Last updated: 22 April 2021
A Software Company (“DX”, “we”, and “us”) provides services that help software development teams deliver and collaborate on code reviews more efficiently.
Personal Data We Collect
When you register for a DX account. When you register for a DX account we collect your name and email address.
When you sign in to DX using Slack OAuth. When you sign in to DX using Slack OAuth, you will be asked to authorize DX to access information. If you grant us access, we collect your name, avatar, username, and email address.
When you install our Slack App. When you install our Slack App, DX collects names and profile photos of users that belong to your Slack workspace, as well as public and private channel names for channels that our bot has been invited to.
When you install our browser extension. DX provides a browser extension which you may choose to install. The DX browser extension does not read or store browser content.
How We Use Personal Data
- We need your Personal Data to create your account and provide Services you request.
- We use your email address to respond to your inquiries and provide customer support.
- We use your name, username, and email address to identify you to other Users who are members of your organization.
- We use your Personal Data for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation.
Our legal basis for processing information
Under certain international laws (including GDPR), DX is required to notify you about the legal basis on which we process Personal Data. DX processes Personal Data on the following legal bases:
- When you set up a DX account, you authorize us to access your name, username, and email address associated with your Slack account, as well as the names and usernames of other users in your Slack workspace. We require these data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. If you have a paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. DX does not collect or process credit card numbers, but our third-party payment processor does.
- Generally, the remainder of the processing of Personal Data we perform is necessary for the purposes of our legitimate interests. For example, for security purposes, we must keep logs of IP addresses that access DX, and in order to improve the performance and effectiveness of our product, we may analyze your usage.
How We Disclose Personal DataDX does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data in specific cases as outlined below.
a. Service providers. We share User Personal Information with a limited number of third party service providers that provide services on our behalf, such as payment processing, server hosting, customer support ticketing, and other email delivery. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. While DX processes all Personal Data in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our Subprocessors.
c. Aggregated Statistics. We share certain aggregated, non-personally identifying information with others about how our users, collectively, use DX. For example, we may compile statistics on trends for survey results across all of our customers. However, we do not sell this information to advertisers or marketers.
e. Compliance and harm prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of DX, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Your Rights and Choices
You have choices regarding our use and disclosure of your Personal Data:
a. Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
b. How you can see or change your account Personal Data. If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by contacting us.
c. Your data protection rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether DX processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that DX rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that DX erase your Personal Data in certain circumstances provided by law;
- The right to request that DX restrict the use of your Personal Data in certain circumstances, such as while DX considers another request that you have submitted (including a request that DX make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
d. Process for exercising data protection rights. In order to exercise your data protection rights, you may contact DX as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
Security and Retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse.
Our security measures include:
- Written incident response and data breach notification processes;
- Encrypting Data at rest using AES-256, block-level storage encryption;
- Transmitting Data using HTTPS and SSL/TLS, including transmissions between DX and Slack; and
- Not storing credit card information on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available.
Unfortunately, no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. In the event of a data breach that affects your Personal Data, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
If you are a DX User, we retain your Personal Data as long as we are providing the Services to you. We may retain certain Personal Data indefinitely, unless you delete it or request its deletion. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
International Data Transfers
We store and process the information that we collect in the United States (our sub processors may store and process data outside the United States).
Use by Minors
If you're a child under the age of 16, you may not use DX. DX does not knowingly collect information from or direct any of our content specifically to children under 16. If we learn or have reason to suspect that you are a user who is under the age of 16, we will close your account.
Links to Other Websites
DX may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
If you have concerns about the way DX is handling your Personal Data, please let us know immediately. You may contact us as described in the Contact Us section below. We will respond promptly — within 45 days at the latest.
We are subject to the jurisdiction of the Federal Trade Commission.
A Software Company
1887 Whitney Mesa Dr #2947
Henderson, NV 89014, USA