Smartplan - Privacy policy

Last updated: June 21, 2023

The privacy of your data—and it is your data, not ours!—is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.

This policy applies to the use of our website, our product and our mobile apps.

It’s in English. Sorry about that

Our privacy policy is in English. We sell Smartplan in a lot of different languages. But to keep things simple and manageable for a small company, we have decided to publish our privacy policy in English. We hope for your understanding in this. If you have any questions about it you can always reach us at support@smartplan.dk

What we collect and why

Our guiding principle is to collect only what we need. Here’s what that means in practice:

Identity & access

When you sign up for Smartplan, we ask for identifying information such as your name, email address, and a company name. That’s so you can personalize your new account, and we can send you product updates and other essential information. We may also send you optional surveys from time to time to help us understand how you use our products and to make improvements. With your consent, we will send you our newsletter. We also give you the option to add a profile picture that displays in our products.

We’ll never sell your personal information to third parties, and we won’t use your name or company in marketing statements without your permission either.

Billing information

If you decide to keep Smartplan as a paid subscription, you will be asked to provide your payment information and billing address. Credit card information is submitted directly to our payment processor and doesn’t hit Smartplan servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for purposes of account history, invoicing, and billing support. We store your billing address so we can charge you for service, calculate any sales tax due, send you invoices, and detect fraudulent credit card transactions. We occasionally use aggregate billing information to guide our marketing efforts.

Product interactions

We store on our servers the content that you upload or receive or maintain in your Smartplan product accounts. This is so you can use our products as intended. We keep this content as long as your account is active. If you delete your account, we’ll delete the content within 30 days.

Geolocation data

We log the full IP address used to sign up a product account and retain that for use in mitigating future spammy signups. We also log all account access by full IP address for security and fraud prevention purposes, and we keep this login data for as long as your product account is active.

Website interactions

We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs.

We use a privacy first provider for this, which means we don’t collect any personal data about you. Not your IP-address, not information about your device. Nothing like that.

All our website analytics is not stored in cookies. The only thing we store in cookies is the page you first landed on and the source you came from as well as a click id if you came from an add. (More about this under Advertising and Cookies)

If you signup for our product we do link the page you landed on and the source you came from to your account. We do this to measure our own marketing efforts and we might use this show you specific information about the product.

Advertising and Cookies

Smartplan runs contextual ads on various third-party platforms such as Google and LinkedIn. Users who click on one of our ads will be sent to the Smartplan marketing site.

Cookies on our marketing site:

We store a cookie with the click-id from the third-party. This cookie is only used if you sign up for a trial with Smartplan. We then tell the third-party about this conversion to be able to track our ad performance.

Your visit on our marketing website won’t be reported to the third-party unless you signup for an account.

Cookies on our product site:

When using our product, we also use persistent first-party cookies and some third-party cookies to store certain preferences, make it easier for you to use our applications, and perform A/B testing as well as support some analytics.

A cookie is a piece of text stored by your browser. It may help remember login information and site preferences. It might also collect information such as your browser type, operating system, web pages visited, duration of visit, content viewed, and other click-stream data. You can adjust cookie retention settings and accept or block individual cookies in your browser settings, although our apps won’t work and other aspects of our service may not function properly if you turn cookies off.

Voluntary correspondence & support

When you email or send Smartplan an in-app message with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future.

When you reach out via in-app as a customer we also register different information about your device: Operating system, if you are on mobile etc. This is so we can help you better.

As long as you are a customer we keep the conversations for reference. If you reach out without being a customer, we delete your data after 180 days.

When you delete your account, we delete all your data.

See section about account deletion to see more about when we delete data.

How we approach mobile app permissions

We offer optional desktop and mobile apps for Smartplan. Because of how the platforms are designed, our apps typically must request your consent before accessing calendar, camera, GPS and other privacy-sensitive features of your device. Consent is always optional and our apps will function without it, though some features may be unavailable.

