Security and Compliance

Last Modified: 6 June 2023

At our company, data privacy and security are of utmost importance. We prioritize the protection of your information by selecting trusted services and implementing industry-leading security practices. Our commitment is to surpass your expectations when it comes to data processing and safeguarding.

Rest assured that we adhere to strict policies; therefore, we neither read, copy, nor store your conversations. Your privacy is our top priority, and we strive to maintain the highest standards of confidentiality and data protection.

Cloud Hosting

Our infrastructure services and data are hosted exclusively on Amazon Web Services (AWS). All operations are conducted within US facilities.

Encryption and Secure Transmission

All data is securely transmitted over HTTPS/TLS, encrypted both in-transit and at-rest. We employ KMS to encrypt sensitive data, and the keys are automatically rotated to ensure the utmost safety of your information. With our premium plan, we take client-side encryption a step further by extending it to all of your text data, and the encryption keys are regularly rotated.

Service Monitoring

We are dedicated to delivering exceptional availability and performance for our services, catering to our valued customers worldwide.

Authorization and Permissions

Authorized access to customer data is meticulously restricted to personnel with job functions that necessitate it. Furthermore, our robust client-side encryption shields your data against queries within the database.

Secure Authentication

We seamlessly inherit your Slack workspace's authentication settings, including SSO (Single Sign-On) or 2FA (Two-Factor Authentication), providing a seamless and secure authentication experience. Our implementation of OpenID Connect (OIDC) adds an extra layer of security on top of OAuth v2, a widely adopted industry standard.

PCI Compliance

Payments are securely processed through Stripe, our trusted payment processor. We do not store or handle any of your payment information directly. For detailed information regarding Stripe's PCI compliance and security policies, we encourage you to review their official documentation and guidelines.

GDPR-Compliant Data Protection

Our service is designed with strong adherence to GDPR principles, placing a high emphasis on protecting your data privacy and security. With robust safeguards, strict access controls, and transparent practices, we strive to ensure your personal information is handled responsibly. You can trust that we prioritize your data protection and provide you with the necessary tools and controls to manage your privacy preferences.

Data Subject Rights Request

For any deletion requests or updates regarding your data, please reach out to our Data Protection Officer (Hussachai Puripunpinyo) at dpo@tailrec.io. He will assist you promptly and ensure that your requests are handled in accordance with applicable data protection regulations.

Sub-processors

Bubble Tea makes use of some third party services (sub-processors), which have access to limited personal data. These sub-processors support the core offering of the Bubble Tea service. Sub-processors provide services such as cloud infrastructure, email, service monitoring, file storage, analytics, and payments processing. Before engaging a sub-processor Bubble Tea reviews the security and privacy practices of the sub-processor and if applicable takes additional steps to ensure a high standard of privacy practices.

Last updated: June 7, 2023

Sub-processor	Service Provided	Location
Amazon Web Services (AWS)	Cloud Infrastructure: Database, Logs Processor, Monitoring System, Domain Name System (DNS), Message Queue System (MQS), Key Management System (KMS), Content Delivery Network (CDN) etc.	United States
Stripe	Payment Processing: Bubble Tea securely transfers your payment information to Stripe for processing. Bubble Tea does not store your payment details but retains the payment status and references received from Stripe.	United States
Google	Website analytics: It's important to note that Google Analytics v4 itself is not GDPR compliant. However, Bubble Tea implements IP anonymization to ensure compliance with GDPR requirements. By anonymizing IP addresses, which are considered personal data, Bubble Tea protects your privacy. For more detailed information, please refer to our privacy policy.	United States
Slack	Collaboration platform.	United States
Giphy	Bubble Tea integrates with a GIF service to provide users with animated GIFs. It's important to note that Bubble Tea only passes the search keyword to the GIF service. If you do not utilize this feature, Bubble Tea does not make any calls to the GIF service. Your privacy is respected, and the GIF service is only invoked when explicitly requested by users.	United States