Last revised on September 13th, 2022
HeyTaco's approach to your privacy boils down to doing the right thing. You should never feel surprised about the information we know about you or when we contact you. Every interaction should be valuable to both you and HeyTaco. If you ever feel like the information we know about you is surprising, please let us know.
When it comes to being stewards of your information, we'll do the right thing and won't use your information without your permission. We strive to collect the least amount of information possible. Your information takes up space, and we like space.
Why should you trust HeyTaco?
Because you support HeyTaco with your financial support, our relationship with you helps us achieve our company vision. It's not good to anger people you're in a relationship with. That isn't good for the taco business, our happiness, and helping spread kindness worldwide.
Here's a list of sections to learn more about your privacy:
- What we collect and why
- Where your information is stored and what protections
- Cookies and how we use them (hint: we don't eat them)
- Who has access to your data
- How can you control your data
First, a note about who you are
If you use HeyTaco's Services, you are either a Member or an Administrator. Your HeyTaco Community is made up of Members and Administrators. Administrators have access to all Member data and have control of your Community's settings and data.
If you are not an Administrator and have data questions, requests, or concerns, please get in touch with your Administrator so they can fulfill your needs. If you cannot contact your Administrator or have a dispute, please get in touch with us at [email protected].
What we collect and why
When an Administer adds HeyTaco to your chat platform (e.g., Slack, Microsoft Teams, Discord), we collect information necessary for our Services to function. But, of course, we also collect information if you give it to us.
Any of the information we collect from you may be used in one of the following ways: (a) Personalize your experience. (b) Better respond to your individual needs. (c) Operate and improve our Services. (d) Improve customer service. (e) Contact you.
Here is what we collect and why:
Names and URLs of chat platforms you use with HeyTaco
- Used to display names in the product, identify your platform for support, and associate information about your platform to itself.
The number of people in your chat platform
- We use this for product functionality and internal reporting.
Your name and display name
- To identify you in the product so we and people in your group can find you.
- This is a picture you've chosen to represent yourself. It's collected from the image you're using in the chat platform with HeyTaco.
- Your account admin uses this to relate your information to other record systems.
- If you are an Administer, we may use your email to contact you regarding your product usage. This includes billing, troubleshooting, cancellation reasons, and welcoming you to the product. We strive to send the least email possible.
- If you are a Member, we won't email you unless you or your Administer permits us to do so.
- To operate, maintain, and provide the features and functionality of our Service, we only collect needed information, including; message, timestamp, giver, receiver, and where the message was located (e.g., channel name, chat platform).
- We only save messages directed at the HeyTaco application. This means we cannot see all the messages in your chat platform. To see messages, they must:
- Slack — (a) Have a taco emoji in the body of the message, or the message has been reacted to with a taco emoji reaction. (b) Be in a channel or group message that HeyTaco has been invited to as a member.
- Microsoft Teams — (a) Have a taco emoji in the body of the message; this excludes messages that have been edited to include a taco emoji. (b) Be in a channel or group message that HeyTaco has been invited to as a member.
- Note: HeyTaco Administrators can disable data retention on the Settings page within HeyTaco. When disabled, only the total number of tacos is saved and not the messages.
If you have any questions about the information we collect, please contact us at [email protected].
Where your information is stored and protections
Security and Storage
We use Heroku and Amazon Web Services as hosting providers in the United States to store and protect your information. They are up-to-date, set up with the latest security standards, and undergo recurring security assessments to protect your information.
When you submit information via our Service, your information is protected and encrypted at rest and in transit through secure connections. We implement a variety of security measures to maintain the safety of your personal information. If your data is exposed to an unknown 3rd party, we will notify you within 72 hours of the reported incident.
HeyTaco may transfer your data to countries you don't live in. We offer European Union Model Clauses, known as Standard Contractual Clauses, to meet General Data Protection Regulation requirements for Administrators and Members who are citizens of the European Union. A copy of our data processing addendum, including Model Clauses, is available by contacting us.
If you have any questions about data security and storage, please contact us at [email protected].
How long do we retain data about you?
We use historical data about people who use our Services to generate internal research reports and for you to view historical information about your usage.
If you stop using the Service, your data is also available to Administrators for your HeyTaco account. Administrators can use your old data to see historical taco giving, messages you gave and received, and any other data collected about you.
We remove your data after an Administrator removes or stops using our Services, and sufficient time has passed to warrant data removal. The Administrators for your account are responsible for your data. In most circumstances, they must approve of any data removal or modifications. If you are a Member of the European Union and your Administrator will not request to remove your data, please get in touch with us at [email protected].
Cookies and how we use them (hint: we don't eat them)
Cookies are small files a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow), enabling the sites or service providers' systems to recognize your browser and capture and remember certain information.
- To keep you logged in to the website.
- Our customer support software has cookies that enable onsite support widgets and help us better assist you.
If you have questions or feedback about the cookies we use, please let us know at [email protected].
Who has access to your information?
Your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the Services requested. We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. Below is a list of current third parties that may have access to your data.
|Stripe||https://stripe.com||Billing and payment processor for purchases. (Administrator contact data only)|
|Heroku||https://www.heroku.com||Hosting provider for app and data storage.|
|Amazon Web Services||https://aws.amazon.com||Hosting provider for app and data storage.|
|Google Analytics||https://www.google.com/analytics||Service analytics to track and analyze Service usage.|
|ProfitWell||https://www.profitwell.com||Helps us do billing updates and analyze subscriptions. (Administrator contact data only)|
|HotJar Ltd.||https://www.hotjar.com||If you leave your name or email in a survey, it’s stored with HotJar until we remove it.|
We may also release your information when we believe it is appropriate to comply with the law, enforce our site policies, or protect others' rights, property, or safety. However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses. An example would be creating an advertisement about how people who use HeyTaco on Slack recognize each other X times per month on average. This is where you aggregate data to make it so the people behind it cannot be identified.
How can you control your data?
You will have different rights regarding your data if you are an Administrator or Member. If you are an Administrator, you can request us to send, remove or modify any information about your account. You can export data on the Admin page of your HeyTaco site or by emailing us. To permanently remove your data, you must email us at [email protected], and we will remove your data within 30 days of notice.
If you are a Member, you can export some of your data on your Profile page. If you would like to view, modify, or remove all or some of your data, please contact your Administrator and have them email us to do so. If you don't know your Administrator or have questions, please email us at [email protected].
Data Protection Authority
Subject to applicable law, you have the right to (i) restrict HeyTaco's use of your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and would like to complain, please contact your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here. (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)