Privacy Policy

Last updated and effective on: 1 August 2020

1. Introduction

TidalWare Ltd (“TidalWare,” “we,” “our”) owns and operates websites, including but not limited to remotish.com (the “Website” or “Websites”), and services, including but not limited to app.remotish.com (the “Service” or “Services”). TidalWare Ltd is located at Lawrence House, James Nicolson Link, York, YO30 4WG. By accessing our Websites and Services you agree with this privacy policy. You may only use our Websites and Services if you agree to the following policy. If you do not agree with any of the policy, you may not continue using our Websites or Service. This policy is subject to change at any time, and we recommend checking periodically for updates. We will notify registered users of any changes to this policy subject to local laws. After any such update, your continued use of the Websites or Service constitutes your acceptance of such changes.

2. Your information is not for sale

We do not in any way sell or rent your personal or organization information to any third party. We do not make any income from your personal or organization data. Our income is sourced from subscriptions.

Anonymous solver data is used by the privacy-focused hCaptcha (as used by 10% of the web via Cloudflare) for the purpose of improving bot detection algorithms, the proceeds of which we allocate to environmental projects.

3. Required information we collect

We require a display name, valid email address and password for registration with this service.

We require a valid name, billing address and card details for subscription payment, which is stored only on Stripe. We also require an organization name.

We may store your IP address at registration and during use of the software for purposes of fraud detection, authentication to protect your security, and protection against malicious activity.

We may store your use agent string to help us to determine your device type, operating system type and version, and internet browser type and version. This is to ensure our services function correctly and for security.

We may collect anonymous usage analytics in order to improve the software. This is for internal use only, we do not share it with any third parties or organization admins for example.

4. Optional information we collect

It is up to users to responsibly provide optional information to the platform and ensure the correct permissions are set on such data.

Users can fill out the name and description of projects, teams, and tasks, and other optional data however they see fit to utilize the platform.

Users may optionally provide an avatar image, a job title, department, and about me description in their profile page simply to better inform other members in their organization.

Organization admins may have permission to see all data in the organization, even if projects or teams are set to private.

We do not yet support private messages between users.

5. How we use your data

We may use your email address to send you information regarding your account, in-app notifications, important information regarding Remotish, for marketing purposes limited to Remotish and our partners, or for our optional newsletter.

We provide the facility to turn off our optional marketing communications, which are CAN-SPAM compliant. We also provide the facility to turn off non-essential in-app email notifications.

We may use your data to comply with the law. See 11.

We may use analytics gathered from anonymous usage of the software to analyze and improve the service we provide. See 2.

Stripe uses your billing info to, for example, generate invoices, calculate tax, ensure compliance with EU VAT rules, and detect fraud. Please refer to Stripe’s privacy policy.

6. Where your data is stored

All data except payment info is stored on secure servers in Frankfurt, Germany. Your data is covered by Germany and the EU’s data protection and privacy laws.

Unless otherwise arranged, payment info is stored on Stripe‘s servers. This is to facilitate global payments and ensure certified security of financial data. This includes your billing name, address, and card details. Stripe has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework*.

For all third party services and their corresponding privacy policies, see 14.

7. How long we retain your data

We store encrypted backups for up to 90 days. After 90 days, the encrypted backup files are destroyed.

Deleted user accounts, and elements including projects, teams, tasks, categories, tags, comments etc. are soft deleted and may be retained for a maximum of 30 days in order to facilitate emergency recovery if requested. After this period, the data is automatically hard deleted.

We will hard delete data upon request within 30 days, provided the data was created by or matches the requesting user, and provided it does not conflict with our right to retain some user data for legal reasons.

We will maintain data on accounts with cancelled subscriptions or failed payments for a minimum of 180 days unless we receive a request to delete the data earlier. After 180 days without payment we will permanently erase the data of such organizations, but we will not do so without first informing users in advance. Upon request, we can provide an export of all data in your organization.

In certain cases where Remotish has a legitimate business or legal purpose to do so, Remotish may keep some user personal data. Some examples of this include financial information related to things like purchases and billing records; records showing why the account was deleted; or data relating to a litigation or other legal inquiry. Financial info is stored only on certified financial servers such as Stripe, and any other personally identifiable digital data is encrypted both online and offline.

8. How your data is backed up

We replicate your encrypted data across multiple availability zones and make periodic encrypted backups. See 7 for backup retention period.

9. Our use of cookies

Necessary cookies – Used

We use necessary cookies to make the Remotish website and software work. Necessary cookies enable core functionality such as security, network management, and accessibility. If no explicit consent button is available, then we are only storing strictly necessary cookies. By browsing our website or using our software you consent to the use of necessary cookies. You may disable these by changing your browser settings, but this may affect how the website functions. Below is a table of all the necessary cookies set by the Remotish website and software.

