Privacy Policy

Introduction

At Painboard, we are committed to maintaining the trust and confidence of our clients and visitors to our web service. In this Privacy Policy, we’ve provided detailed information on when and why we collect personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure.

Data Privacy Commitment

Painboard considers data privacy an integral part of our operations. We understand the importance of your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws.

Data Collection

Upon initiating our service, customers have the discretion to select the specific data sources to be ingested. We respect our customers' autonomy in determining their data architecture within our platform. We provide several methods for data submission:

  1. Direct Upload: Customers can upload their data directly to our platform using the upload features that we offer, following the formats and guidelines we provide.

  2. Third-Party APIs: With the customer's permission, we can receive data through connections with other software systems the customer uses. This process is conducted securely and with proper verification to protect data privacy.

  3. Automated Data Feeds: Customers may also set up automatic transfers of data into our platform if they wish, which requires proper configuration on their part to ensure it works smoothly with our systems.

  4. Email: Customers can send their data to us via email, by attaching files to messages sent to specific email addresses we designate.

Our policies for protecting and handling data are strict, and we are committed to maintaining the security and confidentiality of the data entrusted to us throughout the collection and use process.

Data Processing and Structure

All incoming data is standardized into a uniform structure. Our sophisticated scanning procedures ensure that any Personally Identifiable Information (PII) is identified and expunged to protect your privacy. In addition, customers can customize their data ingestion processes through a configuration.

Data Retention Policy

We do not store any customer data prior to the completion of PII removal protocols. Your data is only recorded in the Painboard system post-cleansing, ensuring that only non-personal data is persisted.

Protection of Customer Data

Painboard is committed to never selling, renting, or sharing your data with third parties for marketing purposes. We respect your information and only use it as necessary to deliver our services to you.

International Data Transfers

To align with international data protection regulations, Painboard will execute a Data Processing Addendum (DPA) that encompasses suitable legal transfer mechanisms, ensuring data protection across borders. Painboard utilizes AWS as our primary subprocessor and adheres to GDPR and CCPA requirements through a signed DPA.

Data Security Infrastructure

The Painboard platform operates on Amazon Web Services (AWS) within the United States, offering reliable and secure data hosting and infrastructure services.

Data Deletion Request

After the termination of our agreement with any customer, Painboard is ready to process a data deletion command upon receiving a written request from the customer. The eradication of customer data from production systems will commence within a period of 30 days post-termination and will be completed within 3 to 4 weeks.

Data Subject Rights

At Painboard, we recognize that the data processed on our platform remains the exclusive property of our clients, who act as data controllers. The control of customer data is not within our domain as we are custodians, not owners, of the data. In keeping with our privacy principles, we ensure that identifiable information is not retained. Before any customer data is stored on the Painboard platform, it undergoes a thorough process to scrub or mask any Personally Identifiable Information (PII).

Our customers, as data controllers, are equipped with the necessary means to oversee their users' data requests within their systems. Hence, we advise individuals (data subjects) to direct their inquiries or exercise their data protection rights to the respective customer handling their data.

Should we at Painboard receive any data subject requests pertaining to customer data, our protocol involves guiding the individual to approach our customer directly. Our customers are then responsible for addressing such requests in line with the Applicable Data Protection Laws.

We are committed to providing our customers with the necessary support to facilitate their compliance with these laws, wherever it is feasible and within the reasonable scope of our obligations detailed in our service agreement with the customers.

Changes to our Privacy Policy

We may update this Privacy Policy periodically and will provide notice of any significant changes to the way in which we treat personal information.

Contact Information

Should you have any questions about this Privacy Policy, our data handling practices, or your dealings with the Painboard platform, please contact us at:

Email: privacy@jimulabs.com

Your privacy and data protection are of the utmost importance to us. We’re dedicated to being transparent about what we do with the information you entrust to us and to protecting it to the best of our ability.

Last updated: August 7, 2024