Last updated: May 6th, 2023
1st things 1st is hosted on a DigitalOcean server in Frankfurt, Germany.
From the personal data, we are storing your first and last names, email, avatars from a social network or Gravatar, a company name (if applicable), interests, and notification settings.
For compliance with GDPR cookie law, we are also storing your device's IP address, your browser's User-Agent string, and cookie consent preferences, which can be linked to your account.
Of course, we are storing your prioritization projects with criteria, things to evaluate, and evaluations.
If you want to get a list of all the data that is stored about you on 1st things 1st, you can ask for it in the feedback form and we will respond within 2 working days.
All your private information is kept private and not exposed to third parties. However, there are two exceptions:
Account information is not portable. But prioritized projects can be exported to XSLX, PDF, email message, Notion template, or many productivity apps via Zapier.
All website data is transferred to and from the server using the SSL certificate.
No plain passwords are saved in the database. Instead, we store their hashes, where we can check the password's validity, but we cannot find out what your password was.
Payments are done through our reseller and Merchant of Record Paddle.com who takes care of more secure measurements. No credit card, banking, or billing information is saved on our servers.
We do daily backups and should be able to recover the lost database within 24 hours. We keep daily backups for 7 days.
If we notice any security breach where the personal data could be exposed to third parties, we are going to inform you by email within 3 days.
At any time you can delete your account together with the prioritization projects you created. This can be done at the account deletion page.
If you have any questions about GDPR compliance, please contact us.