Privacy Policy

This policy describes the information we process to support LightWidget website and our widgets. Cookies Policy is also part of this policy but it was extracted to separate document for easier cookies management.

 

1. What kind of information do we collect and why?

To successfully provide our services, we must process information about you. There are various types of the information that we collect. It depends on how you use LightWidget.

1.1 When you see our widget or visit our website

We collect only basic logs information – your device IP address, connection information, such as browser type and version, operating system, mobile platform, unique device identifier and other technical identifiers.  The date, time and referrer URL of your request. All this data is collected automatically. This is standard procedure on almost every website. In some cases, we also use cookies. You can read more about the cookies we use in our Cookies Policy. We also save number of clicks into our widgets for aggregated statistical data and to improve our services.

All information are collected mostly to prevent abuses, detect attacks and to comply with law regulations about storing such logs.

1.2 Additional information we collect when you use our website

We use Google Analytics for better understanding how our users interact with our website, but only if you agree to our anonymous analytics cookies. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although Google Analytics records data such as your IP address (we use IP address anonymization), geographical location, device, internet browser and operating system, none of this information personally identifies you to us. We also respect DNT settings of your browser (Do Not Track). In addition, you can always opt-out by using following the instructions of this page – https://tools.google.com/dlpage/gaoptout.

1.3 Information we collect when you send a support ticket

When you send a support ticket by using form on our Support we collect some information. Support form contains some inputs that you must fill out to create a support ticket. We collect information that you explicitly provide to us in these fields.  The data will be collected into an email and sent to us. Probably most relevant is an e-mail address. This is required field. We need your e-mail address to send you a response to your support ticket.

1.4 Instagram data we collect when you log in to LightWidget

We use Instagram API to get information about your account. When you log in to our website for the first time Instagram will ask you if you want to give us permissions to read basic information about your account. Without this consent on Instagram side we do not read any information from Instagram API.

When you grant us access to read basic information we store some of these data in our database. We store:

We use this data to create an account on our website. With such account you can easily create, edit, upgrade and remove widgets.

We do not store your e-mail address nor password to your Instagram account.

1.5 Information we collect when you post a comment

When you post a comment on one of our blog posts or support articles we store the comment text you explicitly provide to us in comment form. In addition, we collect IP address, date and time of your comment. IP address is collected only because we want to prevent abuses when users post inappropriate comments.

1.6 Additional Instagram data we collect when you create a widget preview or widget by using our form

When you try to create a widget on our website we use Instagram API to get information about your pictures and videos such as:

We store all this information in two ways.

  1. We use temporary cache to prevent sending too many requests to Instagram Platform. This cache expires automatically within 24 hours.
  2. We convert the data received from Instagram API to static HTML files which are your widgets. Widget preview is stored only temporarily, and it is removed from our servers within 15 minutes. Regular widget is the widget you can embed on your website. We store it if you use our widgets.

This information is necessary to create a widget that you can embed on your website.

1.7 Personal information we collect when you upgrade your widget

When you upgrade your widget, you need to fill out our order form. This form contains personal data fields like your name, address, e-mail address, VAT ID/NIP number. We have to collect and process this data in accordance with Polish and UE law regulations and for invoicing purposes.

Payments are handled via external platform – PayPal. We do not store any credit card information or PayPal logins on our servers. We only store transaction ID received from PayPal, so we can easily identify your payment in PayPal system.

 

 

2. Data security and our third party data processors

We care about your data security. We will not share, sell, convey or otherwise disclose personal data other than as stated in this Privacy Policy, unless we are required to do so by law or you have given your explicit consent. If there is suspicion of illegal activities in connection with use of our services, information may be disclosed to the police and other public authorities subject to a court or administrative order.

We use a number of third parties to process personal data on our behalf. It makes our services more secure and reliable. These third parties have been carefully chosen and have very high level of data security. Here is the list of external providers that we use:

2.1 Hetzner Online

Hetzner Online is a professional web hosting provider and experienced data center operator. We use their servers to store our databases, widget files and all other information mentioned in section 1.1, 1.4, 1.5, 1.6 and 1.7 of this policy. You can read their data privacy here – Hetzner Online Data Policy.

