Privacy Policy

Minsilo provides web-based strategic planning software. This service cannot be provided without access to data you provide to us about your business. To provide our service, Minsilo collects data from users that is described in this Privacy Policy and is permitted under your agreement to the Terms of Service. If you do not agree with the separate Terms of Service, you may not continue to use Minsilo.

Information We Collect

Minsilo collects data that you a) give to us explicitly and b) that is collected automatically when you use our service. We use this data to provide our service, make enhancements to our product, detect issues with our product, and to grow our business. The manner in which specific pieces of data is outlined below.

Information you provide to us

Email Addresses

In order to properly secure our product, we may collect your email address and the email addresses that you provide explicitly to us. Email addresses that you provide to us are used primarily for authenticating you as a user of the platform, as well as being used to send updates and notifications about activity within the platform. Additionally, email addresses you provide to us may be used notify you of important changes or improvements to our platform.

Notifications about the platform may be sent either through our application directly or via a marketing campaign in Mailchimp. You may opt-out of emails from our platform, except for emails you explicitly request (such as password resets), by following the instructions in the footer of the email or by filling out this form.

We also use your email from time-to-time as an identifier within our application analytics. Our application analytics are currently provided by Mixpanel and Bugsnag; links to our analytics providers are listed under "Third Party Services".

Payment Information

To use some of our services, you're required to provide valid payment information. We use Stripe to handle and process sensitive payment card information, including credit card numbers, expiration dates, security codes and any additional information required to process your payment. At no time does Minsilo directly collect payment card information.

Personally Identifiable Information

You may provide personally identifiable information ("PII"), including your name, avatars (images that may represent you), and unstructured PII that you provide elsewhere in the application. We use this data only to provide our application and do not share this information with third parties.

Business data

You may provide specific data about your business, in order to make use of our service. Some examples of business data include, but are not limited to: "contribution" postings that are provided by you, or other users working for or on behalf of your company; "goals", "purposes", and "strategies" that are explicitly provided by user and their related data.

We only use business data for the purpose of providing the application. We do not disclose or share this information with third parties, except when required pursuant to a lawful government request.

Integration data

You may also connect third-party applications to Minsilo in order to make Minsilo more useful. Integration data can be received my Minsilo manually, such as when a user creates an integration with a third party application. Additionally, integration data can be received automatically, such as when a user configures a Webhook that is triggered by an event in a third party application.

Integrations are explicitly opt-in. We do not have a mechanism for automatically integrating with your applications.

We may store authentication tokens to enable you to easily access the applications you connect to Minsilo. Only you are able to utilize these authentication tokens, as they're protected by your account password and at-rest encryption.

Some business data may be collected from third party applications that you integrate with Minsilo. This may include data from users that are not on the Minsilo platform. This data is collected using the permissions provided by the third party platform, based on the user that is authenticated. The specific level of access is determined by the implementation provided by the third party vendor that you're integrating Minsilo with; in summary, we have the same level of access to information as the user or role that is configuring the integration.

Information we collect automatically

Minsilo also collects information automatically in order to provide our service and make it useful. This kind of information includes the following:

Usage data

Some aggregate data about how you use our product is collected. This may include which features you engage with, the frequency of your interactions with our software, and the overall duration of your interactions.

IP addresses, beacons, log files, tokens and device IDs

Like many other web applications, we collect technical details about how you interact with our application.

IP addresses are collected to a) provide the application, since all Internet-based services need to have an IP address to know how to send data back to your browser; b) prevent fraud and abuse of our platform, by allowing us to detect misuse and programatically block users and systems that abuse our services; c) better understand where users are connecting from, including using IP addresses to determine geolocation of a user that connects to our platform; d) improve the performance of our application.

Cookies and other unique identifiers

We utilize cookies to make our application work properly. For example, we currently store cookies that include your authentication token and related authentication data, in order to allow you to access your user account and the resources that require you to be logged in to view.

You may elect to not allow cookies to be used in your browser, however, your access to our services may be greatly restricted. For example, if you prevent your browser from storing authentication cookies, you will not be able to access account resources from your browser.

Bug and crash data

We utilize third party bug and usage tracking services, described under "Third Party Services," in order to reliably provide our service, fix technical issues, and better understand usage patterns. We try our best to prevent sensitive data from being shared with these third parties, but some data may occasionally be shared from the application. On request, we can disable bug tracking for our application.

Access to data from consultants

Minsilo may occasionally provide professional or consulting services to clients who use our platform. In such cases, these consultants will have access to your company's Minsilo workspace as a user or administrator. This consultant will have their own separate user account within the workspace and will be identified as "Consultant Name (Minsilo)".

Consultants have the same data access privileges as any other user who holds their access level within the platform; for example, a Consultant that has "admin" account access, can view everything an admin from your company can view.

Consulting services are provided as an opt-in service only and may incur additional charges. Minsilo is under no obligation to offer consulting services; all consulting services are provided on a case-by-case basis and at the sole discretion of Minsilo.

