GDPR (General Data Protection Regulation) Compliance

General Data Protection Regulation, also known as GDPR is coming into effect on 25th of May, 2018. You can find the full copy of the regulation hereWe are committed to being fully GDPR compliant as a data processor. We already offer features which allow for controlling what data you want to retain in your NomNom account:

  • Our Rules feature allows for setting a custom retention policy of feedback imported into your NomNom account
  • Our API allows for programmatic erasure of your customer’s information
  • Our data exports ensure data portability by using machine-readable formats
  • If you choose to cancel your NomNom subscription your data is completely deleted within 24 hours from the moment your account is closed

We are aiming to achieve full compliance by 25th of May. Here’s a list of outstanding items:

  • Obtaining explicit consent and acknowledgment of our terms of service and privacy policy from existing customers

All of these points will be addressed in the weeks following to 25th of May, 2018.

Data sub-processors

Here’s a list of 3rd party entities with whom we share some of your details, as a NomNom customer:

  • Your Name
  • Email address
  • IP address and location
  • Billing details are given when subscribing to the paid service (postcode and billing address)
3rd Party Service Purpose Website Data Location
Intercom Customer support and communication USA
Amazon Web Services File storage and cloud computing EU, USA
Google Cloud Platform Cloud computing, data storage, and machine learning/natural language processing USA
FullStory Customer support USA
Stripe Payment Processing USA
Sendgrid Transactional Emails, accepting emails sent to NomNom application USA
Mixpanel Product Analytics USA
Amplitude Product Analytics USA
Google Analytics Product Analytics USA, EU
AdRoll Advertising  – retargeting and conversion tracking USA