We take your privacy and the security of your data very seriously. We implement a variety of security measures to maintain the safety of your team’s information. Communication between to-do bot and your chat platform is encrypted using SSL.

What we collect

To-do bot only collects information that is sent directly to them, via direct message or when the bot is directly mentioned. To-do bot does not access past or archived messages.

To-do bot collects basic user information when the user interacts with the bot for the first time.

To-do bot also collects basic information of the team, group, room or channel depending on the platform. This information is collected for the purpose of authenticate the user and team with our service.

Using standard web analytics and web server technologies, to-do bots logs your navigation actions, IP address, cookies and other information provided by your web browser.

How we store your data

Web connections to to-do bot services are encrypted via SSL, means that all data on transit is encrypted.

Some platforms provide us with sensitive data like tokens or keys in order for us to provide our service. We encrypt and store those details using AES256 encryption and keys are stored on AWS KMS, a service that has been validated and certified by multiple compliance schemas https://aws.amazon.com/kms/details/#compliance

We use mLab to manage our database. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a failure. To learn more about mLab and their security policy please visit http://docs.mlab.com/security/

Our application and database are hosted in secure SSAE 16 audited data centers managed by AWS. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Employees or contractors are not allowed to access production databases and production services accounts are protected by 2 factor authentication. If we need to review your information we will do it with your explicit consent.

To learn more about how to-do bot connect to your Slack/HipChat/Cisco Spark team please visit:

How we use your data

We will not sell, trade, or otherwise transfer your information to outside parties without your explicit permission.

Information collected by the to-do bot system will be used only in the creation of reports and responses to queries, and will not be made available to any party outside of the authorized team.

We may send you email notifications or bot notifications from time to time. You may opt out at any point from receiving these messages by clicking the unsubscribe link included in the email or message.

If you have questions, please contact us