GDPR Commitment

GDPR

Below you will find GDPR statements, privacy policy changes, data processing addendums, and everything else associated with this regulation.

We at Qbox (as well as our product brand, Supergiant), believe in the necessity of the EU’s General Data Protection Regulation and wanted to add our statement as well.  While it is definitely true that our Privacy Policy, Terms of Service, and data collection preferences have been updated, and while some of you may require a DPA (Data Processing Agreement) to cover your use of our infrastructure, they are lengthy and written in legalese.  This post is meant to provide plain-English descriptions of what we have added and changed in our processes to comply with GDPR.

Before we go further, let us state clearly that we do not, nor have ever, sought to analyze, combine, collate, provide to a third party, or otherwise draw insights from any data that resides on our customer’s clusters. For the purposes of delivering uptime and availability, we mostly access machine-generated data pertaining to the health of your cluster and your indexes. The exception to this is when we collect data about our customers during the normal course of providing our service.

A Condensed List of What We Have Done

We have:

  • Modified our Privacy Policy to more fully comply with the regulation’s requirements for cookie tracking.
  • Created a “cookie-bot” tool that allows users to know and to modify what is being tracked about their behavior on the site
  • Appointed a Data Protection Officer
  • Obtained our own Data Processing Addenda from third parties that we use for sales, support, and marketing purposes.
  • Created a Privacy Center, which more transparently explains your options
  • Created a “Right to Be Forgotten” form for users who wish us to expunge completely any information that we have collected
  • Defined our data retention policies with regard to our sales, support, and marketing data
  • Streamlined support processes to ensure maximal compliance with the regulation when interacting in real time with our support staff

Who Is Subject to GDPR?

The regulation is pretty clear that both our company and our customers are subject to the regulation, by definition, no matter where your business is domiciled.  Our business of hosting infrastructure, specifically databases like Elasticsearch and container orchestration like Kubernetes, means that the likelihood is high that, even if you do not reside in the EU, you have data on residents of the EU.  Second, we broke down our data collection efforts into three processes: “using our service”, support, and sales and marketing. Each of these will be discussed below, but if you are reading this, you are probably most keenly seeking our compliance for your downstream data.

Do I Need to Obtain a Data Processing Addendum (DPA)?

Unless Qbox acts as Data Processor by hosting your nodes, a Data Processing Addendum is not required.

What Has Changed In Your Privacy Policy?

We disclose the third parties that we use for aggregating and analyzing our sales, marketing, and support data that is collected for the purpose of delivering our service. With this data, you have the right to:

  • View the information that we collect with our cookie-bot
  • Request your “Right to Be Forgotten”
  • Request “data portability”, or for us to export what we know about you and send it to you

We also have disclosed our data retention policy for customers that are no longer customers of Qbox.

How Will I Know That Your Vendors Are Compliant?

We have compiled a list and obtained our own DPA’s from vendors.  Please contact our support team if you would like to review it.

How Can I Contact Your Data Protection Officer?

Qbox has hired an attorney specializing in privacy issues and data protection compliance to be our Data Protection Officer (DPO).  The DPO will be regularly auditing our practices to ensure compliance with our handling of sales, marketing, and support data, as well as protecting the security and transfer of the data residing on our customers’ nodes.  All inquiries can be directed to privacy@qbox.io.

Conclusion

We could not be more aware that SLA Support and our competency at managing clusters at scale is the sole reason customers pay us in the first place.  We hope that these changes will give you the confidence to both trust our service and be compliant yourself.