MeetButter ApS is a Danish company and we care and compete on data privacy when delivering our services. This means that we are continuously striving to fulfill the GDPR and have taken all necessary technical and contractual measures to ensure that personal data is processed securely.
This document describes the overall content of our GDPR compliance programme but if you have any additional questions related to privacy or security, please feel free to reach out at firstname.lastname@example.org.
We provide two services:
- A paid service to enterprises or other organisations who wish to use our services as an integrated professional tool. For this, we have a Data Processor Agreement, which outlines how we process personal information as a data processor on behalf of a customer.
Data Processing Agreement (DPA)
Our DPA relies on the EU Commission Standard Contractual Clauses. One of the reasons we use this agreement as a standard is that the SCC is well known and approved by the European Data Protection Board. Another reason is that we use some sub-processors outside of the EU and that such transfers are based on the SCC as well given the fact EU/US Privacy Shield arrangement was deemed invalid by the European Court of Justice in the summer 2020.
As of November 2020, we have carried out individual risk assessment of all our data processors and entered into Data Processing Agreements that relies on SCCs for the transfers that goes outside of the EU. You can read more about sub-processors below.
With the EU / US Privacy Shield invalidation we have attempted to move the storage of personal data back onto EU soil wherever we could without compromising our ability to deliver best-in-class online meetings. Our core infrastructure is therefore now located at AWS data centers in France and the usage analytics processing is carried out with Mixpanel in the Netherlands.
Unfortunately, there is simply a lack of infrastructure providers for video conferencing and customer communication with data centers outside of the US, and we therefore rely on the Standard Contractual Clauses issued by the European Commission to transfer personal data to data processors in the US that we consider absolutely necessary to deliver Butter.
Amazon Web Services
Hosting and Storage
Platform Usage Analytics
Email, Name, In-app behaviour
Email, survey response content
Email, name, in-app behavior and usage that help send emails at the right time
Video call infrastructure
In-app behavior, Videostreams
Customer service communication
The information included by the individual reaching out to Butter
Platform tracking infrastructure
Email, Name, In-app behaviour
Traffic analytics on marketing site(s)
Location, in-app behaviour (but pseudonymized)
Back office operations
Detect and resolve session bugs
Email, name, anonymized session recordings
Data protection by design
At Butter we're all about integrating data protection and privacy measures into our business and processing activities upfront. We expect our vendors to have similar technical and organisational measures in place so that, at the end of the day, we can protect the rights of our users and customers, and deliver delightful online meetings.
In essence, we do this by following a certain set of principles:
User data is the users' data
- As by recommendation from the General Data Protection Board we have also implemented some supplementary technical measures to make it a breeze for customers to exercise their right to access their personal data, correct it, or delete it entirely under account settings in Butter.
- Technically speaking, if you delete your account, we will make all content of the account inaccessible on deletion, but make sure that only after 30 days will it be deleted from our servers and no longer be recoverable.
- Additionally, you can reach out at email@example.com if you need a hand with any of the above.
Only collect data that is necessary to deliver delightful online video conferencing
- To improve our website, services, user experience, as well as assisting users with support inquiries, we collect and process personal information that helps us understand how it's being used, why it's being used in that way, and where errors occurs.
- We limit the amount of data we collect to what is strictly neccesary to do the above and for the categories of data that require your consent, we will actively ask you for consent before we collect and store any of your personal data.
Store data on EU territory wherever possible
- In light of the recent invalidation of the EU / US Privacy Shield that ensured appropriate safeguards for transferring personal data to the US, we have attempted to move the storage of personal data back onto EU soil wherever we could without compromising our ability to deliver best-in-class online meetings. Our core infrastructure is now located at AWS data centers in Paris and the usage analytics processing is carried out with Mixpanel in the Netherlands.
- See the list of Sub-Processors above for a detailed overview.