This article gathers our most frequently asked questions about Minsh’s legal and technical processes — what data we store, where, for how long, who has access to it, and how we handle security and privacy. You can find more about the data protection regimes we comply with in our Data Protection FAQ.
We strive to keep this article up to date, but there may sometimes be a delay between the time changes are applied to our processes and the time those changes are reflected here. If you need clarification or the most up-to-date information, please contact us.
Which data do you store?
In order for Minsh Apps to function properly, we store the following data. Some of it may contain users’ personally identifying information:
- Information provided by users at the time of sign up and in their profile page;
- Geolocation of users (if they agree to share it) and IP address;
- Events, messages, likes and other content posted, or actions taken by the users;
- Usage data, such as timings of actions taken by users in the Minsh App.
Who has access to the data?
Two parties have access to the data of a Minsh App:
- The Data Controller. Our client who owns the Minsh App. They have full access to the data, i.e. the entire content of their Minsh App’s database.
- Minsh and its sub-processors. Since we run and maintain our Service on the cloud, Minsh and its cloud infrastructure sub-processors have access to the Minsh App’s database. The current list of our sub-processors is maintained in Schedule 1 to our Data Processing Agreement. Minsh staff do not directly access the data of a Minsh App unless the Data Controller asks us to look into a specific issue.
How do you store the data of multiple apps?
Each Minsh App has its own individual database and API endpoint. No data is shared across Minsh Apps.
What processes are you running on the data you store?
The main processing activity is operating the Service itself — storing and serving the data your users post, retrieve and interact with through the Minsh App.
In addition, we compute aggregated weekly or monthly analytics reports for each Minsh App. These reports include general activity information such as the number of new users, the number of active users, and the number of messages posted. They may also include limited personal data, such as the usernames of the top three most-liked posts, to help the Data Controller engage with active users. Reports are shared only with the Data Controller (and the recipients the Data Controller designates), and are never shared, sold, or further processed beyond that purpose.
What happens when something or someone is deleted from the app?
As soon as content (such as messages, events, comments, pictures, items, etc.) is deleted from the app, it is removed from the active database and is no longer accessible to users or administrators. When a user account is deleted, the user’s profile information is removed from the active database, and content previously posted by that user is either removed or anonymized, depending on who initiates the deletion (the user themselves or an administrator). Deleted data may remain in our backups for up to twelve (12) months before being automatically overwritten (see below).
Do you backup the data?
Yes. Minsh has been building apps since 2013 and has never experienced any data loss, but we always prefer to be safe. We automatically back up each Minsh App’s database every 24 hours.
How long do you keep backups?
We keep backups for up to twelve (12) months for operational and recovery purposes, after which they are automatically overwritten.
This means that if a user deletes their account, it can take up to twelve (12) months for their information to be fully overwritten across all backups. In the unlikely event that we need to use a backup to restore a database, we notify the Data Controller so they can communicate with affected users and take any further measures required.
Where is the data physically stored?
Minsh uses established cloud infrastructure providers as its sub-processors. The current list of sub-processors is maintained in Schedule 1 of our Data Processing Agreement. Customer Data is stored in data centers located in the European Union or the United States, depending on operational requirements and the location of the Data Controller and its users. We use the location closest to your users to ensure the best response time possible.
Is the data encrypted?
Information is encrypted while it travels between the Minsh App and our servers (using the standard secure-connection technology you see on banking sites and shopping carts — what makes the little padlock appear in your browser).
Once the data reaches our servers it is stored in our cloud infrastructure providers’ secure data centers, which Minsh and our providers can access in order to operate the Service. Note that user passwords are encrypted so that no one — not even Minsh — can read them.
The security of your data is important to us, but please remember that no method of transmission over the Internet, or method of electronic storage, is ever 100% secure. While we strive to use commercially acceptable means to protect data, we cannot guarantee its absolute security.
What happens in case of a security incident?
If we become aware of a security incident affecting a Minsh App’s data, we notify the Data Controller without undue delay so that the Data Controller can in turn meet its own notification obligations to its supervisory authority and to affected users where required. We then work with the Data Controller to investigate, remediate and contain the incident.
Have you appointed a Data Protection Officer?
Minsh has determined that it is not required to appoint a Data Protection Officer under Article 37 of the EU GDPR or under the equivalent provisions of the UK GDPR, the Swiss FADP, or the Australian Privacy Act. The Data Controller is responsible for appointing its own Data Protection Officer or equivalent role where required by applicable law.
How do users withdraw their consent or delete their account?
Users can delete their account at any time directly from the Minsh App’s settings page. If they need help with the process, they can also fill in the feedback form available in the same settings page; the message is transmitted to the Data Controller’s appointed representatives and to the team at Minsh, who will assist them.
Can a user transfer her data to another organization?
Yes. A user’s profile and sign-up details can be exported in a human-readable format for transfer elsewhere. To proceed, the user fills in the feedback form in the Minsh App’s settings page. The request is transmitted to the Data Controller’s appointed representatives and to the team at Minsh, and we provide the requested data to the user without undue delay.
What terms and policies does the user agree to when signing up?
Each Minsh App has its own Terms of Use and Privacy Policy, defined by the Data Controller. They are always available on the Minsh App’s sign-up page and on its settings page.
What terms and policies does the user agree to when signing up?
When a user signs up to a Minsh App, they agree to that app’s Terms of Use and Privacy Policy. These documents are written by the organization that runs the app — our client — and not by Minsh. To make things easier for our clients, we provide them with a basic template they can adapt to their needs, but the final content of these documents is their responsibility. Users can always find both documents on the Minsh App’s sign-up page and in its settings.
What terms and policies does the Data Controller agree to when ordering a Minsh App?
Follow these links to read our Terms of Use (which include our Data Processing Agreement) and our Privacy Policy. You must agree to both in order to purchase a Minsh App.
Any further questions? Feel free to contact us at any time!