GDPR Compliance

Last updated: May 6th, 2023

Where are your servers located?

1st things 1st is hosted on a DigitalOcean server in Frankfurt, Germany.

What kind of data are you storing?

From the personal data, we are storing your first and last names, email, avatars from a social network or Gravatar, a company name (if applicable), interests, and notification settings.

For compliance with GDPR cookie law, we are also storing your device's IP address, your browser's User-Agent string, and cookie consent preferences, which can be linked to your account.

Of course, we are storing your prioritization projects with criteria, things to evaluate, and evaluations.

Can I see what information you are storing about me?

If you want to get a list of all the data that is stored about you on 1st things 1st, you can ask for it in the feedback form and we will respond within 2 working days.

Is my information on 1st things 1st kept private?

All your private information is kept private and not exposed to third parties. However, there are two exceptions:

  • If you use the autosuggestion feature, the tool might anonymously send your criteria and prioritized things to GPT-3 API managed by openai for evaluation.
  • If you have an organizational account, you can share your information with your chosen friends or colleagues and work on the prioritization together.

Can my information be ported?

Account information is not portable. But prioritized projects can be exported to XSLX, PDF, email message, Notion template, or many productivity apps via Zapier.

What security measures do you have for data storing and transfer?

All website data is transferred to and from the server using the SSL certificate.

No plain passwords are saved in the database. Instead, we store their hashes, where we can check the password's validity, but we cannot find out what your password was.

Payments are done through our reseller and Merchant of Record who takes care of more secure measurements. No credit card, banking, or billing information is saved on our servers.

We do daily backups and should be able to recover the lost database within 24 hours. We keep daily backups for 7 days.

Do you inform about security breaches?

If we notice any security breach where the personal data could be exposed to third parties, we are going to inform you by email within 3 days.

Do you offer your users an opt-out?

At any time you can delete your account together with the prioritization projects you created. This can be done at the account deletion page.

Contact Us

If you have any questions about GDPR compliance, please contact us.