The General Data Protection Regulation or GDPR is the new regulation in the European Union on data protection and privacy.
We at jAlbum are of course following the guidelines of GDPR protecting your personal data in any way possible. We have always done that. GDPR doesn't make a difference.
We are collecting whatever email, name and username you state when you sign up to our service, in order to make the service usable. We also collect your IP when you sign up, sign in and make a purchase, so we can detect fraudulent behaviour.
If you make a purchase using PayPal we send your email and name to them to simplify the purchase process.
While you are in the payment process any data you send then (for example credit card numbers or account numbers) are sent directly to the payment processor, which currently is FastSpring or PayPal. We don't handle that.
After a successful payment tracking pixels are loaded from our affiliates to register purchases made via them. But we don't add any personal info to those tracking pixels.
If you send a mail to our support Zendesk handles the data you send, including your email address.
We have Data Processing Agreements with all our sub-processors.
If you use our Premium or Power storage to host your albums on our hosting service we are storing those files on our own servers in Sweden and on servers hosted by Amazon AWS in Ireland and Germany. Only a few have full access to these servers, and we have Data Processing Agreements with our colocation partner Bahnhof and with Amazon AWS.
If you are a data controller of personal data that you store on our hosting service you might need a Data Processing Agreement (DPA) with us. This can be if you are representing a company or organisation storing photos of people, which can be considered personal data.
If you have an active Premium or Power account you can find a Data Processing Agreement here.
We don't store personal data longer than needed. As long as you have an account with us your data is saved, but if you close your account we will delete all your personal data within 60 days. We don't delete them immediately so we can reactivate your account if you close it by accident.
Do you have further questions? Just contact our support!