Last updated: June 21, 2023
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that allows EU citizens and residents to have access and control over their personal data. If your business is based in the European Union (EU), or you process the personal data of individuals in the EU, the General Data Protection Regulation (GDPR) affects you.
Is Marker.io GDPR Compliant?
Marker.io SRL is based in Belgium (EU) and complies with the GDPR framework. Here are the following measures we took to become compliant
We have a Data Processing Agreement available for you.
We only share data with service providers that are also GDPR compliant. You can see our list of sub-processors here.
All data is encrypted both in transit and at rest, and stored in Europe.
Right to be forgotten: All data you created in Marker.io can be deleted from our database and our sub-processors.
Right to request personal data: All data can be exported inside the app. For batch data exports, you can send a request to firstname.lastname@example.org
Data accessibility: You have full control of the information you collect, store, and manage with Marker.io
We created tools to ensure you can exclude sensitive or personally identifiable information from being collected
What personal information does Marker.io collect?
It’s important to understand that Marker.io collects data about two main types of users.
Users with a login: When you create a Marker.io account as an Admin, Member or Guest, we collect basic information such as Full name, Email address, Profile picture, IP address, Operating system, and Browser (Type, Version).
End-users / reporters: Anyone submitting feedback via Marker.io’s widget. For these users, Marker.io collects basic information such as Full name & Email address, and device info (OS, Browser, …). In addition, there are two types of other sensitive data your Marker.io admin could send to Marker.io when collecting feedback via the widget.
Admins can actively send any custom attributes about reporters via our custom metadata feature.
Admins can passively collect sensitive data that might be embedded in the page content of your website. Since Marker.io’s widget can capture screenshots, record videos, and replay sessions, the widget admin may collect personal information that your end users are typing into fields or that might get displayed on pages of your website or app. Luckily, we have created tools to help widget admin suppress the collection of personal and sensitive data.
Where is data stored and processed?
Marker.io stores all customer data in Europe. All data is processed with Amazon Web Services (AWS). Learn more about our Security Program here.
Is Marker.io a data processor?
It is important to note that Marker.io is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance.
We are a controller with respect to our visitors and customers interacting with any domain within our control (e.g. www.marker.io, app.marker.io, help.marker.io, etc.). For example, when someone visits our website or creates an account, we act as a data controller.
We are a processor (and occasionally a subprocessor) with respect to the end users whose data Marker.io receives: our customers’ users. For example, feedback items that are collected by our widget and stored in your Marker.io account fall under Marker.io as Data Processor. When you install Marker.io’s widget on your website and collect feedback items from your end-users, we act as a data processor, while you are the controller of your user’s data.
Do you enter into Data Processing Agreements (DPA)?
Yes. We do offer a DPA here -> https://marker.io/dpa
What happens with data collected by Marker.io?
Marker.io is the provider of a website widget service and not the owner of the feedback items created by the widget. The widget creator is responsible for the data he/she collects and is thus the data controller of the reporter’s data. In this case, we act as a data processor.
How do you use my data?
Marker.io acts as a data controller in the relationship between Marker.io and our customers (widget admins), for the personal information they give us in order to use our service (registration information for example).
Marker.io does not sell personal data to third parties and never will. We only share your information with our service providers who help us operate our business, in which case those third parties are required to comply with the GDPR framework.
How long do you keep my data?
We keep your usage data indefinitely unless you request deletion by contacting us directly or by deleting your feedback items, user account, or entire workspace data yourself. As long as your account is active you (as the widget admin) have full control over the data you collect and delete.
We honor all deletions, and all data which has been deleted by you is permanently deleted from our back-ups within 90 days, and from our sub-processors.
How will Marker.io empower me to honor my users' requests around their own personal data?
Widget reporters have the right to access their personal data or to request it to be removed. As a Marker.io widget admin, we recommend that provide your reporters with a way to do so. This can be as simple as sharing an email address that reporters can send their requests to.
You can delete or export feedback items from your account if a reporter asks you to do so. We honor all deletions from an account, and all account data which has been deleted by you is permanently deleted from our back-ups within 90 days.
Right to be forgotten: Marker.io admin users can delete reporters’ information or contact us at email@example.com
Right of access: Your users may contact you to request to access information that you hold about them. You can get that information inside your Marker.io account or contact us at firstname.lastname@example.org
Where can I get more info about privacy?
What are your company details?
Marker.io SRL (055.668.59.68)
Rue d’Alost 7