Install YAMM Feature Request Contact us
Getting Started
Create Your Campaign
CRMs Integration
Email Delivery
Track Your Campaign
Your Dashboard
Advanced Options
Troubleshooting
Data Security & Policy

[GDPR and HIPAA] YAMM’s Data Storage, Processing and International Data Transfers

Avatar
YAMM Team
Updated
Follow

This article explains in detail where YAMM’s data is stored and how our processing complies with GDPR. It also explains our compliance with GDPR’s International Data Transfer clause.

Legitimacy of our data processing operations

Data Storage

We store and process your user and usage data (refer to article: [DATA STORAGE] What data is stored by YAMM and how is it used?) in Firebase, the Google cloud-hosted database.

Firebase is managed by Google and its servers are located primarily in the United States (refer to the Firebase’s privacy policy for more information).

The physical storage of YAMM data and processing is protected under Data Processing and Security Terms of Google Cloud Platform.

Data Processing

YAMM is GDPR compliant as we do not store or transfer any personal data. This is because your customer’s data (mailing list) is stored in your Google Spreadsheets and is never saved in our database.

info Our YAMM DPA is available online and is incorporated by reference to the Terms of Service that you (or your domain admin) accepts when starting using the application.

Do we do international transfer of personal data?

not_interested No. We never process international data transfer in any way. Neither do we use in-house script nor perform file transfers.

We will never transfer, sell, make copies, or share any of your data stored by YAMM to third party services or companies.

Can you exercise your right to data portability?

As detailed in our article [DATA STORAGE] What data is stored by YAMM and how is it used?, we do not store any of your customers’ data (mailing lists). So we are not obliged for any data portability requests.

Which Data Transfer mechanisms does YAMM rely on? Standard Clauses or Privacy Shield?

Upon completion of DPA, it is stipulated that: The application of lawful data transfer mechanisms for our customers who wish to transfer personal data to a third country (outside the EEA) in accordance with Article 45 or 46 of the GDPR, relies on entering into Standard Contractual Clauses or offer any alternative transfer solution if requested (for example, the EU-U.S. Privacy Shield).

HIPAA and BAA

If you intend to use the Service for any purpose or in any manner involving Protected Health Information, as defined in the Health Insurance Portability and Accountability Act (“HIPAA”), it is your responsibility to (a) execute a Business Associate Agreement with Google related to your HIPAA data stored in your Google Drive, and (b) execute a Business Associate Agreement with us related to your HIPAA data stored by you on the Service. To check what data the Service stores, please refer to this page: YAMM. To request a BAA to us, please fill-in this Google Form and you will automatically receive our standard BAA to sign.

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

Help us improve this documentation! Was this article helpful?
0 out of 0 found this helpful