When we access or share your information

To provide products or services you’ve requested. We use some third-party processors and subprocessors to help run our applications and provide Smartplan services to you. This is our list of processors and sub-processors, where the data processing is located and what we use the vendor for:

Data sub-processors where our customers are data responsible:

    Amazon, AWS
  • Servers located in EU
  • Process the data you put in Smartplan
  • Handles all our hosting and runs Smartplan software
  • Messagebird
    • Servers located in EU
    • Used to send SMS text messages
  • Postmarkapp, Wildbit
    • Servers located in US
    • Only used to send email notifications. (Can be switched off on each user, to avoid emails.)
    • We couldn’t find a vendor in EU good enough to make sure our system emails got delivered. We wrote about the decision to use Postmark and transfer data out of EU here.

Dataprocessors we share data with to be able to run Smartplan:

    Userlist
  • Lifecycle emails: We use Userlist to send our customers emails during their time as trials and customers.
  • We register personal data about Admins and account owners to be able to email them. First name, last name, email and language.
  • Servers located in France, Netherlands and US.
  • Helpscout
    • Customer service software to handle email support.
    • Only process personal data when a user contacts us for help or questions.
    • Servers located in US.
  • New Relic
    • Debugging software to help us run Smartplan
    • Servers located in US
  • Mailchimp
    • Email newsletter, customers and leads can signup to. (Optional)
    • Servers located in US
  • Profitwell
    • Billing analytics to create reports about our revenue.
    • This will only process data about the account owner.
    • Servers located in US.
  • Basecamp
    • Project management tool.
    • Only occasionally will personal data reach Basecamp. Eg. If a customer situation needs developer help or needs to be discussed by the team. This happens rarely.
    • Servers located in US.
  • GEOIP Web Service
    • IP lookup to determine location on signup. This will help us set the correct language and currency for the account.
    • Servers located in US and France.
  • Google Ads
    • If a new signup landed on our website from an Google Ad, we will report the conversion back to Google Ads to track our ad budget and performs. This is only a click ID that is reported.
  • Sentry
    • Bug reports and crash monitoring
    • Personal data is scrubbed from the reports to avoid transferring personal data.
    • Servers located in US
  • Stripe
    • Payment handling
    • Only personal data we share is on the account owner, to be able to invoice, and keep track of accounting.
    • Servers located in US.

To help you troubleshoot or squash a software bug. When you reach out for help, our customer service might take a look at your account to be able to help you. All of our customer service employees are under confidentially.

Finally, if Smartplan is acquired by or merges with another company — we don’t plan on that, but if it happens — we’ll notify you well before any of your personal information is transferred or becomes subject to a different privacy policy.

Your rights with respect to your information

  • Right to Know. You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.
  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. You have the right to request correction of your personal information.
  • Right to Erasure / “To Be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, from all of our service providers. Fulfillment of some data deletion requests may prevent you from using Smartplan services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.
  • Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.

Many of these rights can be exercised by signing in and updating your account information.

If you have questions about exercising these rights or need assistance, please contact us at support@smartplan.dk. If an authorized agent is corresponding on your behalf, we will need written consent with a signature from the account holder before proceeding.

If you wish to file a complaint to local data authorities, you can contact The Danish Data Protection Agency.

How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. In addition, we go to great lengths to secure your data at rest.

What happens when you delete your account

If you choose to cancel your account, your content will become inaccessible after the prorated period. Data will be deleted in our own database within a few days and data with our sub-processors will be deleted according to their data retention policy. All of these being compliant with GDPR. This applies both for cases when an account owner directly cancels and for auto-cancelled accounts.

Billing details and invoices are kept for longer according to accounting laws.

We keep backups with data for security reasons. These are deleted after 90 days.

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, we will refresh the date at the top of this page and take any other appropriate steps to notify users.

Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at support@smartplan.dk and we’ll be happy to try to answer them!

Attribution of this Privacy Policy

Adapted from the Basecamp open-source policies / CC BY 4.0