Data Protection, US COPPA and the EU GDPR

We have designed our systems with privacy at their code. All your user data is handled and stored in your own Google Sheet, and processed via your own Google Apps Script.

By architected the system in this way, your data remains entirely under your control - which helps you ensure compliancy with relevant legislation and means you shouldn’t need to undertake a detailed DPIA (Data Protection Impact Assessment).

Analytics

The only data that we receive from this site is usage information. This data is handled by via Googe Analytics, which is a widely-used third party service that collects standard internet log information, and behaviour patterns. The reason we do this is to measure the usage of this app (e.g. what is frequently used), and also how they are being used (e.g. which buttons or menu-items are clicked most often). This data helps to shape development decisions (e.g. updating and streamlining layout and processes). None of this data is linked to your account, name or email address in any way. Personally identifiable information is banned from the analytics platform and we would never seek to try to track any individual users. All data is held in a highly secure state by google, and only accessible by us using industry-standard 2-factor authentication.

While this data is important, and useful to us, your preferences are even more so. If you would prefer to block these sorts of analytics tools while you are browsing the web, you can enable do not track in your browser. This setting will be read by us and we will not attempt to load the analytics code if it is set. Compliance with this setting is dependent on the website/tool and is not universally honoured across the web. Alternatively, to forcefully block these analytics scripts from loading, you can install a privacy enhancing tool, such as the excellent Ghostery chrome extension.

Browser Storage

To provide functionality to you, we need to store a small amount of information in your browser. This stored information takes three forms:

Cookies

Cookies are small pieces of text stored, sent and received by your browser from a website that you are visiting. Google Analytics uses these cookies (first-party cookies, so they are not shared across sites) to store ‘non-personally identifiable information’. These cookies are prefixed with ‘_ga’ or ‘_gid’. Our app loads third-party scripts from a global content delivery network (CDN) for speed and reliability. These CDNs may also use first-party cookies to help deliver their services (e.g. Cloudflare).

Cache Storage

In order to deliver the best possible service, even in challenging connectivity situations (poor wifi stability for example), we make use of Progressive Web Apps technology on compatible platforms. This technology means we can proactively cache various parts of the site and code in your browser, allowing it to be fetched, even when moving between different pages, without having to communicate over the Internet. These pages are stored securely in the browser cache, and are periodically updated when updates are released.

Local Storage

Finally, we use browser storage functions (such as IndexedDB and Local Storage) to store:

• Access Tokens: These are the cryptographic tokens which grant access to API Services. They are stored only in your browser, work only on our site, and are invalidated/cleared when you sign out of the services (e.g. out of our app or the Google platform as a whole).