Last updated: June 25th 2019
DragApp.com Ltd (“Drag”, “us”, “we”, or “our”) is a Company incorporated in England and Wales with the registered number 10835737. We operate the https://br.dragapp.com/ website and its associated domain (together, the “Site”), as well as the information, software or services available through the Site (collectively, “Services”).
We are committed to protecting our customers’ data and have developed processes, technologies and policies that enhance our data security. Read more about our GDPR compliance status here.
We collect the information that you share with us. This information includes:
1. Personally identifiable information, or “Personal Data”.
This is the type of information that can be used to contact or identify you. We only collect data that you share with us and we do this to improve services we offer you. Providing your Personal Data to us is your choice. If you choose not to provide us with certain Personal Data, you may not be able to take advantage of certain features of our Site and Services. We only collect Personal Data that is based on either Gmail’s API (OAuth) authentication by users or information users input manually into Drag.
We collect the following information:
- Email address;
- Gmail lifetime token (that allows Drag to load, by using Inbox SDK and not storing, Gmail’s API data, that can be found here);
- Metadata (email headlines);
- Gmail labels and individual email statuses like read/unread or star/unstar.
We also collect the following information that users submit while using our services:
- Due dates;
- Columns and board names.
2. Gmail API scopes.
We use only Gmail restricted scopes required to use Drag. These scopes are limited to:
- https://www.googleapis.com/auth/gmail.modify (used to modify the status of emails such as archive)
- https://www.googleapis.com/auth/gmail.settings.basic (used to understand basic settings such as language and filters)
- https://www.googleapis.com/auth/gmail.insert (used to reply to emails as a team)
- https://www.googleapis.com/auth/userinfo.email (view email address)
- https://www.googleapis.com/auth/userinfo.profile (view personal information, including any information you have made publicly available)
- https://www.googleapis.com/auth/gmail.labels (to manage mailbox labels)
These scopes are limited to the use of data in providing and improving user-facing features that are prominent in Drag only. We do not transfer data for serving ads, including retargeting, personalized or interest-based advertising.
For full information please see User Data Policy.
3. General Information.
We use third party services such as Google Analytics that collect, monitor and analyze some types of information in order to increase our Service’s functionality, including your computer’s Internet Protocol (“IP”) address, browser type, browser version or specific pages accessed during your visits to our website. These third party service providers have their own privacy policies addressing how they use such information. We may also parse email addresses to third party email verification tools in order to verify your recipient email addresses.
4. Referrals information.
If you chose to tell a friend about the Site or Services, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him/her to visit the Site or use the Services. Drag stores this information for the purpose of sending this one-time email and tracking the success of our referral program. Your friend may submit a request at email@example.com to request that we remove this information from our database.
We do not store your credit card information. If you purchase the Service, your credit card information is processed and stored by Stripe (https://stripe.com/).
Cookies & Other Online Identification Tools
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
We must have permissions and collect some data so that we can display users’ emails on Drag boards and customize them according to our users’ preferences. For example, we must have permissions to delete emails, in order to be able to do so when users click on the delete button while using Drag boards.
We will not disclose your Personal Data except for:
- Compliance with Law and Fraud Protection. We may disclose any information, in our sole discretion and without your prior permission, to comply with any applicable law such as to comply with a subpoena, regulation, binding orders or a data protection agency, legal process or governmental request.
Drag is a chrome extension, featured by Google (globally), on the first page of Chrome Store, more than one time. Our Chrome extension is manually reviewed by Google internal audit team to verify that no security policies have been violated and, upon approval, maintained within the Chrome store.
We use JWT tokens, that define a compact and self-contained way for securely transmitting information between parties as a JSON object. We also use node express framework, that has built-in security policies.
We only communicate with Google servers through the Gmail’s API (OAuth). All data we store is stored on Mysql Database, hosted on AWS RDS, located in the United States, with encryption & required security groups so that only Drag can access it.
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. All Drag data processor providers have been checked to be GDPR-compliant as per the list below:
List of Drag’s data processor providers:
|USA||Cloud Infrastructure, Logging, Analytics||Yes|
|Crisp IM||France||Helpdesk & Support||Yes|
|Sendgrid||USA||Email Delivery Service||Yes|
|ActiveCampaign||USA||Email Delivery Service||Yes|
Compliance with Laws
We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us by submitting a request to firstname.lastname@example.org. We also run a disclosure program to further support the security of data.
Links to other sites
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
In accordance with GDPR, as our customer, you can exercise your data subject rights to correct, modify or delete the Personal Data about you that Drag holds. If you would like to access, rectify or delete your Personal Data, please send a request to email@example.com with the following information:
- Your full name;
- Your email address;
- What you would like to request (a copy of your Personal Data, to amend your Personal Data or to permanently delete your Personal Data).
In case of submissions to delete Personal Data, we will retain your information for as long as your account is active or as needed to provide you services.
You can also read everything about our terms.