Privacy Regulations Reference

Last updated: June 6, 2022

The data privacy regulatory landscape is undergoing a lot of change. You probably have heard about the EU General Data Protection Regulation (GDPR) that went into effect on May 25, 2018. There are also other regulations in effect or in the works around the world. We’ve written up this reference document to put helpful information regarding our products and privacy regulations in one place. Please also view our full Privacy policy.

If you have any questions, comments, or concerns about our Privacy policy, your data, or your rights with respect to your information, please email us at privacy@kicstoms.com.

European Union General Data Protection Regulation (GDPR)

Basecamp is an American company and our data infrastructure is currently based in the US. That means if you are in another country in the world and you use our products, your data are transferred to the US. The EU has stronger privacy laws than the US and a core tenet of the GDPR is that if you transfer any personal data of EU residents out of the EU, you must protect it to the same level as guaranteed under EU law. There are two factors to this:

1. The practices that businesses take handling personal data; and
2. The laws of the countries where you transfer the EU personal data to

Practices we have at Kicstoms

We are serious about treating our customers fairly. We have a Customer Bill of Rights and five of the eight rights are about your control of your data, your right to privacy, and the security measures we put in place to protect your data. These rights apply to all of our customers, regardless of where you are in the world.

We’re able to offer this Customer Bill of Rights because of the choices we make as a business. Please do read our Privacy Policy and our Security Overview in full. Some highlights:

• We never have and never will sell customer data.
• We don’t run ads for other services in our products.
• We limit the data we collect: if we don’t need it, we don’t ask for it.
• We limit the permissions our apps request on your devices.
• We put a lot of security measures into place including in-transit encryption, encryption at-rest, and requiring employees and contractors to sign non-disclosure agreements.
• When you email us at privacy@kicstoms.com, someone from our Privacy Working Group will get back to you. You are always speaking with a human! No bots.

We do work with sub-processors. We’ve listed links to our current sub-processors at the end of this page. With each vendor, we assess their commitment to privacy and we sign a data processing addendum with them that include the controller-processor Standard Contractual Clauses.

Last but not least, we know privacy regulations are constantly evolving. We root for stronger consumer privacy laws! Several Basecampers are members of the International Agency of Privacy Professionals and use IAPP resources alongside legal counsel to stay aware of relevant changes in the regulatory landscape.

Subprocessors

Kicstoms uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into data processing agreements including GDPR Standard Contractual Clauses with each subprocessor, and require the same of them.

You can see which subprocessors we use by application by viewing the following linked lists:

• Kicstoms subprocessors
• Kicstoms Sellers’ Lounge subprocessors

We also use other software as a company that are not part of providing our services but may collect your personal information for other purposes. You can view this list of processors in the following page: Company processors