Privacy Policy

Effective date: April 14, 2019

At Stormly we're committed to your privacy. In this privacy section Stormly acts as a data controller, we offer transparency on how and why we process your data, and give you the tools to control it.
To see how Stormly processes data of its clients, see the Data Processing Agreement.

Browse through the 'Data Policies' tab to get more information about your personal data and how it is used. If you have an account, make sure you're logged in first; this will allow you to perform many actions by yourself without needing to contact us.


General points:

  • You can inspect and export the personal data and information that we have collected on you, by visiting the 'Your Data and Export' section. If your data or information is incorrect, you can request to amend it. For specific details see each section in 'Data Policies'.
  • Your personal data is never used in automated decision making or profiling.
  • We never sell or trade your personal data to outside parties.
  • Our website, products and services are all directed to people who are at least 16 years of age or older. We will delete any personal information as soon as possible once we have learned that this information is from a person under the age of 16.
  • We may release your information when it is necessary to comply with the law.
  • Your personal data is handled and protected with the greatest possible care. We try to keep the amount of personal data we need from you as minimal as possible; we only ask you for the information necessary to provide you with our services at Stormly. In doing so, we comply with the requirements of several privacy laws including GDPR. We provide these privacy features to all of our users worldwide.
  • Everything in this Privacy Policy applies to the website as well as the mobile apps.

In case you have more questions after going through our Data Policies, you can contact us here.

Click on each section to get detailed information. All network communication between you and the website or other mobile apps is always protected by a secure connection (SSL).

Purpose of data processing: To be able use the Stormly platform, you need an account. While you are logged in, you can try the demo, create your own project, etc.
Types of personal data processed: Email, current IP address, first and last name, company name, role within company, timestamp of last login, timestamp of last request.
Who is this data collected from: Everyone that has signed up for an account on Stormly.
How long will this data be kept: For as long as you have your account and keep it active during a period of 2 years. If you haven’t used your account in more than 2 years, your account and all related data will be removed automatically.
How to delete/modify this data: You first need to log in to your account. You can then visit your Account and update your details. To remove your account and related data, use the account removal link on your Account page.
What security measures are there to protect this personal data: The data is stored in the database on our web-server (hosted by Vultr). The server and database are only accessible with an encryption key that only our data protection person holds.
This data is transferred to these 3rd parties: This data is stored and collected on a server rented from Vultr USA
Which of these 3rd parties are located outside the EU:

Purpose of data processing: To restore the latest copy of the 'User Account and Related Data' for the purpose of disaster recovery or in case of a server malfunction.
Types of personal data processed: Same as for section 'User Account and Related Data': Email, current IP address, first and last name, company name, role within company, timestamp of last login, timestamp of last request.
Who is this data collected from: Everyone that has signed up for an account on Stormly.
How long will this data be kept: Backups that are more than 6 months old are automatically removed.
How to delete/modify this data: No changes are possible because of legal and disaster recovery requirements. However, in case of a (disaster) recovery from the backup, we have the necessary procedures in place to make sure that data from users that were removed or requested to be removed, is not restored from the backup.
What security measures are there to protect this personal data: Backups are always encrypted. First they are put on our web-server (hosted by Vultr), after which they are encrypted and backed-up with our storage provider Amazon Web Services (AWS). Only the data protection person has access to and can unencrypt these backups.
This data is transferred to these 3rd parties: Backups are transferred to Amazon Web Services (AWS) after being created on a server rented from Vultr USA.
Which of these 3rd parties are located outside the EU:

Purpose of data processing: To inform your about anything related to your user account, such as signup confirmation, account expiration, subscription status and other account related e-mails.
Types of personal data processed: E-mail.
Who is this data collected from: Everyone who signs up for an account on Stormly.
How long will this data be kept: For as long as you have your account and keep it active during a period of 2 years. If you haven't used your account in more than 2 years, your account and all related mailings will be removed automatically.
How to delete/modify this data: You first need to log in to your account. You can then visit your Account and update your e-mail address. You cannot unsubscribe from account related e-mails like subscription status.
What security measures are there to protect this personal data: This data is stored in the database on our web-server (hosted by Vultr). The server and database are only accessible with an encryption key, which is held by our data protection person.
This data is transferred to these 3rd parties: This data is stored and collected on a server rented from Vultr USA. E-mails are sent using a 3rd party e-mail sending provider, AuthSMTP EU and Amazon SES USA.
Which of these 3rd parties are located outside the EU:

