GDPR

Hassle free bug & issue tracking

With the power of MantisBT.

Start a free trial now!No Credit Card Required

 

Effective Date: May 25th, 2018

 

Our Commitment to You and the Protection of Your Data

Data privacy and security is fundamental to MantisHub's operation. We’re committed to partnering with MantisHub customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and will go into effect on May 25, 2018.

Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations from all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR compliance, both for ourselves and for our customers.

Overview

MantisHub is a data Processor with respect to the GDPR and its relationship to your Content.

As a MantisHub customer, you will typically act as a data Controller for any Personal Data made available to MantisHub through use of our Service. The data Controller determines the purposes and means of processing personal data, while the data Processor processes data on behalf of the data Controller.

Personal Data in the context of the GDPR is quite broad and can be include anything which can identify a customer such as their nameemail addresspostal addressusername and in some cases even their IP address.

MantisHub, as the data Processor, will process Personal Data on your behalf in connection with your use of our Service. If you or any of your users are located in the European Economic Area (EEA), your use of MantisHub will most likely involve transferring some of their Personal Data to our Service.

Changes

MantisHub has made a number of changes in readiness for the GDPR to come into effect.

  1. We have audited the Personal Data processed by MantisHub and determined how it is stored, used and how long it is retained.
  2. We have implemented automatic deletion of Customer Personal Data after 30 days from when any you account subscription expires.
  3. We have updated both our Terms of Service and Privacy Policy to better comply with the GDPR.

Security

As MantisHub can process your team & customers personal data, security is a core concern in all parts of our infrastructure. We've invested heavily into our security systems.

We use a third party enterprise-class web application firewall to restrict access to our services. All communication with our service is performed through a secure connection. We do not provide any non-SSL endpoints. Data encryption is applied wherever possible which means that even in transit between our servers, your data is kept encrypted.

All our servers are firewalled and kept updated with the latest security patches. All security keys and passwords stored by our application on your behalf are kept encrypted at rest.

Answers to other security related FAQs can be found here.

Right to be Forgotten

Also known as the 'right to erasure', the GDPR clarifies the rights of people to have their data removed from the services they use. There's two key aspects of this;

  1. The removal of data when no longer necessary in relation to the purposes for which they were collected.
  2. The removal of data when someone withdraws consent or objects to the processing (i.e. asks for their data to be deleted).

The changes MantisHub has made allow us to comply with these requirements. We now automatically delete all account data once you are no longer using our service. This includes all reasons for deactivation, such as an expired trial, cancelled account or any other kind of suspension.

Portability

We offer machine readable (SQL) downloads of all data in your account. You can access these downloads by navigating to the Manage page, selecting the Backup tab on your account and triggering the creation of the point-in-time backup of your data as described here.

Sub-processors

MantisHub uses sub-processors to assist in providing the MantisHub Service. A sub-processor is a third party data processor engaged by MantisHub, who has or potentially will have access to or process service data (which may contain personal data). MantisHub evaluates the security, privacy and confidentiality practices of proposed sub-processors that have access to or process service data both before they are engaged and on an ongoing basis.

The following is an up-to-date list (as of May 2018) of the names and locations of MantisHub sub-processors:

Sub-processor
Purpose
Location
Website
Amazon Web Services, Inc - https://aws.amazon.com/compliance/gdpr-center/ Hosting and email notifications United States https://aws.amazon.com
Mailgun Technologies, Inc - https://www.mailgun.com/gdpr Reporting tickets via email United States https://www.mailgun.com
Chargify, Inc - https://help.chargify.com/my-account/gdpr.html Subscription and billing management  United States https://www.chargify.com
Stripe, Inc - https://stripe.com/guides/general-data-protection-regulation Payment processing United States https://www.stripe.com
Drip, Inc - https://www.drip.com/privacy Transactional and marketing emails United States https://www.drip.com
SpamHero, Inc - https://www.spamhero.com/privacy Spam filtering for tickets reported via email United States https://www.spamhero.com

Questions

If you have any questions about any of the details on this page, or any other part of our GDPR compliance, please email support@mantishub.com and we'll be happy to help.