Read the following sections to learn about:
- which data we store and our reasons for doing so,
- where we store your data, and
- how we protect your data.
- “We” (also “us” or “our”) are BeDataDriven B.V., having business at Binckhorstlaan 36, 2516 BE The Hague, Netherlands. We are listed in the Business Register of the Dutch Chamber of Commerce with number 61548278.
- “The website” is the collection of web pages publicly accessible via https://www.activityinfo.org and its subdomains.
- “The platform” (also “the service”) is the application hosted at https://www.activityinfo.org and which is accessible only to registered users.
- “You” (also “your”) are a visitor to the website, a user of the platform or both.
Which data we store and why
When you visit the website without signing into the platform, we store data in your browser and on our servers. This section details which data we store and why we store this data.
When you sign into the platform, we store data which you provide to us. This includes the following information:
- your email address which we use for the following purposes:
- to send you an activation email message to confirm that you have entered an existing email address to which you have access,
- to identify your account and to check if you have provided the correct password to log in,
- to send you a password reset email message in case you have forgotten your password or if you have elected to change your password,
- to send you daily and weekly digest email messages in case you have elected to receive these,
- to access your account in case you have requested us to support you,
- to identify your account in our server logs which we use to monitor latency and errors in the platform.
- contact you to offer support or guidance in using ActivityInfo.
- your name which is displayed to other users next to the databases you own and reports you share. Your name also appears in the digest email messages which are sent to the owner(s) of the database(s) in which you have entered or edited data.
- the data which you create on the platform which includes, but is not limited to, forms with indicators and attributes, quantitative and narrative data entered into the forms and locations.
Where we store your data
The platform runs on infrastructure provided as part of the Google Cloud Platform. This infrastructure, which includes servers, databases and file storage, is supported by data center locations around the world. We have opted to process and store your data exclusively on Google’s data centers located within the European Union. See https://www.google.com/about/datacenters/inside/locations/ for a full list of data center locations.
Some data is stored in the browser which you use to access the service. This includes cookies (see the section on Cookies below) and application data. The latter includes our use of the “application cache” and the “IndexedDB Database” in your browser. The use of this storage allows you to use the application in areas with poor or no internet connectivity.
How we protect your data
In general we observe and test against the guidelines provided by the Open Web Application Security Project (OWASP). A full list of guidelines for a variety of topics related to security can be found at https://www.owasp.org/index.php/Cheat_Sheets.
The following sections provide more detail on specific topics such as data security, privacy and authentication.
Data processing and storage
We have chosen the Google Cloud Platform because it is extremely secure and fault-tolerant. We are confident that this infrastructure provides you with the best possible security for your data. Full details on the Google Cloud Platform security and its certifications can be found at https://cloud.google.com/security/.
Traffic between client and server
When you are logged into the platform, all data sent between the client (your browser) and our servers is encrypted using the TLS 1.2 protocol with the SHA-256 hashing function.
Users are authenticated using their email address and a password. Passwords are chosen by users and must be at least six characters. Passwords are stored salted and hashed using the BCrypt algorithm. No passwords are stored in plain text and we require that all authenticated traffic use HTTPS. Users may reset their password by providing their email address, through which they will receive an email with a token allowing them to choose a new password within 24 hours.
Third Party Service Providers / Subprocessors
In order to support our operations we rely on several Service Providers. They help us with various services such as payment processing, web audience analysis, cloud hosting, marketing and communication, etc.
Our full list of sub-processors is available at https://www.activityinfo.org/about/third-party.html.
When you log into the platform, we store three cookies in your browser to record details about your session in the browser. We do this so you do not have to log in again whenever you navigate to another page in the platform or open a page in a new tab within the same browser session. These cookies are therefore essential for the functioning of the platform.