2.2 Amazon Web Services

Amazon Web Services (AWS) offers reliable, scalable cloud computing services.We use AWS to increase our availability and performance. We use AWS to store encrypted backups of databases and widget files mentioned in section 1.4, 1.5, 1.6 and 1.7 of this policy. You can read their privacy policy here – AWS Privacy.

2.3 Cloudflare

Cloudflare is next generation Content Delivery Network. It greatly increases our availability and performance for our user all across the globe. Cloudflare stores our upgraded widget files mentioned in section 1.6 of this policy to serve our widgets from closest location to you. You can read Cloudflare privacy policy here – Cloudflare security and privacy policy.

2.4 SendGrid

SendGrid delivers our transactional emails through the world’s largest cloud-based email delivery platform. Whenever we send an e-mail from our website we use SendGrid. When you post a comment or upgrade our widget we send some e-mails. SendGrid care about proper and secure delivery of the e-mail we send. You can read their privacy policy here – SendGrid Privacy Policy.

2.5 Zendesk

Zendesk is customer service software and support ticketing system. When you create a support ticket mentioned in section 1.3 it goes through Zendesk services. Zendesk helps us respond to your tickets much faster. You can read their privacy policy here – Zendesk Privacy Policy.

2.6 Others

As mentioned before we also use Google Analytics (Privacy Policy) mentioned in section 1.2 and PayPal (Privacy Policy) mentioned in section 1.7. However we do not send them any personal data directly.

 

3. Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

4. How do we use information?

We use personal data to deliver our services to you, to improve and develop services in LightWidget, to understand market trends and predict future behavior, and to prevent abuse of our services. The details are as follows:

a) Market trend analysis

We analyze data to understand market trends, so that we can improve, develop and customize our website and widgets. Such analyses can be made by us directly.

b) Improve our widgets and website

We use information to improve our services, for instance by trying to make our widgets and websites as user-friendly as possible. We may for instance register all steps (page views, clicks etc) related to the widget generation to understand if there are certain elements that are confusing to our users. The analyses are usually carried out on an aggregated and anonymized level, but we may also use identifiable data to provide technical support and to understand how each individual use our services.

c) Abuse prevention

We use information to restrict various forms of abuse of our services, such as fraudulent activities, denial of service attacks, spamming, unauthorized logins and other actions that are prohibited under Polish law.

 

5. Retention of personal data

Personal data will only be kept as long as it is necessary for the purposes of our service.. You may at any time delete your widget with all statistical data by using our contact page. Your widget will then be deleted after a quarantine period, unless the information is needed to provide a service that you still want to have or we are required by law to keep the information for a specific timeframe (we are for example required to retain certain payment information according to accounting legislation).

6. Quarantine period when canceling your account

If you choose to delete your widget, it will be set in quarantine for 90 days. After that period, all your personal information will be deleted or anonymized. However, there are two exceptions:

This data is archived securely and encrypted. It is only made available to official legal entities in response to a legal request (like a court order or subpoena) if we believe that the law requires us to do so.

Profile information and login data may be accessed by our security and forensics team in a case by case basis when we believe it is necessary to do so. For example, this may be done to detect or prevent fraud and other illegal activity or to prevent other serious harm. This data is not available to anyone else outside the security team.

After the aforementioned retention period has passed, all personal identifiable data is removed from all records.

7. Information retention of blocked accounts

Blocked widgets and accounts may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from blocked accounts for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.

 

 

8. Updates to this policy

We may update our privacy policy statement from time to time to reflect changes we make to our website and our policies. If we should update this privacy statement, the new statement will be published on the website within 5 days before the changes are implemented.

The commencement date of this privacy statement is January 22th, 2016.

9. Contact information

If you have any questions or inquiries about this privacy policy please contact us by using our contact page.

10. Additional notes

We respect your right to privacy, and process all personal data in accordance with Polish and EU privacy regulations.

We comply with Instagram Policy that can be found under this link: https://www.instagram.com/about/legal/terms/api/.

Last updated: May 2018