EPQ: Hi, In an answer buried in the questions feed, you just state : ""We are GDPR compliant.
If you have specific questions, feel free to email our support@rasa.io."
I discovered Rasa tonight browsing on AppSumo. This is an utterly interesting tool for newsletter management !
Could you please answer these questions before your AppSumo deal ends, so that we may grab it ?
I work for a French non-profit, and we are in the process of strengthening our overall GDPR compliance. I am somewhat worried by the fact that nowhere on your website you state or present anything regarding GDPR... except a cursory mention in this one blog post : https://rasa.io/pushing-send/clean-subscriber-list/.
I had to scroll through questions on the AppSumo deal page, to see you just answering "We are GDPR compliant. If you have specific questions, feel free to email our support@rasa.io."
Could you please direct me on more detailed resources demonstrating Rasa's GDPR compliance (not only stating it, because here we cannot just state, we have to prove the compliance ;-)
First questions that pop to my mind are :
- in what country/ies are your servers located ?
- what level of privacy do you grant to contacts registered in your customers' accounts ? do you use encryption ? what protocols ? for storage and/or transfer ? (I am not an expert at that, I just throw out a bunch of related concepts that I loosely understand to generate informative answers ;-)
- et caetera
Many thanks for your precisions,
Best
Molly_rasa.io
May 14, 2024A: Hi Sumo-ling,
Can you please email support@rasa.io so we can help answer these questions.
Thank you!
Verified purchaser
Hi,
I would like to add my voice to the request for clarification and transparency around GDPR.
On November 23, I already sent an email with questions to support@rasa.io, and received no response at all.
Why this secrecy in disclosing these features and information only via a support request?
If these questions have not been answered by the end of the deal, I will have to refund it because it is not legally usable, at least in Europe.
Many thanks,
O-B
Hi everyone,
The contact support for more specific answers is not meant to be secretive in any way. rasa.io is a US-based provider of cloud-based transactional and marketing email
delivery, management, and analytics services. rasa.io's data is stored, protected and hosted by Amazon Web Service, Inc. Our servers are located in the US. For more information on how AWS manages and protects their server data, click here. We have international customers who use rasa.io and we’ve never had a GDPR compliance issue. You are ultimately in charge or your contact list when you import those addresses into our system, you confirm with us that you have the proper permissions to email those recipients. If a subscriber requests to have the data we have collected on them through click activity on our emails wiped, we of course comply with that request. More info on how we collect our data, email privacy and other articles that may be helpful on this topic here:
https://help.rasa.io/hc/en-us/articles/360052494254-Contact-Privacy
https://help.rasa.io/hc/en-us/articles/1500008405442-Data-Protection-and-Storage
https://help.rasa.io/hc/en-us/articles/360048780154-Guidelines-for-Subscriber-Permission
https://help.rasa.io/hc/en-us/articles/360048631814-How-rasa-io-Personalizes-Content
Looks like my AWS link for more info did not carry over but that can be found in the help page about data protection that I linked.
I alreday did, with more details.
This said, I really don't see why you couldn't / shouldn't directly share your insights regarding Rasa x GDPR here for all interested sumolings (notably Européean sumolings).
I feel anxious that you are not answering questions related to GDPR compliance openly. You should put the answer here available for all the community.