Hello there, I am Hinnerk, founder of ScreenAware. Great you are interested in how we handle the privacy/security of your personal data!
Note: I am writing this document without being a lawyer and using plain English. If you notice anything strange or misleading/lacking I would be very thankful if you send me a short message to email@example.com. If you on the other hand are a lawyer and sue me over a formality I will hate you forever ;-)
As you may already be aware of, the goal of ScreenAware is to allow you to track the use of your screen time and relate this time to specific projects or clients of yours..
To be able to support the above use case (to fulfil our promise to you as a user) we are capturing, transmitting, processing, and storing data related to your computer usage which is inherently personal.
Your trust means the world to us, so we do everything possible to treat your privacy and the security of your private data with the utmost respect.
The following sections outline how we ensure only data necessary for the above use case is processed, how we ensure your data is safe and in which cases we store more data and why we do so. The way we handle private information complies to the so called GDPR European privacy regulation (we are located in Germany anyway so would have to follow pretty strict privacy protection laws in either case).
The ScreenAware solution consists of the following systems/applications :
Each of those may collect some information about you which the following sections explain in detail.
relevant for you if you visit(ed) our marketing website located at www.screenaware.com or visit(ed) our activity dashboard located at app.screenaware.com
The ScreenAware marketing site basically displays static information which allows you to learn about the ScreenAware functionality, pricing, help pages etc. Some help texts are hosted by Intercom (see below) at help.screenaware.com.
The ScreenAware activity dashboard shows you how time spent in front of your computer relates to your (business) projects or clients. Additionally it allows you to configure how ScreenAware detects this project relation.
There is no active server logging in place (for the techies: load balancer and nginx logs being fully disabled) so no information regarding your visits to the above websites is being recorded with the exception of the three services below:
We use the external service Intercom to keep an oversight over all communication we have with you. This includes the chat widget on the lower right of most pages as well as any email you may sent to firstname.lastname@example.org.
Personal information about you is only stored once you use the chat widget in the lower right of the website or send an email to email@example.com. In such cases the information transmitted to Intercom is:
The responsible entity behind Intercom is: Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Republic of Ireland
We also use the external service Google Analytics to collect standard internet log information which basically means tracking which pages you visit on our websites. We do this to find out where things on our website might be confusing so we can improve texts and navigation. All such logged information is anonymized before being sent to Google servers (in particular your IP-address being shortened so it can not be traced back to you). A cookie is being sent to your browser to relate such page views over multiple sessions which allows us to for example see how many people come back to the website repeatedly but not who those people are.
The responsible entity behind Google Analytics is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, United States
We use the external service BugSnag in cases where something unexpected (an error) happens in the codebase of one of our websites or the desktop sensor. This is in general a rare occurance, but when it happens we send details regarding our code base and specifics why the error occured. Details about you (email, useruuid, etc.() are filtered out.
The responsible entity behind BugSnag is: BugSnag 110 Sutter St, Suite 1000, San Francisco, CA 94104, United States
relevant for you if you downloaded and installed the ScreenAware desktop sensor executable file
The desktop sensor allows you (upon first start) to signup to the ScreenAware service. Here you provide your name and email address which is then sent to the ScreenAware servers. Additionally it periodically sends data concerning your desktop context (context snapshot) to the ScreenAware server to relate time you spend in front of the computer to your clients or projects. Lastly the desktop sensor may send certain log (telemetry) data to the ScreenAware server to assist us debugging in case you encounter an error or problem with the automatic time tracking mechanism.
After signing up with ScreenAware (which happens when you register your name, email, and password in the desktop sensor) we assign you a randomized unique identifier (userUuid) which looks like "efd6499a-7df1-4e80-b44a-7a74cd2f042f".
The desktop sensor takes a "snapshot" every 5 seconds which describes your computer's work environment. Such a snapshot consists of:
All such transmissions are encrypted using TLS.
When encountering a problem or an unusual situation during its runtime, the desktop sensor may send debug/log information to the ScreenAware server. Additionally when adding a new feature to the desktop sensor, we may during the initial beta/test time of that feature send log data to determine whether the feature actually works as supposed to "out in the wilds". Such debug/log information may contain:
All such transmissions are encrypted using TLS.
As part of the registration process for a ScreenAware account inside the desktop sensor, we collect your email address which might be used to:
We will never under any circumstances hand out your email to anyone else and will never send you unsolicited advertisement or spam mail.
As outlined above these snapshots contain information of window process name, window title and possibly browser URL or path of opened local file. The ScreenAware server aggregates this data and relates snapshots (active time you spent in front of the computer) to your projects or clients. After this aggregation the condensed information is saved on a ScreenAware server (see below).
The aggregated data is only used to
Under no circumstance will we make your personal data from the sensor context snapshots available to any third party or use it ourselves for any purpose besides the two points above.
ScreenAware stores the following personal information about you (generated/gathered as outlined above)
All your personal data mentioned above is stored on ScreenAware servers in ISO/IEC 27001:2013 certified data centers in Germany operated by DigitalOcean (Digital Ocean, 1875 S Grant Street, Suite 530, San Mateo, CA 94402, USA. Data centre Frankfurt). When your data is being transferred between servers inside the data center, this transmission is only performed over an encrypted TLS connection. Only ScreenAware employees who have been schooled regarding data security and privacy have access to the underlying databases and infrastructure.
You can send me an email to firstname.lastname@example.org asking for a full export of all your personal data in machine readable form (JSON and CSV depending on the type of data). The full export will usually be provided to you on the same business day, but at the very latest 4 business days after requesting a full export.
When you stop using ScreenAware (that is e.g. uninstall the desktop sensor), all your personal data outlined above will be automatically and irrevocably deleted after 2 months of inactivity both from ScreenAware systems as well as from all external systems mentioned above. We will send you a notification email 1 week before this happens so you could intervene and prevent the automatic deletion if you want. You can also send me an email to email@example.com asking for immediate permanent deletion of all of your personal data (which will usually happen on the same business day, but at the very latest 4 business days after requesting deletion).
2019-07-04: Added Bugsnag as external data processor
My company (so the legal entity operating ScreenAware) is:
ScreenAware UG (haftungsbeschränkt) c/o Factory Berlin Rheinsberger Str. 76/77 10115 Berlin Germany
The person to talk to regarding any questions/inquiries/requests related to your data privacy with ScreenAware (formally: appointed data protection officer) is me:
Dr. Hinnerk Brügmann ScreenAware UG (haftungsbeschränkt) c/o Factory Berlin Rheinsberger Str. 76/77 10115 Berlin Germany
If you have any questions, comments, or requests regarding the privacy of ScreenAware please do not hesitate to contact me at firstname.lastname@example.org - would love to help out and answer any questions :-)