Vectornator Privacy Policy

Version 2.0, last updated 18.10.2021.

1. General information on Data Processing

This Privacy Statement describes the collection and use of personal data in connection with the use of our application Vectornator ("Software" or "App") in accordance with the requirements of data protection legislation, in particular the General Data Protection Regulation ("GDPR").

Before getting into the detailed description, we would like to expressly state that we will only process personal data to offer and improve our services. We will never trade, sell, or otherwise share or distribute your personal information to any third party except as specified in this statement.

We understand that our App is downloaded by users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. It is our understanding that by complying with the GDPR - the so-called “privacy gold standard” – we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.

Processing activities that are not covered by this Privacy Statement may be supplemented by additional privacy statements (e.g. for our public website) that apply separately.

Our App is available and downloadable on the Apple App Store for iOS, iPadOS and macOS devices. When downloading our product from the Apple App Store Apple processes personal data subject to Apple’s privacy policy: https://developer.apple.com/App-store/App-privacy-details/.

1.1 Controller

Controller pursuant to the GDPR is

Linearity GmbH, Sophienstraße 6, 10178 Berlin, Germany.

We inform you in the following about the processing of your personal data in the context of the use of our App.

1.2 Data Subject Rights

You may exercise the following rights:

  • Right to information about your data stored by us and its processing (Art. 15 GDPR),
  • Right to rectification of inaccurate personal data (Art. 16 GDPR),
  • Right to have your data stored by us deleted (Art. 17 GDPR),
  • Right to restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Right to portability of data if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR),
  • Right to object to the processing of your data by us (Art. 21 GDPR)

To exercise your rights, you can contact us by email at privacy@linearity.io

You can file a complaint at any time pursuant to Art. 77 GDPR in conjunction with § 19 BDSG file a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.

1.3 Processing of Data, Purpose and Legal Basis

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The legal basis of all our processing activities is based on Art. 6 (1) GDPR.

Personal data is initially processed by us for the fulfillment of contractual obligations or pre-contractual measures in accordance with Art. 6 (1) p. 1 lit. b) GDPR.

In addition, we process your data to protect our legitimate interests according to Art. 6 para. 1 p. 1 lit. f) GDPR,

  • for the assertion of legal claims including collection and defense in legal disputes
  • for the purposes of compiling statistics to improve products and services
  • for contacting you, insofar as a permanent business relationship with you or your employer exists or is intended (business contacts)

In addition, we will process your data in accordance with Art. 6 Para. 1 lit. c) GDPR if we are legally obliged to do so, for example in order to comply with our obligations to keep records under commercial or tax law.

1.4 Storage Duration

We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law. Furthermore, we may store your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.

1.5 No Obligation to provide Data/no Profiling

There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for profiling including automated individual decision making.


2. Processing Activities in Connection with our App

2.1 Customer Service

Nature and purpose of the processing:

In order to provide you with the best possible support when using our App, we offer you the possibility to contact our customer service via email. All communications directed to us become support tickets. In this context, we process your name, e-mail address, if any, as well as contents of your request.

Legal basis:

The data is processed for the fulfillment of contractual measures (Art. 6 para. 1 b) GDPR) or based on our legitimate interests, Art. 6 para. 1 f) GDPR. We want to provide customers with a customer service that is easily available and can offer a variety of services that may exceed such that fall under the scope of contractual fulfillment.

Recipient:

The recipient of the data is Groove Networks LLC, 2 Dearborn St. Newport, RI United States (“GrooveHQ”). GrooveHQ acts as a processor on behalf of us. This means we have concluded the necessary data processing agreement in which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

2.2 Iconator

Nature and purpose of the processing:

Users of our App can search for pre-made icons in a library of 80,000+ using our service Iconator. In order to be able to access and use these Icons a server connection is required. For this connection your IP-address and certain device information need to be processed.

Legal basis:

The data is processed for the fulfillment of contractual measures (Art. 6 para. 1 b) GDPR).

