beta

Widgets
Requests

Abyss Privacy Policy


Effective Date: April 26 th 2024

This Privacy Policy describes how Abyss (we, us, or our) collects, uses, and discloses your information when you use our services (Services). We are committed to protecting your privacy and providing you with a clear understanding of how we handle your data.


1. Data Collection

We collect information about you in the following ways:

  • User Registration and Profile Information: When you create an account, we require

    • the following information:

    a) Last Name and First Name: To identify you and personalize your experience.

    b) Email Address: To create your account, communicate with you about the

    Services, and send important updates.

    c) Username: A unique identifier displayed publicly.

    d) User Location (optional): To potentially offer location-specific features in the

    future (with your consent).

    e) IP Address: Collected for security purposes and to understand general user

    demographics.

    f) User Skills (optional): To personalize your experience and potentially match you

    with relevant features or users.

    g) Avatar: A visual representation of you displayed publicly.

  • Payment and Subscription Data (if applicable): We do not store any payment

    • information ourselves. All payment processing is handled by Stripe, a secure third-party

    payment gateway. Stripe collects your payment information (credit card details and

    billing address) to process your subscription payments.

  • Widget Interaction and Usage Data: We track user activity within our widgets through

    • logs stored in MongoDB. This data helps us understand how users interact with the

    platform and identify areas for improvement.

    a) Specific data points tracked: We track which widgets users access, how

    frequently they use them, and potentially user inputs and outputs within the

    widgets (depending on functionality). This data is used for internal analysis only.

  • Communication and Feedback: Currently, you can contact us by email. We store the

    • content of your emails and reports submitted through the reporting functionality. This

    information helps us address your inquiries and improve the Services.

  • Technical Data and Cookies: We collect some technical data automatically:

    • a) IP Address: Used for security purposes and to understand general user

    demographics.

    b) Auth Tokens: Used to identify and authenticate users during their sessions.

    c) (Planned) Visit Duration: Tracks how long users spend on the platform (not

    implemented yet). We use cookies to store session information and user

    preferences. You can configure your browser to block cookies, but this may limit

    your ability to use certain features of the Services.


2. Data Usage and Purpose

We use the information we collect for the following purposes:

  • To provide and maintain the Services: This includes user account management, delivering core functionalities of the widgets, and ensuring platform performance.
  • To personalize your experience: We may use your information to personalize the content and features you see on the platform based on your profile and activity.
  • To process payments (if applicable): We rely on Stripe to securely process your subscription payments. We do not store any payment information ourselves.
  • To improve the Services: We analyze user activity data to identify areas for improvement, develop new features, and enhance the overall user experience.
  • To analyze how users use the Services: We use anonymized and aggregated data to understand user trends and improve the platform.
  • To communicate with you about the Services: We may send you emails about important updates, security notices, and promotional offers (with your consent).
  • To respond to your inquiries and requests: We use your communication data to address your questions and concerns effectively.
  • To comply with legal and regulatory requirements: We may be required to disclose your information if necessary to comply with a law, regulation, or legal process.

3. Data Sharing and Third Parties

We share your information with the following third-party vendors who provide essential services for our platform:

  • Stripe: A secure payment gateway that processes your subscription payments. Stripe collects your payment information (credit card details and billing address). We do not store any payment information ourselves.
  • AWS: We store all our data on Amazon Web Services (AWS) for secure and reliable storage.
  • Google: We use Google Analytics and Google Search Console to analyze how users interact with the Services. We may also use Google for authentication purposes (depending on functionality).
  • Sentry: We use Sentry to track and troubleshoot errors in our Services.

We take data security seriously and require all third-party vendors to comply with strict data

protection standards. We are currently working on establishing formal data processing

agreements with each vendor to ensure they have appropriate safeguards in place to protect your data.


4. Security and Compliance

We take reasonable steps to protect the information we collect from you from loss, misuse


4. Security and Compliance (continued)

We take reasonable steps to protect the information we collect from you from loss, misuse,

unauthorized access, disclosure, alteration, and destruction. These steps include:

  • Encryption: We encrypt user passwords in the database using bcrypt, a secure hashing algorithm.
  • Access Controls: We implement access controls to restrict access to user data to authorized personnel only.
  • Token Protection: We protect authentication tokens from Cross-Site Request Forgery (CSRF) attacks to prevent unauthorized actions on your account.
  • Secure Storage: We store all user data and secret keys securely within the AWS environment, adhering to their security best practices.

5. User Consent and Control

By using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. You have the following rights regarding your personal data:

  • Right to Access: You have the right to request access to your personal information that we collect and store.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information about you.
  • Right to Erasure: You have the right to request that we delete your personal information, subject to certain limitations.
  • Right to Withdraw Consent: You can withdraw your consent for us to collect and process your data at any time. However, this may limit your ability to use certain features of the Services.

6. Data Retention

We will retain your personal information for as long as your account is active or as needed to

provide you with the Services. We may also retain your information for a longer period as

necessary to comply with legal obligations, resolve disputes, and enforce our agreements.


7. Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect

personal information from children under 13. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.


8. California Consumer Rights

Under the California Consumer Privacy Act (CCPA), California residents have the following

rights regarding their personal information:

a) Right to Know:

California residents have the right to request disclosure of the following information:

  • The categories of personal information collected about them.
  • The sources from which the personal information is collected.
  • The business or commercial purpose for collecting or selling personal information.
  • The categories of third parties with whom the personal information is shared.

Upon receipt of a verifiable request, Abyss will provide a comprehensive response detailing the requested information within 45 days, unless an extension is necessary.

b) Right to Access:

California residents have the right to request access to specific pieces of personal information collected about them by Abyss. Upon receipt of a verifiable request, Abyss will provide a copy of the requested personal information in a portable and readily usable format within 45 days, unless an extension is necessary.

c) Right to Deletion:

California residents have the right to request deletion of their personal information collected or maintained by Abyss, subject to certain exceptions. Abyss will honor verifiable deletion

requests, unless retaining the information is necessary for one or more of the following purposes:

  • Completing the transaction for which the personal information was collected.
  • Detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Complying with a legal obligation or exercising rights under the law.

Upon receipt of a verifiable request for deletion, Abyss will delete the requested

personal information and direct any service providers to do the same within 45 days, unless an extension is necessary.

d) Right to Opt-Out:

California residents have the right to opt-out of the sale of their personal information by Abyss to third parties. Abyss does not sell personal information for monetary or other valuable consideration. To exercise their right to opt-out, California residents can click on the Do Not Sell My Personal Information link on our website or contact us using the information provided below.

e) Verification Process:

To protect the privacy and security of California residents, Abyss will verify the identity of individuals making requests to exercise their rights under the CCPA. Verification may involve matching the information provided in the request with information already maintained by Abyss or requiring additional information to confirm the identity of the requester.

f) Authorized Agents:

California residents can designate an authorized agent to make requests on their behalf under the CCPA. Authorized agents must provide written authorization from the California resident and verify their own identity with Abyss.

g) Exercising Rights:

California residents can exercise their rights under the CCPA by contacting us using the contact information provided below.


9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or

comply with legal requirements. We will notify you of any changes by posting the new Privacy Policy on this page. We recommend that you review this Privacy Policy periodically for any updates.


10. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@abysshub.com.