Hi Folks! 🤠
For ALL SMART Affiliate Program sites and tools users’ privacy is at the core of our decision making. We provide a service that changes the way we all can work and earn and what we have allows us to be more expressive and informative in our daily work communication. Sensitive information is passed through our systems, and we don’t take that lightly.
Where does my data go within the SMART Tools for Business Infrastructure?
Your text-based data is comprised of your name, notifications, password, linked accounts like Google and Slack, video names and descriptions, and so on. The majority of this data is stored on encrypted databases.
The platforms are all hosted on secure servers and behind a set of security measures that we have in place. Only privileged servers such as ours have access to such security and we pay a premium for this.
This includes your avatars, any videos you may upload, and your thumbnails. These files are stored on our media buckets within the sites and in some cases in encrypted S3 buckets, which can only be accessed by certain robots and engineers within our organization who have special access.
In order to speed up the delivery of your videos to your computer, we utilize some plugins and in some cases a CDN. Our CDN makes use of signed URLs. The CDN URL is not your video page URL. Your video page URL stays the same no matter what, but your CDN URL is the URL that actually delivers the video content.
When we sign these CDN URLs, we have complete control over deciding to not issue a URL to someone who requests it. Basically, even if you understand where a video is located on our CDN, you will not be able to access that URL unless you have the URL signed by us.
Let’s get one thing straight. Your video data never leaves our systems to a third-party system. It always stays within our tools and delivery services.
On the other hand, your textual data (name, email, Loom userId, persona, and so on) does leave to our trusted third-party systems. We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t agree with or understand our reasoning.
If you do not agree with your data going to a specific system, and you have an individual SMART Affiliate Program, a SMART Tools for Business Tool, Service, or Product, upon notification and direction from you we can and will delete your account(s) and will permanently delete all of your data from all our systems and third-party providers.
For folks coming to figure out GDPR compliance, all of the following 3rd parties act as data processors for us.If any kind of personal information (email, name, persona) is sent to the following third parties, a ⭐ is left next to the provider name.
What: Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have “vanity” analytics and serves as a good place for understanding where on the web our users are coming from.
Why: It’s good to know where our users are finding us so we can promote our product more with those partners and channels or figure out whether there are tangential products that should be introduced to our platform.
How to be forgotten: Because of how we use Google Analytics, all data sent to it is anonymous. We send no emails, no names, and we even anonymize IP addresses. Your identity is completely safe here.
What: Mailchimp is used for our transactional email service. These are notification email updates and service-level emails such as email verification, password reset links, and the like. We do not use Mailchimp for marketing purposes.
Why: We need a distinct way to send emails for core authentication flows and platform notifications.
How to be forgotten: All data sent to Mailchimp is not anonymous by nature since it is a transactional email service (we send them your email so they can send you an email). For notifications, you can turn off your email notifications in your account settings. For authentication emails (such as email verification), we rely on Mailchimp. Since we cannot guarantee you won’t get these emails, the only way to get forgotten is to delete your Loom account.
Why: In order for SMART Tools for Business to be able to continue to exist, we think it’s important we provide service users find enough value in they feel comfortable paying us. Handling online payments is complicated and the privacy and security risk is high. Although using Stripe (the industry leader in online payments processing) means they take a cut of our revenue, we think this is ultimately better for user privacy, safety, and our ability to focus on what we do best, which is not handling/owning the legal intricacies of payments processing.
How to be forgotten: We send your email to Stripe, and they collect your billing information directly. No billing/PCI information is handled/stored in our systems. When you remove your credit card entry, your credit card and other sensitive billing information is removed from Stripe. When you delete your account, all historical information (including past invoices) is removed from Stripe.
Our non-technical team members have access to Customer Support and member details for the tools we offer. This allows them to provide customer support. Over time, this will become more restricted as we scale up the team to only be customer support individuals.
Our technical team can be granted temporary access to our servers, done-for-you websites, stored video, and thumbnail storage. This is always for debugging and development purposes.
Each of our engineers has a unique key that identifies them within our systems. All actions are logged for 6 years. If their key is compromised, we have an instantaneous way of expiring that key, checking if their key was used by an outsider, and processes to remedy such situations and alert the affected user base.
So far, this has never happened in the SMART Tools for Business’s history, and we’re very proud of that.
Videos: You can export all of your video data by downloading each individual video.
Text-based Data: Your user information, folders, and video metadata, comments, comment replies, and emoji reactions can be exported using the “Get my Data” button in your account settings.
If you ever want to delete your data, deleting your account (at the bottom of your account settings will send you to a page to fill out and submit to us. Once we confirm your request, we will permanently delete all of your data off our systems.
🔒 Encrypted: encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images, and text) are encrypted at-rest and in-transit across all systems.
🏃🏾♂️ In-transit: your data is being sent from one location to another (usually one server/computer to another)
🛌🏾 At-rest: your data is physically being stored on a device (usually a server)
🕳️ S3 Bucket: this is where we store larger (usually this is media) files such as images and videos
⚡ Cache Layer: a group of servers that uses faster storage for the purpose of being able to retrieve it faster
🤝 Database: this is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: “what is a user?”, “does a user own one or many videos?”, “Could you get me a list of all of this user’s comments?”
🔥 VPC: a firewall that blocks access to a server or group of servers only to users/robots that have the proper permissions
🌐 CDN: a CDN (Content Delivery Network) is a network of computers around the world whose purpose is to store data as close as possible to the downloader to speed up the delivery of media.
🤖 AWS: short for Amazon Web Services. This is the cloud provider we use at Loom that allows us to rent storage and compute capacity from their data centers.
If you have any questions on this terminology, we are here to help. Email us at firstname.lastname@example.org