MeetButter ApS is a Danish company and we care and compete on data privacy when delivering our services. This means that we are continuously striving to fulfill the GDPR and have taken all necessary technical and contractual measures to ensure that personal data is processed securely.
This document describes the overall content of our GDPR compliance programme but if you have any additional questions related to privacy or security, please feel free to reach out at friends@butter.us.
Services
We provide two services:
- A free use of the platform by any personal user. For this, we have a Privacy Policy, where we explain our use of data as a data controller.
- A paid service to enterprises or other organisations who wish to use our services as an integrated professional tool. For this, we have a Data Processor Agreement, which outlines how we process personal information as a data processor on behalf of a customer.
Data Processing Agreement (DPA)
Our DPA relies on the EU Commission Standard Contractual Clauses. One of the reasons we use this agreement as a standard is that the SCC is well known and approved by the European Data Protection Board. Another reason is that we use some sub-processors outside of the EU and that such transfers are based on the SCC as well given the fact EU/US Privacy Shield arrangement was deemed invalid by the European Court of Justice in the summer 2020.
As of November 2020, we have carried out individual risk assessment of all our data processors and entered into Data Processing Agreements that relies on SCCs for the transfers that goes outside of the EU. You can read more about sub-processors below.
Sub-Processors
With the EU / US Privacy Shield invalidation, we have attempted to move the storage of personal data back onto EU soil wherever we could without compromising our ability to deliver best-in-class online meetings. Our core infrastructure is therefore now located at AWS data centers in France and the usage analytics processing is carried out with Mixpanel in the Netherlands.
Unfortunately, there is simply a lack of infrastructure providers for video conferencing and customer communication with data centers outside of the US, and we therefore rely on the Standard Contractual Clauses issued by the European Commission to transfer personal data to data processors in the US that we consider absolutely necessary to deliver Butter.
Subprocessor | Location | DPA | Purpose | Data |
---|---|---|---|---|
Agora | USA | Video Call Infrastructure | In-app behavior, Videostreams | |
Amazon Web Services | France | Hosting and storage | Email, Name | |
Customer.io | Belgium | Sending emails | Email, name, in-app behavior and usage that help send emails at the right time | |
Deepgram | USA | Transcriptions | Anonymized session recordings | |
Firebase | Germany | Database infrastructure | ||
Google Analytics | USA | On request | Traffic analytics on marketing site(s) | Location, in-app behaviour (but pseudonymized) |
Gsuite | USA | On request | Back office operations | |
Intercom | USA | Customer service communication | The information included by the individual reaching out to Butter | |
Mixpanel | Netherlands | Platform usage analytics | Email, Name, In-app behaviour | |
OpenAI | USA | Autogenerated-summaries and agenda | Anonymized session recordings | |
Segment | USA | Platform tracking infrastructure | Email, Name, In-app behaviour | |
Slack | USA | Internal communication | Email, name | |
Typeform | Spain | On request | Sending surveys | Email, survey response content |
Zapier | USA | Automate processes in communication systems | Email, name, in-app behavior |
Data protection by design
At Butter, we're all about integrating data protection and privacy measures into our business and processing activities upfront. We expect our vendors to have similar technical and organisational measures in place so that, at the end of the day, we can protect the rights of our users and customers, and deliver delightful online meetings.
In essence, we do this by following a certain set of principles:
User data is the users' data
- As by recommendation from the General Data Protection Board we have also implemented some supplementary technical measures to make it a breeze for customers to exercise their right to access their personal data, correct it, or delete it entirely under account settings in Butter.
- Technically speaking, if you delete your account, we will make all content of the account inaccessible on deletion, but make sure that only after 30 days will it be deleted from our servers and no longer be recoverable.
- Additionally, you can reach out at friends@butter.us if you need a hand with any of the above.
Only collect data that is necessary to deliver delightful online video conferencing
- To improve our website, services, user experience, as well as assisting users with support inquiries, we collect and process personal information that helps us understand how it's being used, why it's being used in that way, and where errors occurs.
- We limit the amount of data we collect to what is strictly neccesary to do the above and for the categories of data that require your consent, we will actively ask you for consent before we collect and store any of your personal data.
- For a full overview of our privacy measures, head over to our Privacy Policy.
Store data on EU territory wherever possible
- In light of the recent invalidation of the EU / US Privacy Shield that ensured appropriate safeguards for transferring personal data to the US, we have attempted to move the storage of personal data back onto EU soil wherever we could without compromising our ability to deliver best-in-class online meetings. Our core infrastructure is now located at AWS data centers in Paris and the usage analytics processing is carried out with Mixpanel in the Netherlands.
- See the list of Sub-Processors above for a detailed overview.