DX Privacy Policy

Last updated: 29 Feb 2024


A Software Company (“DX”, “we”, and “us”) provides services that help software development organizations measure and improve developer experience.

This Privacy Policy describes the types of Personal Data we collect through through DX and other related products, applications, communications, and services (“Services”) and via our online presence, which includes our main website at getdx.com, as well as additional websites that we enable Internet users to access (collectively, our “Sites”). Personal Data is any information that relates to an identified or identifiable individual. This Privacy Policy does not apply to third-party websites, products, or services, even if they link to us, and you should consider the privacy practices of those third-parties carefully.

Overview

DX obtains Personal Data about you from various sources to provide our Services and to manage our Sites. “You” may be a visitor to one of our websites or a user of one or more of our Services (“User”). We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of Personal Data that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Policy describes.

Personal Data We Collect

When you register for a DX account. When you register for a DX account we collect your name and email address.

When you install our Slack App. When you install our Slack App, DX collects names, profile photos, and email addresses of users that belong to your Slack workspace.

When you install our Microsoft Teams App. When you install our Microsoft Teams App, DX collects names, email addresses, and profile photos of users that belong to your Microsoft Teams tenant.

When you visit our Sites. We collect basic information about all visitors to our website, including the visitor’s browser type, device, and potentially personally-identifying information like IP addresses. We use cookies to gather additional information such as time spent on our website, pages visited, and the links that led or referred you to our website.

How We Use Personal Data

We limit our use of your Personal Data to the purposes listed in this Privacy Policy. If we need to use your Personal Data for other purposes, we will ask your permission first.

  • We need your Personal Data to create your account and provide Services you request.
  • We use your email address to respond to your inquiries and provide customer support.
  • We use your name, username, and email address to identify you to other Users who are members of your organization.
  • We use your Personal Data for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation.

Our legal basis for processing information
Under certain international laws (including GDPR), DX is required to notify you about the legal basis on which we process Personal Data. DX processes Personal Data on the following legal bases:

  • When you set up a DX account, you authorize us to access your name, username, and email address associated with your Slack or Microsoft Teams account, as well as the names, usernames, and email addresses of other users in your Slack or Microsoft Teams organization. We require these data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. If you have a paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. DX does not collect or process credit card numbers, but our third-party payment processor does.
  • Generally, the remainder of the processing of Personal Data we perform is necessary for the purposes of our legitimate interests. For example, for security purposes, we must keep logs of IP addresses that access DX, and in order to improve the performance and effectiveness of our product, we may analyze your usage.

How We Disclose Personal Data

DX does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data in specific cases as outlined below.

a. Service providers. We share User Personal Information with a limited number of third party service providers that provide services on our behalf, such as payment processing, server hosting, customer support ticketing, and other email delivery. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf, and we remain liable for the acts and omissions of such service providers to the same extent we would be liable if performing the services of each service provider ourselves. While DX processes all Personal Data in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our list of Subprocessors.

b. Our Users and third parties authorized by our Users. We share Personal Data with Users as necessary to maintain a User account and provide the Services. We share data with parties directly authorized by a User to receive Personal Data, such as when a User authorizes DX to post messages to the User's Slack workspace. The use of Personal Data by an authorized third party is subject to the third party's privacy policy.

c. Aggregated Statistics. We share certain aggregated, non-personally identifying information with others about how our users, collectively, use DX. For example, we may compile statistics on trends for survey results across all of our customers. However, we do not sell this information to advertisers or marketers.

d. Corporate transactions. We may share Personal Data if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of Personal Data, and we will notify you on our website or by email before any transfer of your Personal Data. The organization receiving any Personal Data will have to honor any promises we have made in our Privacy Policy or in our Terms of Service.

e. Compliance and harm prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of DX, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

Your Rights and Choices

You have choices regarding our use and disclosure of your Personal Data:

a. Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.

b. How you can see or change your account Personal Data. If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by contacting us.

c. Your data protection rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

  • The right to request confirmation of whether DX processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
  • The right to request that DX rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
  • The right to request that DX erase your Personal Data in certain circumstances provided by law;
  • The right to request that DX restrict the use of your Personal Data in certain circumstances, such as while DX considers another request that you have submitted (including a request that DX make an update to your Personal Data); and
  • The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.

Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.

d. Process for exercising data protection rights. In order to exercise your data protection rights, you may contact DX as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.

For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

Security and Retention

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse.

Our security measures include:

  • Written incident response and data breach notification processes;
  • Encrypting Data at rest using AES-256, block-level storage encryption;
  • Transmitting Data using HTTPS and SSL/TLS, including transmissions between DX and Slack; and
  • Not storing credit card information on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available.

Unfortunately, no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. In the event of a data breach that affects your Personal Data, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.

If you are a DX User, we retain your Personal Data as long as we are providing the Services to you. We may retain certain Personal Data indefinitely, unless you delete it or request its deletion. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

International Data Transfers

We store and process the information that we collect in the United States (our sub processors may store and process data outside the United States).

DX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. DX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. DX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Use by Minors

If you're a child under the age of 16, you may not use DX. DX does not knowingly collect information from or direct any of our content specifically to children under 16. If we learn or have reason to suspect that you are a user who is under the age of 16, we will close your account.

Links to Other Websites

DX may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.

Dispute Resolution

If you have concerns about the way DX is handling your Personal Data, please let us know immediately. You may contact us as described in the Contact Us section below. We will respond promptly — within 45 days at the latest.

In the unlikely event that a dispute arises between you and DX regarding our handling of your User Personal Information, we will do our best to resolve it. If we cannot, we have selected JAMS, an independent dispute resolution provider, to handle unresolved Data Privacy Framework complaints. If we are unable to resolve your concerns after a good faith effort to address them, you may contact JAMS and submit a Data Privacy Framework claim. JAMS is a US-based private alternate dispute resolution provider, and we have contracted with JAMS to provide an independent recourse mechanism for any of our users for privacy concerns at no cost to you.

Under certain limited circumstances, individuals located in the EU, UK, and Switzerland may invoke binding Data Privacy Framework arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Data Privacy Framework. Arbitration is not mandatory; it is a tool you can use if you choose to.

We are subject to the jurisdiction of the Federal Trade Commission.

Updates to this Privacy Policy

We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices or relevant laws. The “Last updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services. We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website and, if you are a User, by contacting you through your email address.

Contact Us

If you have any questions or complaints about this Privacy Policy, please email us at privacy@getdx.com or send physical mail to:

A Software Company
1887 Whitney Mesa Dr #2947
Henderson, NV 89014, USA