Woebot Labs' GDPR Compliance Plan
What is GDPR?
The European Union (EU) issued the General Data Protection Regulation (GDPR) in order to improve upon data privacy laws and influence the ways organizations manage data privacy. GDPR policy must be in place by May 25, 2018.
GDPR impacts all organizations located geographically within the EU, as well as those that are located outside of the EU if they collect, store, and/or manage data of EU subjects.
How will Woebot Labs manage GDPR?
Woebot Labs will be compliant with GDPR by May 25, 2018. We will readily communicate our process of readiness to ensure current updates are easily accessible to you.
1) Remaining committed to ensuring and reviewing a reliable data infrastructure.
As a cloud-based company, we have the benefit of many great tools to assist us in protecting your data and running a reliable service. We constantly monitor our infrastructure to ensure it's quality. We also work hard to stay up to date with the latest best-practices to keep our services running smoothly and securely. We pride ourselves on meeting the higher standards required by laws such as GDPR by applying them to all of our users, worldwide.
2) Ongoing transparency regarding Woebot Labs' data policies and procedures.
Since the company's inception, Woebot Labs has been committed to safeguarding user data and their privacy. Woebot Labs will continue to monitor GDPR regulations and will adjust and update compliance planning accordingly and as needed. Updates will be made available on our website.
Encryption: All message data sent to and from Woebot Labs is encrypted. The conversation data in our iOS and Android platforms are also stored encrypted.
Anonymized data: Since the company launched in June 2017, all user data is limited to the minimum amount required for the Service to function. Data is not linked to users in an identifiable way.
Security Infrastructure: We continue to invest in a robust security team which oversees and maintains:
a) the integrity of the data infrastructure
c) security incident procedures and notifications that meet GDPR requirements
Data Portability: Users are able to request and delete their data. Procedures for requesting data and/or deletion are in place.