We often get the question: what kind of data do we collect and how it is used?
Here is our best answer:
Privacy and Celpax
We are a small startup company, but we do care about privacy.
Our preferred ways to protect our user's privacy is by building privacy into our product and/or by avoiding to share data with third parties.
While this is an ongoing process many important steps have been already taken.
Collection on our website
We use in-house analytics to track how our visitors use our website, analytics data is stored in our private cloud and not shared with third parties. We only collect professional details if the user signs up.
The data we collect from anonymous users is exclusively used to understand if our content is of interest (article popularity) and we also try to understand how they found about Celpax (with referrer information or campaign links).
In the case of users that do sign up, we can also analyze which contents they have read from our support portal. This is useful when the users ask for support. It is also useful to us in order to understand how users are planning to use our Celpax device.
Note that our website includes third party widgets (such as show latest tweets) that could potentially collect data from our users without our knowledge. It has been planned to review these widgets in our next major website release.
Collection at the Celpax Device
We collect only red and green pulses from employees. The device does not include any means to identify which user is pressing. In fact, our service terms and conditions ban the attempt to identify the presses of individual users.
One of the key features of the Celpax device, versus other employee sentiment solutions is that privacy for the employees is built in the hardware.
The statistics of red/green pulses are used to compile reports that can be accessed through the dashboard. It is also used for support purposes in order to better understand our customer and what kind of advice they may need. We also use the data to compile reports that include data from multiple customers (indexes) such as regional reports.
Collection at the Dashboard
Some managers and some employees will sign-up to the dashboard where they can analyse the Celpax results. Normally it is only Management that accesses this data, but we encourage our customers to promote access among employees.
The collected professional details are email and name (email must match customer domain name, personal email accounts are therefore rejected).
We collect usage analytics on the Dashboard. This analytics include information about the user device and access to the different sections/data in the Dashboard.
We use this information to understand how users use our dashboard and improve its quality. We also use it in support cases when users report having troubles as we can check what they were attempting to do when the problem manifested and we can often reproduce the same conditions in our lab.
This analytics are also used during follow up sessions with the customer in order to understand what usage the customer (as a whole) is making of the Celpax system and what they might be interested in start doing. These analytics are openly shared with the customer during follow up sessions.
We are in the process of migrating these analytics from third party to in-house servers. At the time of writing this article, those analytics are been stored at both internal and external, while our own analytic system is completed.
We run our newsletter from our own private cloud to avoid sharing data with third parties.
Our newsletter should be sent once a month, and we ensure that the content is relevant for our users (and former users). An unsubscribe link is included to facilitate that those not interested can easily jump off.
Data in Our servers
We host our servers in Germany, the rent physical servers (hardware) so that they are only accessed by Celpax Staff. Hard drives are encrypted. Ethernet traffic between our server is encrypted too (Layer 2 network encryption).
One of the goals of doing so is to minimize the risk of unauthorized access to our customer data including the participation in mass-data collection by corporations and/or governments.
In the past, we used public clouds and most services have been migrated to our private cloud. Still pending to migrate are DNS resolvers and some notification emails which are routed via Amazon EU.
You can access your privacy rights by contacting us on firstname.lastname@example.org. We'd be happy to clarify any questions you may have!