GDPR at Wrenly

Your privacy and data security are our top priority. We’ve taken the following steps to ensure our General Data Protection Regulation (GDPR) readiness.

Data Security
Protecting customer data is a top priority at Wrenly. We understand you are trusting us with your data and we take that responsibility extremely seriously. You can read the details of our security policies below.

Handling Data Subject Rights Requests
We've implemented some compliance measures to make it easy to handle requests such as deletion or update requests of your personal data.

To do so, email with your request.

Additional training
The Wrenly team has been diligent in conducting training with our team regarding data protection and incident response on potential issues like data breaches.

Hosting & Storage Location
All hosting and data storage for the Wrenly app is located in Europe.

Sub processors
The sub-processors Wrenly uses are:

Slack Technologies, LLC - located in the USA - for the purposes of app hosting & internal communication - view their GDPR policy

HubSpot, Inc. - located in the USA - for the purposes of customer management - view their GDPR policy

Salesforce, Inc. - located in the USA - for the purposes of server/app hosting on Heroku - view their GDPR policy

Google LLC - located in the USA - for the purposes of Gmail and Google Calendar - view their GDPR policy

Stripe, Inc. - located in the USA - for the purposes of payment processing - view their GDPR policy

OpenAI, L.L.C. - located in the USA - for the purposes of AI content creation. All Wrenly users have the option to opt out of this sub-processor - view their GDPR policy

Wrenly Security

Cloud Hosting
Wrenly's data and services are hosted with trusted Amazon Web Services (AWS) through Heroku, leveraging their world-class security.

SSL and Encryption
All data is transmitted over HTTPS, and any data stored is encrypted in transit and at rest using 256-bit encryption. Our application endpoints are all TLS/SSL to ensure all connections are secure.

Employee Access and Authentication
Access to customer data is limited to authorized employees whose job functions require it. Additionally, 2FA and strong password policies on all tools used internally are strictly implemented for all Wrenly employees to ensure third-party access to these cloud services are protected.

Slack Permissions
Wrenly uses Slack's Granular Permissions in order to request only the permissions we need to make the app function. When you install Wrenly on your Slack workspace Slack will be present you with a list of the specific permissions that Wrenly requests, and you will have an opportunity to approve or reject those permissions. You can view Wrenly's Slack permissions without installing the app. Wrenly only has access to public channels, private channels that the bot has be invited into, and content that is explicitly shared with the bot.

Channel and Message Access
Wrenly's access to messages in Slack is very limited, in two ways:

1. Wrenly cannot read any Slack messages posted in any channel besides messages sent directly to Wrenly as a DM

2. Wrenly only needs to be in the channel(s) that you want to use to interact with Wrenly (Feedback, Surveys, Recognitions, etc.). Consequently Wrenly will only be a member of channels that a user invites it to or where a user explicitly sets up Wrenly. This means that Wrenly does not have access to anyone's private DMs (unless it's a DM with Wrenly), nor does Wrenly have access to any public or private channel content unless someone from your team has explicitly added Wrenly to the channel or Wrenly created the channel for set-up purposes.

Slack OAuth
Wrenly uses Slack's OAuth to authenticate users and teams in Slack as well as for our web app, making use of Slack's world-class security.

PCI Compliance
Wrenly uses Stripe as our payment provider. Stripe is a PCI compliant payment gateway service with very strong security practices. No credit card information is stored on our servers. We do not have access to full card information.