Reftab & GDPR

Reftab is GDPR compliant and is committed to providing our users with the best possible experience to ensure that they can safely rely on our platform to fit their needs. Our goal is to be as transparent as possible with our users about the data we collect to provide that service, how it is used, and with whom it is shared.

What data does Reftab collect?

Reftab collects certain data on users who visit our site. This includes, but is not limited to: IP addresses, device information, browser information and location data. This type of data is provided by your browser.

Reftab also collects data that is willingly uploaded to our site. This includes but is not limited to: email addresses, asset data, loanee data, accessories data and licenses data. This type of data is willingly uploaded by the user.

Regarding financial information: Reftab does not store credit card data. Credit card data is handled through our payment processor, Stripe.

More information can be found here:

Stripe’s Privacy policy: https://stripe.com/us/privacy
Stripe’s Guide on GDPR: https://stripe.com/guides/general-data-protection-regulation

What does Reftab do with the personal data it collects?

The reason for collecting data is to improve the user experience and improve our platform to best suit the needs of our users. Reftab does not provide a platform for advertisers and does not sell data, personal or otherwise to anyone.

Does Reftab have an Art. 27 GDPR representative?

Yes, see our compliance landing page here: https://www.prighter.com/q/15357486

How does Reftab secure the information it collects?

Security is extremely important to Reftab and we take it seriously. You can view our FAQ post on Security here: https://www.reftab.com/faq/how-does-reftab-keep-my-data-secure

Where does Reftab store data?

Reftab stores its data in the United States. All of our hosting providers are SOC 2 Type 2 certified and ISO 27001 certified and GDPR compliant.

We use DigitalOcean and AWS as a hosting provider.

More information on DigitalOcean’s GDPR can be found here: https://www.digitalocean.com/security/gdpr/

More information on Amazon’s GDPR can be found here: https://aws.amazon.com/compliance/gdpr-center/

Reftab also backs up database data using Dropbox. This data is encrypted and protected with two-step authentication procedures.

More information on Dropbox’s GDPR can be found here: https://www.dropbox.com/security/GDPR

How can users retrieve or delete their data?

Within the Settings page of the Reftab platform, users may navigate to the section titled, “Delete Account”. From here, there is a button that when clicked, will permanently delete your account and all associated data. If a user would like to download their data we allow them to do so by using the export features on the reports page or the export feature on the settings page.

Does Reftab have a defined policy on data retention?

Reftab does not delete data without express written consent from a user. This is because Reftab offers free accounts with no time limit on usage. If a user would like to delete their account they may do so from within the settings page.

We currently have a retention period of backups on Dropbox of three weeks. So if a user deletes their account, their information will be retained within backups until the backup retention period has ended.

Does Reftab offer a Data Processing Agreement (DPA)?

Yes - Email: help@Reftab.com and we will send you our DPA for review and sign.