In this article, we gather our most frequently asked questions about Minsh’s legal and technical processes. This article was last updated on June 8th, 2018.
We strive to keep this article up-to-date at all times, but there may sometimes be a delay between the time changes are being applied to our processes, and the time these changes are reflected in this FAQ. If you request any clarification or need the most up-to-date information, please, contact us for an update.
We address below the different questions that arise with respect to privacy, and the entry into force of the GDPR in May 2018. You can find more about GDPR in this GDPR FAQ.
In order for Minsh Apps to function properly, we store the following data. Some of it may contain users’ personally identifying information:
- Information provided by users at the time of sign up and in their profile page,
- Geolocation of users (if they agree to share it) and IP address.
- Events, messages, likes and other content posted, or actions done by the users.
- Usage data, as in timings when actions are done by the user in the Minsh App.
As far as we are concerned, only 2 parties have access to the data of a Minsh App:
- The Data Controller. In other words, our clients who own a Minsh App. They have full access to the data, i.e. the entire content of their Minsh App’s database.
- Minsh and its Sub-Processors. Since we run and maintain our Service on the cloud, Minsh and its Sub-Processors have access to the Minsh App’s database. Note that all our Sub-Processors comply with GDPR, and that Minsh never directly accesseses the data of a Minsh App unless the Data Controller requests us to check upon an issue.
Each Minsh app has its own individual database and API endpoint. No data is shared across Minsh Apps.
We use the data to compute weekly analytics reports. The reports include general information on the past week’s activity, like the number of new users, number of active users, most liked posts, etc. Only a designated team at Minsh and the recipients appointed by the Data Controller receive these reports. We never share them, sell them, or further process them.
As soon as some content (including, but not limited to messages, events, comments, pictures, sponsors, etc) is deleted from the app, it is entirely and permanently deleted from the Minsh App’s database. As soon as a user is deleted from the app, all the user information, along with all the content ever posted by the user are permanently deleted from the database.
Yes we do. Minsh is an app builder that has been running for many years. Since 2013 when we started building apps, we never experienced any data loss. However, it’s always better to be safe than sorry. That’s why we do automatically backup each Minsh App’s database every 24 hours.
We normally keep backups for 1 month, but never more than 2 months. Since 2013 when we started building mobile apps, we never lost any data, nor has there ever been a breach. We have all intentions of keeping it that way, but we do save backups for 1 to 2 months to make sure we can relaunch the app and restore the database with minimal data loss, should there be an issue.
It means that if a user deletes her account, it may generally take 1 month, and sometimes up to 2 months for her information to be permanently deleted from all backups. Obviously, in the unlikely event that we need to use a backup to restore a lost database, we notify the Data Controller so that the information can be transmitted to the users and measures taken if some user had deleted their account in-between.
Minsh uses 2 major Data Processors (that we call “Sub-Processors”) to maintain, transfer and deliver data. They both comply with GDPR:
- Amazon Web Services, Inc (AWS)
- Vultr Holdings Corp. (Vultr)
We use servers situated in Asia, USA, and Europe. The physical location of a specific Minsh App’s server depends on the physical location of our clients and their users. We use the server the closest to them to ensure the fastest response time possible.
Yes, the data is end-to-end (e2e) encrypted. It means that when we transfer information from the Minsh App to the server and back, we use SSL encryption, which helps keeping the user data safe, should a packet be intercepted by a malicious third party individual.
In addition to e2e encryption, we make sure that the servers we use are regularly updated with the latest security patches.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is ever 100% secure. While we strive to use commercially acceptable means to protect data, we cannot guarantee its absolute security.
If we notice malicious activity on an app’s server, or suspect a breach, we inform and confer with the Data Controller within the next 24 hours so that measures can be taken, depending on the criticality of the breach and its potential impact on users.
No, we haven’t, as the way we process data does not include any large-scale monitoring of data subjects. Note that it is up to the Data Controller to appoint their own Data Protection Officer, depending on how they use and process the data.
Users can always withdraw their consent by filling the feedback form available in every Minsh App’s settings page. The message is immediately transmitted to an appointed representatives of the Data Controller, as well as the team at Minsh. The Data Controller is then responsible to delete the user account, with our assistance if required.
Yes, all the personal information of a user, i.e. profile and sign up details can be exported into a human-readable format to be transferred somewhere else. To proceed, the user needs to fill the feedback form in the Minsh App’s settings page. The feedback is immediately transmitted to the appointed representatives of the Data Controller, as well as the team at Minsh. Our team at Minsh is then responsible to provide the user with the requested data without delay.
Any further questions? Feel free to contact us at any time!