GDPR

General Data Protection Regulation

CoxPost expertise, attentiveness to new trends, commitment to partner

Please read this GDPR carefully before using our platform

What is GDPR?

GDPR represents General Information Insurance Guideline. Another regulation implemented by the EU to safeguard end clients' very own information. This regulation authorizes a few parts of information security. Here we need to give a rule on how we safeguard your information, what is our obligation and what is your obligation. We unequivocally propose you read all our documentation or one more article about GDPR and take a choice regardless of whether you need to utilize our application. We are not answerable for any carelessness or issue in information assurance on your side or any outsider's side. Take as much time as is needed to peruse the documentation and act admirably, and remain safe.

Definition of Personal Data:

Any data owned by an individual is his or her personal data. It could be someone’s name, image, email address, physical address, social media post, location, computer IP address etc. The ownership of user’s personal data is absolute. That means wherever and however the data is saved it belongs to the user solely. The data collector or data user (facebook, youtube) cannot show, save, share or perform any other activity with user’s personal data without user’s explicit or implicit permission. If an user gives permission to use his or her data on specific type of action (data storing, data viewing etc) then it can be used by the admin of the application. To visualize this consider a hypothetical situation. You post a status on social media. Here you have given the implicit permission to show the post to your public or private contacts. Application admin is not responsible for any abusive comment to your post made by your contacts. This means that if you made your data public then it is your responsibility. But application admin do hold responsible for any data sharing with third party. If any data is shared it must be said explicitly in advance. So we see the how data uploading and showing depends on both app admin and user. Further details you will get upon reading the full documentation.

Responsibility of Developer:

The safeguard of user personal data on the application's back end is the responsibility of the developer. The developer is responsible for how the user data (name, telephone no. email, etc ) and other info ( like logs of user interaction with the application ) is stored on the database and server. We will describe in detail how the data you submit directly (name, email, etc.) and indirectly (browser name, computer IP, etc.) are saved on the database and server. Once any data is uploaded to the server the security of the data depends on the security of the server and sometimes the admin of the application. Users will be notified about all the temporary (cookie and session) and permanent (data saved to the database) data saving. Users will get the option of all or their personal data erasing permanently upon account deletion or service cancellation. We assure you that we do not keep logs of user activity or any other backdoor to extract user data. Sometimes Cpanel access and another credential of app admin are needed by the developer to support and maintain the application for a short time before the application goes fully online. We strongly recommend to the app admin change these credentials after the job gets done. The developer cannot be held responsible for any credential leak on this ground. The developer also cannot be held responsible for any unwilling security glitch on the application. After all, data shared online always has the risk of getting leaked. So we strongly suggest not sharing any data that can compromise you or any other individual.

Responsibility of Application Admin:

The application Admin has unhindered admittance to the user's very own information. Admin can get to the data set, server logs, and some other data on the admin compass. Application admin can see and duplicate the information saved money on the data set and server. Application admin can impart the user's very own information to outsiders. How the user's information is utilized should be declared by the application administrator expressly before user enrollment. The administrator shouldn't permit anybody to remove information straightforwardly or under the mask of the study, finish up the structure, or some other means. The application administrator partakes in the most honor on the application. So administrator has the most elevated liability regarding the supervision of the client's very own information.

User’s Responsibility:

Everything relies upon the user. If users do not submit data then there will be no data breach. But this isn't a choice. The first concern of the user is to read all the documentation from both the app developer and app admin and then submit the data. Safekeeping of users' own credentials is the sole responsibility of the user. Password and username may be encrypted on the database but a dictionary word or too predictable password for a specific user can give easy access to the user's account to hackers. Change your accreditation on any dubious action by an unapproved individual or in the event that you share your certification with others for some unavoidable explanation. Continuously think prior to submitting.

Our Action on GDPR:

  • Collect as fewer data as possible. Tell the user necessity of collecting specific data.
  • Enforce https
  • Destroy all sessions and cookies after logout.
  • Do not track user activity for commercial purposes.
  • Tell users of any logs that save computer IP and location.
  • Clear terms and condition.
  • Inform users about any data sharing with third parties.
  • Create clear policies about data breaches.
  • Erase data on canceling subscriptions or account deletion.
  • Patch web vulnerabilities.

Supported GDPR Features:

Adios, application: when you drop your membership or erase your record we give you the choice to erase every one of your information existing or connected with your record. Note that, this activity is irreversible. The second you express yes to erasing every one of your information will be eradicated from the data set and server for eternity. You can back up data before erasing it in case of re-subscribe or re-register.

Secrecy is my right: we encrypt most of your personal data on database. If any bad things occur (data breach) then the hacker will get encrypted hash not your personal on plain text. So your secrecy will intact even in case of data breach. Note that, some data cannot be encrypted because we need to show it upon login to account (like username). We will hide all your personal data as much as possible.

No cookie and session saving: we will give the option to save or not save cookies and sessions. Even if you save cookies and sessions these will be destroyed after logout. We strongly suggest you not save your credential in the browser. Please memorize your credential or use tools like LastPass to manage your credential.

Destroy footprints: We don't save or track any of your actions for any business reason. We might store your login time or IP for security purposes as it were. At the point when you erase your record each and every piece of your information will be erased from the server.

Social designing is terrible: We don't record any of your own movements on the application. Recording a client's very own movement, examining it, and attempting to offer an item or spurring the client to seek after a specific idea upon dissected information is becoming negligence. We don't do things like this.

Notify me: Get notified about all your activity relating to your account (account creation, password change) by email. We recommend you change your credential if any unusual things happen.

Strategy Update warning: You will get told of any protection strategy or disclaimer refreshes. Peruse your email in regards to this and choose your activity. Go ahead and counsel on this.

Connect without worry: We enforced HTTPS everywhere. Data sniffing is unimaginable in this situation. Regardless of whether conceivable, the sniffer will get an encrypted hash. So feel safe to use our application.

No data collecting: We don't gather any data on users. No backdoor, No hidden option to collect data. Once the application is uploaded to the server even we cannot enter the application without the app admin password. So do not worry about any hidden data leaks.

Data breach policy: we implement all the security to store your data cautiously on the database (data encryption, MySQL, SQL injection prevention, input checking, etc. ). However we do not take any responsibility for data breaches from servers. Because it is the total responsibility of the app admin and server admin to secure your data from breaching. Any weak or too predictable password of the app admin or server admin could compromise the database. Any inherent fault on the database config can give away the database (MongoDB security fault). Any security blemish on the server can prompt information spilling. Kindly contact your app admin in this regard.

Is sending bulk messages to Facebook leads using our system GDPR consistent?

Indeed, sending bulk messages using our system is GDPR-consistent. Because people OPTIN to our Facebook page by starting messenger conversation and we can prove it. They become our lead in a valid way. Every one of the messages we sent should have an unsubscribe link (we already have this feature) or another way so that individuals can unsubscribe at any time.