Overview


Smaply by More than Metrics is according to our current state of information fully compliant with GDPR. Our company is registered as GmbH in Innsbruck, Austria and therefore European Standards fully apply to all services we provide. If you have any concerns, want to report a vulnerability or have general questions, please don't hesitate to get in touch with us via support@smaply.com. While everyone at More than Metrics GmbH takes Privacy and Data Security very serious we have implemented additional measures to protect your data. Below you can find an overview about the main points of GDPR.

GDPR commitment


On May 25th the GDPR (in Austria DSGVO) went into action. In order to comply with the GDPR there are numerous measures taken in addition to the ones already in place. We defined a set of technical and organizational measures to be taken based on the new legislative situation.

Specifically these are:
* Revised 3rd party contracts with DPA's in place (done)
* Specific information on how data is used and stored publicly available (done)
* Review T&C for GDPR compliance (done)
* Review and update all policies and processes in regards to security and privacy compliance (done)
* Granular consent for tracking (in progress)
* In-app possibility to opt-out of tracking (in progress)
* Team training on Privacy and Data protection (done)

In addition there are a number of additional steps taken to strengthen compliance wherever possible. We are very happy to share all the details with customers. Please just get in touch with us via support@smaply.com.

Right to access


We only collect data that is essential to providing the service to you: email address and name to authenticate you, invoice details to meet Austrian law and some key usage data like error logs to fix bugs and improve the software. That’s it. To get more information or receive a copy of your personal data, please just get in touch with us via support@smaply.com.

Right to be forgotten


This was implemented in Smaply from day one: When you unsubscribe from Smaply all your data will be deleted from the production system immediately. Within 6 weeks it will also be gone from all our backups (we keep backups for 6 weeks by default; after that they will be deleted automatically).

Privacy by design


Your privacy comes first. We don’t process/sell any of the data you enter, no matter if personal or not. It's just stored and served for your usage of the software. This is a really important point for us: Our business model is to provide Software as a Service with a fair pricing model. There are no strings attached and our terms of service are really clear. It's that simple.

Data Storage


We use Google Cloud Platform provided by Google Commerce Limited, Ireland as well as Amazon Web Services provided by Amazon Web Services, Inc. as hosting providers.

Google Cloud Platform - Compute Engine locations used
* St. Ghishlain, Belgium
* Changhua, Taiwan
* Sydney, Australia
* Iowa, USA

We have a database cluster in place that distributes stored data between all data-centers. However, all data is encrypted both at transfer and at rest and even though we host worldwide, your data is protected according to European standards. You can read more about this here. If you have doubts or questions about how we store data, please don't hesitate to get in touch with us!

Amazon Web Services - S3 + Cloudfront locations used
* Frankfurt, Germany

Files and images uploaded to Smaply are stored in S3, provided by Amazon and delivered via Cloud Front for your usage.

3rd party data providers


Smaply by More than Metrics GmbH tracks only essential usage data to be able to keep the service online and on the other hand improve the service experience. In addition to the hosting partners above we collaborate with a few more service providers to provide you with the best-possible experience when using Smaply. While we make sure to anonymize usage data before sharing it with 3rd parties wherever possible, we still want to let you know which 3rd party-providers we cooperate with and why. In addition to to checking every provider carefully before interacting with them we have DPA's in place for each of them:

Availability of service & error tracking
* New Relic (Infrastructure monitoring for servers)
* Rollbar (Server log and error monitoring and notification service)
* Papertrail (Server log monitoring)
* Pingdom (Notification service for server outages)
* Mandrill by Mailchimp (Email delivery)

Usage tracking
* Segment.io & Kissmetrics (essential usage data to improve service)
* Google Analytics (Website traffic)

Payment provider
* Braintree by Paypal (Europe) S.a.r.l. (PCI level 1 compliant payment provider)


Data processing agreement


Every newly registered user of Smaply has to read and acknowledge the basic information about privacy and security. In addition to that we do have a standard contract in place which you can find here: https://www.morethanmetrics.com/terms-and-conditions.html
It is available both in German and English and is pre-signed by us. If you have special requirements for your DPA it is of course possible to set up a specific agreement. To do so, please get in touch with us via support@smaply.com.


General remarks


We try to make the information about privacy and security as clear and easy to understand as possible and avoided "legal speech" on purpose. If have questions, need information of further detail or a more formal agreement please don't hesitate to get in touch with our CTO Klaus Schwarzenberger. He takes care of managing privacy and security measures at More than Metrics Gmbh. To do so, please get in touch with us via support@smaply.com.

Want to stay tuned? We don’t spam and just mail you occasionally.

Thank you! Please check your email inbox.

Oops! Something went wrong while submitting the form