Purpose of data processing: To send regular e-mails such as information about new features, product updates or other e-mails not directly related to your account.
Types of personal data processed: E-mail and your IP address at the moment the newsletter subscription was made (so we can determine your country, which we use to send a newsletter in your own language or relevant to your location).
Who is this data collected from: Everyone who signs up for an account on Stormly or signs up for the newsletter.
How long will this data be kept: Until you unsubscribe from the newsletter or remove your account. See section 'Account Related E-mails'.
How to delete/modify this data: Each non-account related e-mail contains a 'Unsubscribe' link at the bottom. If that doesn't work, you can use this contact form to request getting removed from these mailings; just mention your e-mail to get removed.
What security measures are there to protect this personal data: This data is stored in the database on our web-server (hosted by Vultr EU). This server and database is only accessible with an encryption key, that only our data protection person holds.
This data is transferred to these 3rd parties: This data is stored and collected on a server rented from Vultr USA. E-mails are sent using 3rd party e-mail sending providers AuthSMTP EU and Amazon SES USA, which only processes your e-mail and not your IP address.
Which of these 3rd parties are located outside the EU:

Purpose of data processing: Troubleshooting in case of application errors, investigating security incidents and to comply with the law.
Types of personal data processed: IP address, timestamp of request, web page on Stormly accessed.
Who is this data collected from: Every visitor to the Stormly website or app.
How long will this data be kept: A maximum of 1 year.
How to delete/modify this data: No changes are possible because of legal and security requirements.
What security measures are there to protect this personal data: Website traffic logs are collected on our web-server (hosted by Vultr) and rolled-over daily, after which they are encrypted and backed-up with our storage provider Amazon Web Services (AWS). Only the data protection person has access to and can unencrypt these logs.
This data is transferred to these 3rd parties: Transferred to Amazon Web Services (AWS) and collected on a server rented from Vultr USA.
Which of these 3rd parties are located outside the EU:

Purpose of data processing: To respond to your customer service requests and support needs. In addition we also need them to resolve other requests. Stormly needs the data to prove compliance regarding requests to remove user data from our service.
Types of personal data processed: In the case of customer support via the feedback form, your name, e-mail address, company name and contact message.
Who is this data collected from: Anyone who submits the contact form.
How long will this data be kept: Support requests will be kept for 6 months. Other requests that we need to keep to prove compliance, 3 years.
How to delete/modify this data: This data will be automatically removed once the retention period expires, but cannot be removed before that for compliance reasons.
What security measures are there to protect this personal data: The data is stored in the database on our web-server (hosted by Vultr). The server and database are only accessible with an encryption key, which is held by our data protection person.
This data is transferred to these 3rd parties: This data is stored and collected on a server rented from Vultr USA
Which of these 3rd parties are located outside the EU:

Purpose of data processing: To gather statistics on key-metrics regarding the Stormly website, such as bounce rates, amount of visitors, traffic sources, etc.
Types of personal data processed: Anonymized IP address (last octet removed)
Who is this data collected from: Everyone that visits the Stormly website.
How long will this data be kept: 14 months.
How to delete/modify this data: Visit the remove tracking page to remove yourself from the 3rd party web analytics tracking service Google Analytics (GA).
What security measures are there to protect this personal data: We have enabled anonymized IP address tracking, minimized data retention settings in Google Analytics, disabled 'Remarketing' and 'Advertising Reporting Features' in Google Analytics, minimizing the amount of tracking data stored and processed.
This data is transferred to these 3rd parties:
  • Google Analytics USA
  • HotJar USA
Which of these 3rd parties are located outside the EU:

Purpose of data processing: We use first-party session cookies to maintain your account session once you've logged in. Our payment provider Stripe uses cookies so you don't have to re-enter your account e-mail when you make a payment.
Types of personal data processed: Cookie
Who is this data collected from: Anyone who visits the Stormly website
How long will this data be kept: Cookies have a default lifetime of 4 years.
How to delete/modify this data: To disable or remove cookies (for Stormly or other sites), please visit this link: https://cookies.insites.com/disable-cookies
What security measures are there to protect this personal data: All cookies from Stormly are encrypted.
This data is transferred to these 3rd parties: This data is processed on a server rented from Vultr USA
Which of these 3rd parties are located outside the EU:

In case you have more questions after going through our data policies, you can contact us here.
The company controlling data on Stormly is Monon B.V. registered at Lutmastraat 1 3, 1072 JL Amsterdam, the Netherlands.

User Account

If you have an account, login first to remove the data yourself. If not, you can use the contact form, and mention the details of the account you want to remove.