STARFISH privacy and data protection policy

The privacy of your data — and it is your data, not ours! — is a big deal to us. We’ll only ever access your account to help you with a problem or squash a software bug. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.

Identity & access

When you sign up for STARFISH, we ask for your name, company name, and email address. That's just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.

When you pay for STARFISH services, we ask for your credit card and billing address. That's so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn't ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history, invoicing, and billing support. We store your billing address to calculate any sales tax due in the United States, to detect fraudulent credit card transactions, and to print on your invoices.

When you write STARFISH with a question or to ask for help, we'll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we'll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we’ll ever share your info:

Your Rights With Respect to Your Information

You may have heard about the General Data Protection Regulation (“GDPR”) in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the Site. Accordingly, STARFISH recognizes and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:

Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at privacy@starfish.team.

Processors we use

As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information. For identification of these processors, and where they are located, please see our Subprocessor listing. We sign data processing contracts that comply with GDPR with each processor where required.

Law enforcement

STARFISH won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we're legally prevented from it, we’ll always inform you when such requests are made.

Security & Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. Data isn’t encrypted while it's live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.

Deleted data

When you cancel your account, we'll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it's active will also be purged within 30 days (up until then it's available in the trash can).

STARFISH GDPR compliance

The EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. STARFISH is ready.

Does GDPR affect me?

If you're based in the EU or do business in the EU GDPR affects you. If you have any EU personal data in your STARFISH account, such as names, email addresses, ID numbers, or… anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including STARFISH. These agreements are commonly called a Data Processing Addendum, or DPA.

Subprocessor Listing

STARFISH uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, and require the same of them. STARFISH uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.Subprocessors:
Digital Ocean. Cloud services provider.
Plausible. GDPR compliant web analytics.

Location of Site and Data

This Site is operated in Germany.

Changes & questions

STARFISH may update this policy once in a while — we’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time by contacting support@starfish.team.