Tribe uses the best practices in SaaS and social media to protect the privacy of users and the community members. These practices include right to be forgotten, restriction of processing, right to data portability, right to access and be informed.

Introduction

The General Data Protection Regulation is an EU regulation that stipulates many points for protecting private data of users on the Internet. Even though this is an EU regulation, it has a worldwide impact due to the nature of the Internet. Below are the key sections of the GDPR and how they affect your data at Tribe.

Right to be forgotten

Summary: Provide the user with the ability to remove their private data from our services.

The most important aspect of the right to be forgotten is the ability to delete your account. Once you request for us to delete your account, we will remove any personally identifying information you may have provided us from your account (name, email address, encrypted password, title, biography, URL, picture, etc.). The visible name on your account will be changed to “Anonymous” and effectively the account will no longer be identifiable as your account.

However, given the nature of an online community, your contributions that are not personally identifying are valuable assets to the community and these contributions will not be removed from our databases. But we will ensure that these contributions no longer contain personally identifying data.

Since Tribe is a business to business product, our customers can request to delete their users' information from Tribe platform in bulk based on the criteria that they define.

Restriction of processing

Summary: To allow the user to control how their personally identifying data is being used.

Any personally identifying data that Tribe stores are for the purpose of being able to contact you about your contributions, provide better feed recommendation, or for voluntarily showing information about you to other users (biography, homepage, location, etc).

Users are able to contribute to the community anonymously. In this case, we create a random hashed identifier for the users so they can modify their contribution. The anonymous contributions are not processed and other users are not able to identify the contributor in any way.

Since Tribe is a business to business product, our customers can install apps to gather aggregated statistic about the traffic in tools such as Google Analytics or MixPanel. Tribe only provides the ID of the user to these tools and user’s identifying data such as name or email are not being sent to these third-party systems.

Right to data portability / exporting your data

Summary: You have the right to access/download the data we store about you.

Tribe does not store personally identifying data beyond the information that is available in your public profile. Since this data is plainly available in your profile we do not provide a means for you to export this data.

There are the following exceptions to this:

IP addresses: If you visit a Tribe community the IP address of your computer is stored in our web logs for 7 days before our servers automatically delete them. This data is almost never used by anyone: the only time we look at the IP addresses is if our sites are adversely impacted by the actions of some unknown users. In that case we may investigate the logs in order to identify the IP address that needs to be blocked in order to restore the stability of our service. This data is not available to anyone but the security team at Tribe and is not available to download to anyone at all.

User’s Interests: To provide better feed recommendation, Tribe stores topics that users are interested in based on their browsing behavior. You can request a full export of this data by sending an email to gdpr@tribe.so with a link to your profile. Tribe team will send a full export of the data we stored in CSV format in less than 48 hours.

Right to rectification

Summary: You have the right to correct your data.

Tribe allows all users to update their personally identifying information including their name, email, biography, location, homepage, and social media links in their profiles.


Right to be informed

Summary: You have the right to be informed about how we use your data in plain English.

Our privacy policy, as well as other policies, have always been written by humans for human consumption. We abhor legalese and not speaking in direct terms.

Right to access

Summary: You have the right to access the data that we collect about you.

Tribe makes all of the data we collect on your behalf, privately identifying or not, available to you. The only exception to this are the IP addresses we store for 7 days – see above for details.

What about cookies?

The fact that end users are using our web pages does not mean they automatically consent to all cookies and/or tracking. We have therefore included a default cookie consent form in our platform. This provides the end user with a choice, in compliance with the GDPR stating that all given consent to cookies needs to be done with clear an affirmative action.