Privacy Policy
Effective date: 30-05-2022
URIports ("we," "us", "our") provides advanced website and email event logging services ("Services"). In this Privacy Policy, we describe our practices in gathering, processing, and using received reports in the application ("Reporting Data") and how we process your personal data ("Personal Data").
To summarize our Privacy Policy: your Reporting Data will always remain your data. We do not sell, share or use it for anything other than providing you with our Services. Received reports are stripped of any information that might contain personal data. We value your privacy as much as you do.
By making Reporting Data available to us through our website, Services, or related materials, you agree to the terms of this Privacy Policy and the processing of your Personal Data in accordance with this Privacy Policy and our Terms of Service.
Visitors to our website and users of our Services are covered by this policy. Please note that individuals under the age of 18 years old are not allowed to use our Services.
What do we collect
We collect your email address when creating your account. We may process anonymized IP addresses when they add substantial value to a report (like deduplicating reports and checking how widespread an error is). These anonymized IP addresses are needed so that users of our Services can properly debug the error reports we receive.
How do we use this information
We use your email address to let you log in to your account, send notifications, notify you of changes in our terms or privacy policy, or contact you for transactional purposes. We will never sell your data to anyone.
Who has access to your Reporting Data
No one can access your data besides you and authorized URIports personnel for maintenance and support purposes.
Cookies
We use an essential cookie to allow you to log in to our service. We do not track or build a profile of you.
This cookie will be placed in your browser when you log in:
| Cookie Name | Description |
|---|---|
| __Host-PHPSESSID | Cookie to identify your current session to the server so we know you have access to the application. |
Personal Data in received reports
Reporting API (web reports)
Browser generated reports that we receive may contain personal data when it is included in the website URI's. We discourage the inclusion of personal data in a URI from a security and privacy perspective.
Several report elements that we receive may contain personal data. We try to remove all personal data from the received reports and store reports only for a limited time, based on the data retention in the chosen subscription. The following report elements may contain personal data:
| IP addresses | these are removed and not stored by us unless it is an IP address of a server. |
| HTTP Referer | The "referring site" may be received as part of a report and may contain the data relating to an identified or identifiable individual. |
| Document URI | The structure of URI may relate to an identifiable person, like: https://www.example.com/account/jane/smith. The report data would be retained in reports in URIports during the retention period. |
| Query Parameters | A query string may contain personal data in the key names or values, like https://www.example.com/account?user=janesmith&socialnumber=12345. Because of this possibility, we remove all the query parameter values, and we only leave the keys in the report. So the query in the report becomes https://www.example.com/account?user=*&socialnumber=* |
| URI fragments | A URI fragment may contain personal data, like: https://www.example.com/login#JaneSmith/DriverLicense,123456. The report data would be retained in reports in URIports during the retention period. |
DMARC Aggregate Reports
Aggregate reports are sent by mail receivers and do not contain Personal Data. IP addresses included in these reports are from sending mail servers that are not operated by individuals. In theory, users can run a personal mail server from their home IP address, although this scenario is unlikely.
DMARC Failure Reports
When an email fails DMARC validation, a failure report is sent that may contain the original email headers and body. Because these reports may contain Personal Data, we remove the message body and the Personal Data from the headers. It is possible to save the original body and headers by providing us with a PGP public key. Then, no one besides the key owner (you) can decrypt and view the data. Read more about privacy and DMARC failure reports in our blog.
Company and servers location
Our company and servers are located in the Netherlands (within the EU) and must comply with stringent privacy legislation. Furthermore, the servers are located in a highly secured data center to create the safest possible place for your Reporting Data.
Data Subject Rights
As a Processor, we will assist a Controller in helping them respond to any Data Subject rights requests. The following technical capabilities are available for a data subject to request:
- Access: Request individual reports that contain Personal Data. The reports do not contain structured Personal Data. We try to remove as much Personal Data as possible from received reports. Some Personal Data may still be available in the reports (see section "Personal Data in received reports") that can be accessed at the request of a data subject.
- Rectification: Not applicable
- Erasure: Reports are automatically erased after the retention period defined in the subscription.
- Restriction: Not applicable
- Portability: Not applicable
Third-party service services
We do not use any third-party services.
Changes
We periodically review this Privacy Policy and will endeavor to notify you of any changes by email. However, please continue to check this page for updates.
Data Collected as your Data Processor
We collects data on behalf of our customers in the context of providing our Services. The customer has complete control over all the data collection carried out as part of the Service. Read more in the Data Processing Agreement.
Security
We uses a variety of security measures to maintain the safety of your Personal Data. All the data the Service sends to you and back are transmitted via Transport Layer Security (TLS) technology. Any provided payment information is at Paddle.