GDPR Compliance

Last updated: January 5th, 2021

Where are your servers located?

1st things 1st is hosted on a DigitalOcean server in Frankfurt, Germany.

What kind of data are you storing?

From the personal data, we are storing your first and last names, email, avatars from a social network or Gravatar, company name (if applicable), and billing address.

Of course, we are storing your prioritization projects with criteria, things to evaluate, and evaluations.

Can I see what information you are storing about me?

If you want to get a list of all the data that is stored about you on 1st things 1st, you can ask for it in the feedback form and we will respond within 2 working days.

Is my information kept private on 1st things 1st?

All your private information is kept private and not exposed to third parties.

But if you have an organizational account, you can share your information with your chosen friends or colleagues and work on the prioritization together.

Can my information be ported?

Account information is not portable. But prioritized projects can be exported to XSLX, PDF, or email message.

What security measures do you have for data storing and transfer?

As for login passwords, we save their hashes in the database. No credit card or banking information is saved on our servers. Payments are done through Stripe who take care of more secure measurements.

All website data is transferred to and from the server using the SSL certificate.

We do daily backups and should be able to recover the lost database within 24 hours. We have backups of the last 7 days.

Do you inform about security breaches?

If we notice any security breach where the personal data could be exposed to third parties, we are going to inform you by email within 3 days.

Do you offer your users an opt-out?

At any time you can delete your account together with the prioritization projects you created. This can be done at the account deletion page.

Contact Us

If you have any questions about GDPR compliance, please contact us.