Short-Form GDPR Compliance

Our team has received multiple inquiries about our service’s compliance with GDPR. We answer these individually, but here’s a short-form of the types of questions that we answer.

Let’s get the first few questions out of the way;

Who Owns Your Data?

The answer is in the question: you do.

As is clearly stated in our Terms of Service, you own your data. Kolab Now doesn’t touch it.

Analogously, we’re not breaking down the lock on your post box or door to get to the stack of mail, let alone open and reseal the envelopes.

Does Kolab Now Analyze Data?

The short answer: no.

Neither Kolab Now, the service, nor its staff, nor any third party analyze any of the data hosted with or communicated through our service. As per our terms of service (again), the only means through which a third party may process data are either a) unlawful or b) duly authorized through the Swiss judicial system (i.e. a warrant).

Further protection can be found in the Terms of Service; any change to this policy requires we a) notify you and b) allow you to review the changes, for a 30-day period, with discretionary discontinuation of the service free of any penalties should you choose to.

Typically, data would be processed for statistical purposes, or applied some advanced algorithms to, in order to a) improve service, and/or b) improve sales.

However, we sell a service that is otherwise referred to as the world’s privacy asylum. That’s the direct source of funds for improvement of the Free and Open Source Software product and thus service. Kolab Now does not, and as just highlighted, will not, without your explicit consent, use any of your data or derivative statistics or clever analysis to improve sales to anyone, because we sell to you.

What Data Does Kolab Now Hold?

Clearly, our service is of a nature that holds your most personal, confidential, intimate, private and revealing information — and some of that for those you communicate and collaborate with. This data is under your direct control. It is also already available to you for export, as it has been ever since we started.

If you think of this data as being or having been collected by Kolab Now — albeit I would object against the implications of using the word “collected”, which implies an active role on our part — then it would fall under the data strictly necessary to render the service on offer. One question resulting from this approach is of course; “What does Kolab Now do with this data?” The answer is too simple: nothing. You do.

In the realm of other personal information we hold, this typically still leaves your record of purchase, in the form of the account information you provided such as your name and optionally an address, and such and so forth. This data is reduced to a customer number and an anonymous version of the transaction (customer number and a UUID) at the point of termination of the account.

In the realm of what happens with your account while it is active, we keep the following logs for up to six months (but no more) — think of this information as the same type of metadata a telecommunications provider would be required to retain.

  • Successful and unsuccessful login attempts, including source IP address,
  • Mail submissions, including source IP address,
  • Mail received, including sender address.

One thought on “Short-Form GDPR Compliance

Comments are closed.