Recipient:

The recipient of the data is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 (“AWS”). AWS acts as a processor on behalf of us.  This means we have concluded the necessary data processing agreement in which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

2.3 Bug & Crash Reporting & App Performance Monitoring

Purpose and scope of data processing:

We process certain technical information, such as the App version, the device model, the operating system and the duration of the session if your App crashes, and to measure App performance. We use this data only in order to determine the reason for the crash and to remove errors in our App. Using the upper right switch inside the App on the privacy policy page you can deactivate the analytical data collection.

Legal basis:

The processing is carried out based on our legitimate interest in recognizing errors in our App, examining them and remedying them, and to thus be able to offer our App (Art. 6 para. 1 lit. f GDPR).

Recipient:

The recipient of the data is Instabug, Inc., 855 El Camino Real St. Suite 13A-111, Palo Alto, CA. 94301 United States (“Instabug”). Instabug acts as a processor on behalf of us.  This means we have concluded the necessary data processing agreement in which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

2.4 App Analytics

Nature and purpose of data processing:

In order to improve our App we register certain interactions of users with our app, for example the opening of documents or the selection of tools. When doing so, we also process the IP address, platform device, device family, operating system, language, country, region, device ID(s).

Legal basis:

The processing is carried based on our legitimate interest of understanding how users interact with our product and improving our product accordingly (Art. 6 para. 1 lit. f GDPR).

Recipient:

The recipient of the data is Amplitude Inc., 201 3rd Street, Suite 200 San Francisco, CA 94103, United States (“Amplitude”). Amplitude acts as a processor on behalf of us.  This means we have concluded the necessary data processing agreement in which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

2.5 CRM and Customer Engagement

Nature and purpose of the processing:

We constantly stay in contact with our users and assess their needs in order to continuously improve our App. We use Braze to communicate with our users via the following three channels: In-App messaging, push notifications, and email messaging. These channels are used to distribute surveys and inform our users about product news.


Legal basis:

The processing is carried based on our legitimate interest of providing App users with meaningful information regarding the use of our services (Art. 6 para. 1 lit. f GDPR).

Recipients:

Recipients of the data are Adjust GmbH, Saarbruecker Str. 37A, 10405 Berlin, Germany (“Adjust”) and Braze, Inc., New York City, 330 W 34th St 18th floor, New York, NY 10001 (“Braze”). Adjust and Braze act as processors on behalf of us. This means we have concluded the necessary data processing agreement in which the respective service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

2.6 Surveys

Nature and purpose of the processing:

In order to improve our services and understand the needs of our users, we may conduct surveys or similar. When conducting surveys, we will process a pseudonymized UserID set by Amplitude.

Legal basis:

We process the data based on your consent when you transmit the respective survey to us (Art. 6 para. 1 lit. a GDPR).

Recipient:

The recipient of the data is Typeform SL, Carrer Bac de Roda, 163, local, 08018 - Barcelona (Spain) (“Typeform”). Typeform acts as a processor on behalf of us. This means we have concluded the necessary data processing agreement in which the service provider is obliged to process the data only in accordance with our instructions.


3. Integrations

Stock Photos

Users of our App can access an image stock photo library from the service Unsplash, Inc. 500–400 rue McGill Montréal, QC H2Y 2G1, Canada, via anonymous API calls, which means that no personal data is processed.

Adobe Creative Cloud

You can connect to your Adobe Cloud account for files up- & download. The data processed by Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA is processed according to your subscription with Adobe and their privacy terms.

iCloud

When using our services you have the opportunity to store and synchronize your Vectornator data within your iCloud account. The data processed by Apple Inc, 1 Apple Park Way Cupertino, California, 95014-0642 United States, is processed according to your subscription with Apple and their privacy terms.

4. Changes to the Privacy Statement

We reserve the right to adapt this privacy statement so that it always complies with the current legal requirements or to make changes to our offers in the data protection declaration, e.g. when introducing new services. The most current version shall apply respectively.



Version 2.0, last updated 18.10.2021.