NameDomainDescription
cookielawinfo-checkbox-necessary,
viewed_cookie_policy, CookieLawInfoConsent,
cookieconsent_status
.remotish.comSet by the Remotish GDPR cookie banner to remember your acknowledgement.
remotish_session, remotish_session_token, io.app.remotish.comSet by the Remotish app to maintain your login session.
XSRF-TOKEN.app.remotish.comSet by the Remotish app to prevent cross-site request forgery.
__cfduid.remotish.com, .app.remotish.comSet by Cloudflare for security and performance.
__stripe_orig_props, __stripe_sid, __stripe_mid.stripe.com, .app.remotish.comSet by Stripe for payment processing.
Preference cookies – Optional

We use preference cookies to keep you authenticated if you choose. Other examples include language or currency preferences, but we do not currently store these as cookies. We recommend only checking “Stay logged in” if you are using a trusted computer accessible only to you. Do not check this option on a public computer, or any computer that may be accessible to others.

NameDomainDescription
remember_*.app.remotish.comSet by the “Stay logged in” checkbox. Used to keep you authenticated for 1 month or until you logout.
Statistics cookies – Not used

We do not currently use any statistics cookies. If we do, we will ask for your explicit consent. Such cookies are anonymized and used to improve our service.

Marketing cookies – Not used

We do not use any marketing cookies. Such cookies are used for serving advertisements. Remotish does not serve any advertisements, nor does it share any data with third party advertisers.

Integration cookies – Optional

Use of third party integrations will set cookies not listed above. Please refer to the privacy policies of such services (see 14). Integrations are optional and are not loaded by default, they are only loaded with an explicit click. Your agreement to use integration cookies is with the integration provider, you understand that such cookies are not our responsibility.

10. Security

Your connection to Remotish is always encrypted in transit via secure 256-bit SSL. Remotish.com and its subdomains are included in the HSTS preload list, and protected by DNSSEC.

Our servers are audited, certified, and locked away in physically secure data centers.

Our servers are C5 compliant according to the The Federal Office for Information Security in Germany.

All data is protected with encryption at rest.

We provide security methods to protect accounts as standard, such as two-factor authentication (2FA).

We do not currently support user-owned encryption keys, sometimes referred to as end-to-end encryption. We may offer this in the near future: we do not currently support private messages, which is a primary use case example.

11. Disclosure of data

We will not disclose your information to any third party except where it is strictly required by law, or if we believe your account is being used unlawfully or in violation of our terms. See 7 in the Terms of Service.

12. Data breach procedures

In the unlikely event of a data breach, we have the following procedures in place.

We will immediately work to solve any technical or security issues that led to such breach and ensure that it cannot continue or be repeated.

We will keep a detailed record of any such incident.

If it is determined that that it is appropriate, we will do the following:

We will notify the appropriate authorities within 72 hours of our awareness of such incident (for example, ICO).

We will notify all affected users as soon as it is safe to do so.

13. What rights you have over your data

If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes (see 7).

14. Third party services and privacy policies

We do not share or sync your data with any third party service except what is specified in this section.

We use the following required services.

We use Amazon Web Services for some of our backend infrastructure and encrypted data storage, location-locked to the EU. See AWS’ privacy policy.

We use Stripe to process and store payment info by default, unless requested otherwise. See Stripe’s privacy policy.

We use Cloudflare to protect our services and improve performance. See Cloudflare’s privacy policy.

We use hCaptcha to detect bots at registration. See hCaptcha’s privacy policy.

We use the following optional services, it is up to the user whether they wish to share data with these services. They are not loaded automatically, only on demand.

We integrate Slack for optional notifications. See Slack’s privacy policy. Notification data is sent from Remotish to Slack.

We integrate Dropbox for optional attachment storage. See Dropbox’s privacy policy. File data is only sent from Dropbox to Remotish.

We integrate OneDrive for optional attachment storage. See OneDrive’s privacy policy. File data is only sent from OneDrive to Remotish.

We integrate Google Drive for optional attachment storage. See Google’s privacy policy. File data is only sent from Google Drive to Remotish.

We integrate Box for optional attachment storage. See Box’s privacy policy. File data only sent from Box to Remotish.

We integrate Trello for optional importing of data. See Trello’s privacy policy. Data is only sent from Trello to Remotish.

We integrate Zoom for optional video meetings. See Zoom’s privacy policy. Meeting data is stored on both Zoom and Remotish.

15. No public visibility

We do not currently provide any options to make teams, projects, or tasks publicly visible, however, we may carefully offer this as an optional feature in future. Currently all data is private to an organization at the minimum. This will never change unless users explicitly specify otherwise once such feature is available.

16. Changing registration information

You may change your email address, password, and other account details at any time by clicking your avatar in the top right and selecting “Profile”.

17. Questions and comments

If you have any questions or comments about this policy, please get in touch.

*We are aware of the latest EU-US Privacy Shield ruling and are taking steps to verify whether the third parties we use are in compliance. Remotish is not part of this framework because we only store data in the EU. The third parties we use serve millions of users globally, and it is expected that they will take steps to comply with minimal intervention on our part. Only if there is good reason to, we will consider switching away from such services. We prioritise EU-centric services where possible, and will continue to adapt to ensure the highest level of privacy and security.