Last updated: November, 12 2018.
Good Software LLC (“Pull Reminders”, “we”, and “us”) provides services that help software development teams deliver and collaborate on code reviews more efficiently.
Personal Data We Collect
When you visit our website
When you sign in with your GitHub and Slack accounts
In order to use Pull Reminders, you will be asked to authorize Pull Reminders to access information about your GitHub and Slack accounts using OAuth 2.0. If you grant us access, we collect your name, profile photo, username, and email address associated with your GitHub and Slack accounts.
When you install our GitHub App
In order to use Pull Reminders, you will be asked to install the Pull Reminders GitHub App to your GitHub organization. Installing the GitHub App grants us read-only API access to your GitHub issues, members, metadata, and pull requests. We collect the names, profile photos, names, and usernames of members of your GitHub organizations. We do not request or obtain access to your source code.
Unintentionally collected data
We do not intentionally collect Personal Data that may be contained in your GitHub issues and pull requests. Personal Data in your GitHub repositories belongs to you, and you are responsible for it, including complying with any regulatory controls regarding that data.
How We Use Personal Data
We limit our use of your Personal Data to the purposes listed in this Privacy Privacy. If we need to use your Personal Data for other purposes, we will ask your permission first.
- We need your Personal Data to create your account and provide Services you request.
- We use your email address to respond to your inquiries and provide customer support.
- We use your name, username, and email address to identify you to other Users who are members of your organization.
- We use your Personal Data for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation.
Our legal basis for processing information
Under certain international laws (including GDPR), Pull Reminders is required to notify you about the legal basis on which we process Personal Data. Pull Reminders processes Personal Data on the following legal bases:
- When you set up a Pull Reminders account, you authorize us to access your name, username, and email address associated with your GitHub and Slack accounts, as well as the names and usernames of other users in your GitHub organization. We require these data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. If you have a paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. Pull Reminders does not collect or process credit card numbers, but our third-party payment processor does.
- Generally, the remainder of the processing of Personal Data we perform is necessary for the purposes of our legitimate interests. For example, for security purposes, we must keep logs of IP addresses that access Pull Reminders, and in order to improve the performance and effectiveness of our product, we many analyze your usage.
How We Disclose Personal DataPull Reminders does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data in specific cases as outlined below.
a. Service providers. We share User Personal Information with a limited number of third party service providers that provide services on our behalf, such as payment processing, server hosting, customer support ticketing, and other email delivery. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. While Pull Reminders processes all Personal Data in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our page on Subprocessors.
c. Aggregated Statistics. We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Pull Reminders. For example, we may compile statistics on the number of pull requests reviewed across Pull Reminders. However, we do not sell this information to advertisers or marketers.
e. Compliance and harm prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Pull Reminders, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Your Rights and Choices
You have choices regarding our use and disclosure of your Personal Data:
a. Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
b. How you can see or change your account Personal Data. If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by contacting us.
c. Your data protection rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Pull Reminders processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that Pull Reminders rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that Pull Reminders erase your Personal Data in certain circumstances provided by law;
- The right to request that Pull Reminders restrict the use of your Personal Data in certain circumstances, such as while Pull Reminders considers another request that you have submitted (including a request that Pull Reminders make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
d. Process for exercising data protection rights. In order to exercise your data protection rights, you may contact Pull Reminders as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
Security and Retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse.
Our security measures include:
- Written incident response and data breach notification processes;
- Encrypting Data at rest using AES-256, block-level storage encryption;
- Transmitting Data using HTTPS and SSL/TLS, including transmissions between Pull Reminders, GitHub, and Slack; and
- Not storing credit card information on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available.
Unfortunately, no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. In the event of a data breach that affects your Personal Data, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
If you are a Pull Reminders User, we retain your Personal Data as long as we are providing the Services to you. We may retain certain Personal Data indefinitely, unless you delete it or request its deletion. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
International Data Transfers
We store and process the information that we collect in the United States (our sub processors may store and process data outside the United States). For cross-border data transfers from the European Union (EU) and the European Economic Area (EEA), Pull Reminders adheres to the Privacy Shield Framework.
Use by Minors
If you're a child under the age of 13, you may not use Pull Reminders. Pull Reminders does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will close your account.
Links to Other Websites
Pull Reminders may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
If you have concerns about the way Pull Reminders is handling your Personal Data, please let us know immediately. You may contact us as described in the Contact Us section below. We will respond promptly — within 45 days at the latest.
In the unlikely event that a dispute arises between you and Pull Reminders regarding our handling of your User Personal Information, we will do our best to resolve it. If we cannot, we have selected JAMS, an independent dispute resolution provider, to handle unresolved Privacy Shield complaints. If we are unable to resolve your concerns after a good faith effort to address them, you may contact JAMS and submit a Privacy Shield claim. JAMS is a US-based private alternate dispute resolution provider, and we have contracted with JAMS to provide an independent recourse mechanism for any of our users for privacy concerns at no cost to you.
Under certain limited circumstances, European Union individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield. Arbitration is not mandatory; it is a tool you can use if you choose to.
We are subject to the jurisdiction of the Federal Trade Commission.
Good Software LLC
1887 Whitney Mesa Dr #2947
Henderson, NV 89014, USA