Terms Of Service

Effective Date: 10 June 2025 Welcome to Insightify, a business-to-business (B2B) to-do list application provided by Wididi. These Terms and Conditions govern your access to and use of our application.

By accessing or using our Service, you and the entity you represent your organization agree to be bound by these Terms. If you do not agree to these Terms, you may not access or use the Service.

Definitions

Service: Refers to the Insightify B2B to-do list application, including its features, functionalities, and any related services provided by us.

• User: Any individual authorized by your organization to use the Service, including owners, project leads, and team members.
• Personal Data: Any information relating to an identified or identifiable natural person, as defined by GDPR.
• Organization Data: All data, including projects, tasks, and related information, that you or your Users input or upload into the Service.
• Controller: The entity that determines the purposes and means of the processing of Personal Data. In most cases, your organization will be the Controller of the Personal Data you process using our Service.
• Processor: The entity that processes Personal Data on behalf of the Controller. We act as a Processor when handling Personal Data on your behalf within the Service.
• Telemetry Data: Operational data generated by the Service to monitor performance, identify issues, and improve functionality.

Your Role as Data Controller

Your organization is the Data Controller for the Personal Data you enter or manage within our Service. This means you are responsible for:

• Determining the legal basis for processing Personal Data.
• Obtaining necessary consents from your Users where required.
• Ensuring the accuracy, integrity, and security of the Personal Data you provide to the Service.
• Responding to data subject requests (e.g., access, rectification, erasure) from your Users.
• Complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR).

Our Role as Data Processor

We act as a Data Processor on behalf of your organization when providing the Service. We process Personal Data strictly in accordance with your documented instructions, these Terms, and our Privacy Policy. We commit to:

• Processing Personal Data only for the purpose of providing the Service.
• Implementing appropriate technical and organizational measures to ensure the security of Personal Data.
• Assisting you in fulfilling your GDPR obligations as a Controller, where reasonably possible.
• Notifying you of any personal data breaches without undue delay.
• Notifying you if we believe an instruction violates GDPR or other data protection laws.

Data We Collect and Process

To provide and maintain the Service, we collect and process the following types of data:

User Data:

When you create an account or your organization adds you as a User, we collect:

• Account Information: Your full name and email address. This is used for identification, authentication, and communication within the Service.
• Security Credentials: A hashed version of your password. We do not store your plain-text password.
• Usage Data:
  • last_login_at: Timestamp of your last successful login, used for security monitoring and understanding user activity.
  • email_verified_at: Timestamp indicating if your email has been verified.
  • API tokens: Generated for secure authentication and authorization to access the Service.

Purpose of Processing User Data: To provide you with access to the Service, manage your account, authenticate your identity, and ensure the security of your account and the Service.

Organization Data (Projects and Tasks):

As you use the Service, you and your Users will input and generate:

• Project Information:
  • title: The name of your project.
  • description: A detailed description of your project.
  • owner_id: Identifies the User who owns the project.
  • lead_id: Identifies the User designated as the project lead (optional).
  • completed_at: A timestamp indicating when a project was completed (null if incomplete).
• Task Information:
  • name: The name of the task.
  • description: A detailed description of the task.
  • project_id: Links the task to a specific project.
  • completed_at: A timestamp indicating when a task was completed (null if incomplete).

Purpose of Processing Organization Data: To provide the core functionality of the to-do list application, allowing your organization to create, manage, track, and complete projects and tasks. This data is processed solely for the benefit of your organization and its Users.

Telemetry Data (Operational Data):

We utilize OpenTelemetry to collect operational data (spans and traces) about the performance and functionality of the Service. This data includes:

• traceId: A unique identifier for a sequence of operations (e.g., an entire API request).
• spanId: A unique identifier for a single operation within a trace (e.g., a database query, a controller action).
• parentSpanId: Links a span to its preceding operation in the trace.
• name: A descriptive name for the operation (e.g., 'HTTP GET /projects', 'Database Query: SELECT * FROM users').
• startTime and endTime: Timestamps indicating the duration of an operation.
• attributes: Key-value pairs providing additional context, such as the service name (service.name), the endpoint involved, and potentially information about payload sizes for debugging.
• events: Time-stamped events within a span, indicating specific occurrences during an operation.

Purpose of Processing Telemetry Data: To monitor the health, performance, and stability of our Service, identify and diagnose technical issues, optimize resource utilization, and ensure a reliable user experience. This data helps us understand how the Service is performing and allows us to make improvements. This data is primarily technical and generally does not contain directly identifiable Personal Data, though it may include references to internal application identifiers (e.g., project_id) for context.

How We Store and Secure Data

• Storage Location: All data is stored on secure servers located within the European Union. We adhere to industry best practices for data center security.
• Security Measures: We implement robust technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:
  • Data Minimization: We only collect data that is necessary for the provision of the Service.
  • Access Controls: Strict access controls and authentication mechanisms are in place to limit access to data.
  • Encryption: Passwords are hashed. Data in transit and at rest may be encrypted using industry-standard protocols.
  • Regular Security Audits: We regularly review and update our security practices to protect against emerging threats.
  • Incident Response: We have procedures in place to detect, respond to, and mitigate data security incidents.
• Data Retention:
  • User Data: Retained as long as your account is active and for a limited period thereafter as required by law or for legitimate business purposes (e.g., audit trails).
  • Organization Data (Projects and Tasks): Retained as long as your organization maintains an active subscription to the Service. Upon termination or expiration of your subscription, we will delete or anonymize your Organization Data in accordance with our data retention policy and applicable laws, unless otherwise agreed upon.
  • Telemetry Data: Retained for a limited period necessary for performance monitoring and troubleshooting, typically [e.g., 30-90 days], before being aggregated or deleted.

Data Sharing and Disclosure

We do not sell, rent, or trade your Personal Data or Organization Data to third parties. We may share data only in the following limited circumstances:

• With Your Consent: We may share data if you provide explicit consent to do so.
• Service Providers: We may engage trusted third-party service providers (sub-processors) to perform functions on our behalf, such as hosting, analytics, or error logging. These providers are contractually bound to protect your data and are prohibited from using your Personal Data for any purpose other than providing the contracted services to us. We conduct due diligence on all sub-processors to ensure their compliance with data protection standards.
  • Example Sub-processor for Telemetry Data: Your OpenTelemetry endpoint may be configured to send data to a third-party observability platform (e.g., DataDog, Honeycomb, Jaeger). We will ensure appropriate data processing agreements are in place with such providers.
• Legal Requirements: We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction, provided the acquiring entity agrees to adhere to these Terms and our Privacy Policy.

We will provide you with the necessary tools and assistance to help you fulfill these data subject requests from your Users.

Our Commitment to Data Security and Compliance

We are committed to protecting the privacy and security of your data. We continuously review and update our security measures and internal policies to ensure compliance with applicable data protection laws, including GDPR.

Contact Us

If you have any questions about these Terms, our data practices, or our Service, please contact us at:

Stationsplein 4J, 3311 LL, Zwijndrecht
info@wididi.com