How we use and share data we collect

Minsilo respects your privacy and takes reasonable steps to protect your data from misuse. We utilize your data in order to:

  • provide our services to you and your company;
  • prevent misuse of our services and software;
  • better understand how you utilize our software and learn how we can improve our services;
  • resolve technical issues and "bugs" that may exist in our software;
  • improve the security of our platform;
  • comply with lawful government and law enforcement requests;
  • provide support for our services and help you to better use our software;
  • inform you of changes to your account, remind you to engage with our software, and notify you of improvements to our platform

We also describe specific ways that we utilize certain data that you provide to us elsewhere in this Privacy Policy; we encourage you to read this Policy in its entirety.

Security Practices

Updated 2020-06-24

Minsilo takes security seriously and takes reasonable precautions to protect your company's data. Some steps we take to secure your data include:

  • password-based authentication is implemented using industry-standard libraries that hash passwords with a per-user "salt" and a global "pepper";
  • we utilize SSL throughout the application;
  • each workspace is stored in an isolated and separate manner in our database;
  • customer file uploads, including attachments and image uploads are stored in separate customer-specific folders. Users can only access uploaded files by using an authenticated route, which provides a time-limited and uniquely generated URL leveraging the AWS Signature Version 4 method;
  • we run 100% on the cloud, within a virtual private cloud ("VPC") that cannot be accessed via the public internet, except via our public-facing proxy servers.

Third Party Services

Minsilo presently uses the following services to provide the capabilities of our application and may share data with these third parties, in order to provide our application:

  • Amazon Web Services
  • Bugsnag
  • Google Analytics
  • Logrocket
  • Stripe

We also use these services to provide our marketing websites and email campaigns (www.minsilo.com):

  • Amazon Web Services
  • Mailchimp
  • Google Forms
  • Google Analytics
  • Microsoft Clarity
  • Webflow

While we take reasonable precautions to protect your data from unauthorized disclosure, do understand that no computer system is completely secure or free from mistakes. The risk of unauthorized access remains a possibility with any software service or product, including Minsilo. Depending on your service level with Minsilo, we may take additional or separate steps to ensure data privacy and security.

Basis for Information Processing

We process your personal data only when we have a lawful basis. Presently, we have a legitimate interest and, in some cases, your consent as the lawful basis for processing. Our legitimate interest is to deliver the services to you. We have determined that our processing of your personal data is necessary to deliver the services to you, and that there is no less intrusive means of delivering you the services. Finally, we believe that our processing of personal data will not cause unjustified harm in a way that would override our legitimate interest basis as provided under the EU’s General Data Protection Regulations.

In some cases, we may use consent as our lawful basis for collecting and processing certain types of personal information. In such cases, you have a right to withdraw consent at any time.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

Using the Services from outside the United States

The hosting facilities, servers and central database for the service are located in the United States, except for static content served directly to your browser. No user-submitted data is stored outside of the United States, except for data subject to processing by a third party. If you are accessing the service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States by us as data controller and as data processor. By signing up for and using the service you agree to this transfer. Please be assured that we seek to take reasonable steps to ensure that your privacy is protected.

Static assets and web application frontend

Minsilo currently relies on Amazon's Cloudfront CDN services to provide static assets and resources for our application. Since our web application frontend is separate from the rest of our application, we are able to deliver to your web browser or mobile device access to our application.

In order to provide better performance than a single hosting region, Amazon may serve you a copy of our web application from a server that is located outside of the United States. Generally, this means that you'll receive a copy of our web application frontend from a server closest to you; for example, a user in the EU may receive a copy of the web application frontend from a server located in Europe.

Our web application frontend is loaded locally onto your device and is does not itself contain any sensitive or personal information.

Data Retention

Minsilo retains information that you provide to us in order to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Some of the data that you provide is retained at a company-level; as an individual user, you may not be able to remove data that you've posted to your company's workspace or have otherwise shared during your use of your company's Minsilo workspace. This data is preserved for the benefit of your company.

As a company administrator, you may remove data related to your organization within Minsilo. In this event, we will remove any data that resulted from user uploads or data that is stored in your company's workspace. Some copies of this data may be preserved for the short-term, such as to maintain reliable backups of our customer data; we are unable to remove data from these backups specifically, but typically these backups will be destroyed after a period of time.

Please note that we may not be able to remove your company's data in the event that we're required to retain it because of government regulations or lawful requests. In some cases, we may also be prohibited by law from notifying you that this data has been retained.

Although infrequently, this Privacy Policy may change from time to time, so it is recommended that you periodically check back here to stay informed of any changes. If you disagree with any changes in this Privacy Policy and do not wish your information to be subject to the revised Privacy Policy, you will need to delete your account and stop using Minsilo.

Changes

  • March 29, 2021: added new data processors
  • February 24, 2022: updated data processor list; addressed some typos in the Policy; clarified storage of tokens for integrated apps.

Contact

If you have any questions or concerns regarding our Privacy Policy, please contact our legal team via email at legal@minsilo.com.