GDPR Compliance

GDPR

Intempt strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Intempt holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation (GDPR).

Supporting Data Subject Rights

As controllers of personal data, Intempt and its customers must uphold certain rights stated by the GDPR, including:

Right to Access and Data Portability

Intempt will support individuals’ right to access and right to portability of their personal data through individual export requests. Any Intempt account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users.

Right to Object

Our customers control what data is sent to Intempt, and may decide to halt the sending of personal data at any time.

Intempt collects information about how customers use the product and uses this data to identify product gaps and improve existing products. While this information is useful, Intempt recognizes the importance of an individual’s right to object.

Vendor Obligations and Subcontractors

As a data processor under the GDPR, we are responsible for the subcontractors we retain to help us provide our services. To support delivery of our services to customers, we engage certain vendors who help us process our customers’ data. Some of these vendors provide our data storage and infrastructure and are an integral part of the services we provide while others provide important account management assistance. We know we have an important responsibility when it comes to scrutinizing these subcontractors which is why our Vendor Risk Assessment program requires each subcontractor to undergo a rigorous review to ensure each has the required technical and organizational expertise and measures in place to deliver an appropriate level of security and privacy. We have developed an internal map of all customer data flow in connection with our subcontractor review to ensure GDPR compliance, which include our requirements to assist with data subject access requests.

Enterprise Grade Security

The GDPR requires controllers and processors of personal data to “implement appropriate technical and organisational” measures to ensure a level of security appropriate to the risk. Intempt uses Amazon Web Services (“AWS”) as its third-party cloud storage subcontractor and does not host customer data on its premises. AWS is a leading cloud provider, and holds industry best security certifications, such as SOC2 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers.

Internal Controls

For Intempt employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Additionally, all Intempt employees must abide by multiple policies about handling customer data securely and protecting customer data.

Audits for Vulnerabilities

At least annually, we invite an independent, third-party auditor to run penetration testing. Additionally we run scans for software vulnerabilities and have an event management infrastructure, which provides 24x7x365 monitoring and alerting for incidents in our networks and systems.

Product Security

Intempt customers can access product features and configurations to further protect personal data against unauthorized or unlawful processing. You can read more about our commitment to security here.

Data Retention Policy

As processors of its customers’ data and to protect the privacy of information it stores, Intempt holds data no longer than is needed to provide its services. To further support this, Intempt has implemented the following data retention policy:

Events

  • Policy: By default, events are available for 60 days; i.e., you can segment users if the event is done/not done in the last 60 days. Event retention period is extendible on request.
  • Reason: Preserving events beyond 60 days will increase your segmentation time, thus delaying your sending time. In most cases, user activity beyond 60 days provides minimal incremental value to your marketing performance because of the lost context.

Users(Anonymous)

  • Policy: Users who are not identified AND have been inactive for 60 days are archived automatically.
  • Reason: Saving unidentified, unreachable and inactive users inflates your user base and deteriorates performance. It increases segmentation and journey processing time (since the platform will be scanning more data),

Users(identified)

  • Policy: Users who are identified and haven't been active and haven't received any messaging action(push/email / SMS) for the last 1 year are archived automatically.

    Reason: Saving users for a long time unnecessarily degrades the performance of your data activities on Intempt; we have a default 1 year, which can also be customized as required.

Organizations

This policy includes organizations that were deleted through the Organization Settings -- deleting a project through the Organization Settings triggers a soft deletion. The data in the deleted or reset project will remain stored in Intempt for 60-90 days, after which it will be hard deleted and unrecoverable.

Data Processing Addendum

Intempt has updated its DPA to ensure compliance with all GDPR-specific requirements. This supplements Intempt's Terms of Use and provides contractual safeguards to its customers for the processing of personal data sent through Intempt. The DPA enables Intempt's customers comply with the GDPR.

Data Protection Officer

Intempt has a dedicated Data Protection Officer (DPO), along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Intempt. If you would like to reach our DPO or have or have follow-up questions please reach out to us at success@intempt.com.

User Lifecycle
Automation Platform

Acquire, Engage & Retain throughout the User Lifecycle

Create Free Account

The data driven way to
Acquire, Engage and Retain your customers

By clicking “Start free” I agree to Intempt’s
Terms of Service & Privacy Policy

Get a demo