In this policy:
- User is a natural or legal person using Integromat website and services.
- GDPR means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Personal data, Processor, and Controller will each have the meaning given to them in Article 4 of the GDPR.
We are committed to protecting your privacy. For Integromat, the protection of not only personal but also all data that flows through our platform is our top priority. As a part of this effort, we process personal data in accordance with the EU’s General Data Protection Regulation (“GDPR”), and in accordance with the data protection regulations applicable to Integromat.
Information We Collect
We collect information in two ways:
- Information you provide to us directly
- Registration information: In order to register for a basic account, you must provide your email address and a password. If you choose to upgrade to one of our paid subscriptions, you will be asked to provide additional information, such as your name and physical address. We also collect your IP address. Integromat is the data controller with respect to this data.
- Authentication tokens: To integrate with a third-party service, Integromat needs your authorization to communicate with the service's application programming interface (API). A majority of third-party services employ OAuth protocol for this purpose, which enables Integromat to communicate with third-party services on your behalf without storing your credentials. The only sensitive information stored is OAuth access and refresh tokens.
- API keys and login credentials: Third-party services that do not employ the modern OAuth protocol use either API keys or login credentials to authenticate/authorize the communication with the service's API. In this case, we securely save the API key/login credentials and will not use this personal information for any purposes other than those for which you have provided it. If you remove the connection you have provided the information for, we will automatically delete all the personal information associated with it.
- Information we get from your use of our services
- Scenario execution data and data in Integromat internal data stores: Integromat stores logs about the execution of your scenarios so that you have the option to view details about a specific scenario run or to find out what data was transferred from where to where. With respect to this data, Integromat is the data processor, and the user is the data controller. The following list shows what data we store and for how long:
- Logs in Gateway (webhooks, Android): 30 days
- Incomplete runs (DLQ): 30 days
- Notifications: 7 days
- Activity stream (logged execution of a scenario): 30 days
- Scenario execution details: 60 days
- Usage information: When you visit our website or use our service, we automatically record information from your web browser which helps us improve the utility value of our site and manage the provision of our services. This may include your IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, or history of access to our website.
How We Store Your Personal Data
We are committed to doing our very best to protect your data and keep it confidential. We employ advanced security practices to keep your data safe and secure:
- The connection between Integromat and your browser is always encrypted (HTTPS).
- Every connection between Integromat and a third-party service is established in the most secure way that is supported by the given service. In some cases (e.g., FTP, databases, etc.), you have the option to set the security level manually.
- We use AES to save your credentials securely.
- To protect our secure HTTPS website from downgrade attacks, we have implemented and use HTTP Strict Transport Security (HSTS), the web security policy mechanism.
- We have protection against CSRF/XSRF attacks.
- We use CSP protection to prevent XSS.
- All passwords that you provide us with are stored in an encrypted format (PBKDF2-SHA512 with 200k iterations), so they cannot be read and/or reproduced. No one is able to read them, not even us.
- We use persistent IP addresses so you can limit access or make tunnels.
- For your protection, we do not support outdated browsers. The latest browsers are more secure, and they ensure the highest security standards.
- Our servers are housed in one of the most modern data centers in Europe, equipped with the latest security technologies.
Where We Secure Your Personal Data
Your data is stored in a secure web hosting center in the Czech Republic (EU member state since 2004) certified to internationally recognized ISO 9001 and ISO 27001 standards that define the requirements for the quality management system and the information security management system.
How We Use the Information We Collect
Integromat collects this personal data for the following purposes:
- Login to Integromat
- Possibility to reset a password in case of forgetting it
- Informing users about executions of active scenarios
- Informing users about business matters
- Informing users and potential users about new features of Integromat
Right of Deletion or Change of User Personal Data
In the Profile section, you have the option to ask for your profile to be deleted or changed. In the event that it is our duty to keep a record of some of your personal information, for example for accounting purposes, this information is retained. We will irrevocably remove all other information within 60 days of your request.
Integromat Features That Allow You to Manage Personal Data in Accordance With GDPR
Integromat employs features that empower its users to easily comply with the requirements of GDPR:
- Scenario settings: Data is confidential. This is a key feature that allows you to process data in Integromat without leaving any record about the data in Integromat after the scenario run completes. If you do not want to include the transmitted data in the log files, you can enable this option. With this option enabled, no transmitted data will be stored in the log files, and the logs will include only basic information about the run of your scenario. Please refer to the Scenario settings panel page for more info.
- Deleting data stored in Integromat data stores. For deleting data, use the Delete a record function to delete a specific record, or the Delete all records function to delete all the records from a specific data store. Please visit the Data store page for more info.
Third-party Payment Processors
We do not collect or store your full credit card information on our servers. All payments are securely processed by PayPal, Stripe, and Global Payments Europe gateways. We only receive a confirmation about the result of the payment. Your credit card details are not disclosed to us.
Limited Use Disclosure Related to Google
Integromat’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
With Whom We Share Information
We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent.
We may disclose:
Your information to third parties working for and with Integromat: We work with third-party service providers (like hosting services) to help us provide, improve, or advertise our services. Integromat may give relevant persons working for these third parties access to your information, but only to the extent necessary for them to perform their services for us. All such third parties must agree to observe the privacy of our users and to protect the confidentiality of their personal information.
You may disable cookies within your browser to block this tracking by Google, understanding that doing so may affect your ability to use the full functionality of Integromat. For certain browsers, you can also prevent Google from collecting information (including your IP address) via cookies and processing this information by downloading and installing this browser plug-in.