billing entities. If you are a maintenance user of a billing entity, then you will be able to access "Invoices | Stripe Customer Portal" link.


Vulnerability Management


  • See Security Vulnerability Process


The right find out more about data usage & Correction of details


Contact Us


if you need more information of if you find errors that cannot be corrected via self-service, please


Share by: