Products

GDPR Compliance Information


Learn how StoryXpress helps its customers to become GDPR (General Data Protection Regulation) Compliant.

At StoryXpress, we have always taken care of your data with the seriousness it deserves, and to make ourselves & our customers General Data Protection Regulation (GDPR) compliant, we have revised our internal processes, security and terms & privacy documents accordingly.

In order to request a copy of the DPA, you can write to us at privacy@storyxpress.co


Policy:

Terms of service: Reflects the GDPR requirements and compliance.

Privacy Policy: Reflects information about the data we collect, how we protect it, and how we use it.

Cookie Policy: A banner to visitors the use of cookies.

Data Processing Addendum is available upon request.

Operation Updates

  • Access to information is restricted to what’s strictly required for troubleshooting and customer support.
  • Our partners and suppliers are also compliant with the new regulations.
  • Our whole team is being trained to understand the requirements and implications of the GDPR.

List of Sub-Processors

We work with the best in the market to ensure complete compliance, data safety, and peace of mind.

  • Stripe - Payment gateway (PCI compliant)
  • Hubspot - CRM for customer success & marketing
  • Google (Google Analytics) - Business Analytics
  • Mailgun - Email API Provider
  • SendInBlue - Email marketing platform
  • Help-wise - Shared email inbox provider
  • Profitwell - Business Financial data analysis
  • Express Video Technologies Pvt. Ltd. - StoryXpress, Inc. subsidiary

ADDITIONAL INFORMATION THAT WE STORE ABOUT YOU

Creator
When you use Creator, we may also store information pertaining to your browser and operating system to better assess the performance of our product, and also provide support in case something does not work on your system.

StoryXpress Recorder/Clapboard
To be able to use StoryXpress Recorder, you need to provide our Chrome extension with your microphone, camera, and screen capture permission, all of which are explicitly prompted for your consent.

Push Notifications
To receive real-time push notifications, we may also request you to grant browser-based Push Notification permission for our domain. This results in your browser generating a unique device identifier and sharing it with us, which is then stored in our encrypted database to enable us to deliver a push notification to that specific device in real-time. When you choose to delete your account, or when you disable the Push Notification Setting option, we delete the deviceId from our records.


Privacy and Data Handling Tools and Processes

Right to Rectification

You can access and update your StoryXpress account settings at any time to correct or complete your account information from your account settings page. You may also contact StoryXpress at any time to access, correct, amend, or delete information that we hold about you.

Right of Access

All of the data collected about your users is easily accessible within the platform. StoryXpress has an extensive privacy policy that describes what data StoryXpress collects. If your customer (data subject) asks for any information related to his/her data (under GDPR), write to us at support@storyxpress.co


Breach Notification

Quoting from GDPR website

Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.

We thoroughly reviewed our data security, made sure that we have complete data encryption for both in-motion and at-rest data. And, also created a policy around Breach notification to inform our customers within 72 hours of first having become aware of the breach.


Data Transfer

We may transfer, process, and store Personal Data we collect through the Services in centralized databases and with service providers located in the US. The US may not have the same data protection framework as the country from which you may be using the Services. When we transfer Personal Data to the US, we will protect it as described in this Privacy Policy and Terms & Conditions.

The Service is hosted in the United States. Regardless of the database being hosted in the European Union, if you choose to use the Service from the EU or other regions of the world with laws governing data collection and use that may differ from US law, then please note that you may be transferring your Client Data and Personal Data outside of those regions to the United States for storage and processing by our service providers listed in our Terms of Service. We will comply with GDPR requirements providing adequate protection for the transfer of personal information from Europe to the US. Also, we may transfer your data to the US, the EEA, or other countries or regions deemed by the European Commission to provide adequate protection of personal data in connection with the storage and processing of data, fulfilling your requests, and operating the Service.


Data Controller and Data Processor

StoryXpress does not own, control, or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or Users are entitled to access, retrieve, and direct the use of such Client Data. StoryXpress is largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users.

Because StoryXpress does not collect or determine the use of any Personal Data contained in the Client Data and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, StoryXpress is not acting in the capacity of the data controller in terms of the European-Union’s General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and does not have the associated responsibilities under the GDPR. StoryXpress should be considered only as a processor on behalf of its Clients and Users as to any Client Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this Privacy Policy, StoryXpress does not independently cause Client Data containing Personal Data stored in connection with the Services to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of StoryXpress in connection with StoryXpress’s provision of Services to Clients. Such actions are performed or authorized only by the applicable Client or User.

The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data, meaning that such party controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.

StoryXpress is not responsible for the content of the Personal Data contained in the Client Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Client or User nor is StoryXpress responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information.


Data Retention

We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:

  • the contents of closed accounts are deleted within 6 months of the date of closure.
  • backups are kept for 12 months.
  • information on legal transactions between Client and StoryXpress is retained for a period of 10 years.

We hope this makes your use of StoryXpress and the transition to GDPR much easier. As always, please contact us if you have any questions: support@storyxpress.co.