TL;DR - we are compliant.1) All the storage is encrypted. As is the data transfer. Developers don't have access to customer's data. Only the founders and Lucie - our customer service superstar - have partial access to your data. And you have a way to disable that (see below).
2) Our servers are hosted in Amazon's "Private Cloud" ("private" as in "not visible from the Internet"). Amazon does not have access to customer's data.
3) We have custom BAA and DPA signed with Amazon Web Services for both HIPAA and GDPR compliance (HIPAA is, basically, an American thing that protects private patient information for the healthcare industry, and it's even more strict than GDPR).
4) Regarding the "right to be forgotten" - we actually delete customer's data after they cancel their account with us. We're not using the data for any "data mining" or "machine learning" or any marketing research. And we have that in our ToS. And basically we're too small for that "big data" stuff anyway...
If you require your data to be deleted
before your account has expired, please send us a support ticket.
5) You can enable 2-factor authentication in the app and this prevents ANYONE (including our employees) from accessing any of your data.
6) We act as a "data processor". You can find a signed
Data Processing Agreement attached to this article. Sign it and send a copy back to us if you require a signed DPA.
7) When you sign up for the trial version, we do not collect any personal information other than your email. And there's a checkbox on that form if you want/don't want to get service updates from us. Once your trial expires we delete your data after 4 months (just in case you decide to come back).
8)
All of the above is regarding the SaaS version of the helpdesk. In case you are using a self-hosted version of Jitbit Helpdesk, we do not have control over the encryption and storage settings, as these are managed on your end.
Also please read this:
https://www.jitbit.com/helpdesk/gdpr/