Processing activities

Last updated: May 18, 2021

This table shows our processing activities. We think transparency is the fair thing to do and we've done our best to ensure this table is complete and clear. Please let us know if you have any questions or feel this table is not complete. From all listed third-party provider's we've received a data processing agreement. Changes to our processing activities are handled the same as our privacy policy.

SubjectProvider(s)What exactlyWhyHowHow longAdditional security measuresPrivacy policy
Device information, page views and visit characteristicsDigitalOcean, Vercel, Forge, Intercom, Google Tag Manager, Google Analytics, Amplitude, SegmentIP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, time zone, cookies installed, individual pages or products that you view, what websites or search terms referred you to the site, and information about how you interact with the site and the app.
  • To help analyse and improve the user experience on our website and mobile app.
  • To help improve marketing campaigns.
  • To make informed business development decisions.
  • To help us provide a more personalised experience on the website and app.
  • To debug general or customer-specific issues.
  • To improve customer support.
  • Stored on server (i.e. DigitalOcean) log files on the hard drive of the server.
  • Vercel hosts our website and is linked to our source code for automated deployment.
  • Forge is linked to our source code for automated deployment on DigitalOcean.
  • Intercom widget loaded on the website, which stores visitor/customer profile data when logged in.
  • Google Tag Manager code is loaded upon page load after cookie opt-in.
  • Page views and its metadata send to Google Analytics via Google Tag Manager.
  • Segment code is loaded upon page load after cookie opt-in.
  • Amplitude is integrated via Segment and receives page view, events and metadata.
  • Server log files are retained for 14 days.
  • Vercel does not store visitor data.
  • Forge does not store visitor data.
  • Intercom automatically expires data about visitors not seen in 9 months.
  • Google Tag Manger does not retain data, it serves as a proxy to forward data to other destinations.
  • Google Analytics retains user session data for 14 months, aggregated website traffic numbers are stored indefinitely.
  • Segment retains data 30 days.
  • Server access accounts, Vercel, Forge, Google accounts and Segment accounts secured with two-factor authentication.
  • Database additionally secured with IP access list.
  • Google Tag Manager's change management is being used.
digitalocean.com
vercel.com
forge.com
intercom.com
amplitude.com
google.com
segment.com
A/B experimentsGoogle OptimizeGoogle Optimize is used for A/B testing of the website, where traffic is distributed randomly to multiple variants.
  • To help analyse and improve the user experience on our website and mobile app.
  • Google Optimize experiments are initialized via Google Tag Manager: it randomly distributes traffic between experiment variants.
  • Google Optimize does not retain personal data; a cookie is set for 90 days for variant inclusion.
  • Accounts secured with two-factor authentication.
google.com
On page scroll and interaction behaviourHotjarEnd-user website scroll, tap, click, mouse movements and interactions are tracked and stored as behavioural analytics.
  • To identify usability issues and end-user issues they encounter on our website.
  • A Hotjar integration is loaded on our website after cookie opt-in, which sends this data to Hotjar. From there, only invited Routinely employees can view heat/scroll maps and replay user interactions (wherein data is anonymized).
  • Hotjar automatically deletes data older than 365 days.
  • Data is not linked to purchase data and customer profiles, location and keystroke data are suppressed or scrubbed.
hotjar.com
Browser and server-side errors and exceptionsSentryError and exception data including contextual information: browser ('user agent'), operating system, URL visited, language and referer. Data is anonymized: no IP address is stored.
  • To debug client-side or server-side bugs and exceptions.
  • To monitor the status of the technical infrastructure.
  • To manage source code changes and its effects.
  • Sentry is integrated on the server and website and sends the issue/exception and contextual data to Sentry so that approved employees can see the issues/exceptions.
  • Sentry retains event data for 90 days on premise.
  • Accounts secured with two-factor authentication.
  • Data scrubbing enabled, IP addresses are not stored.
sentry.io
Skin condition informationRoutinelySkin condition information and answers to skin analysis/wishes questions. Account holders and guests (i.e. anonymous visitors) can provide this information.
  • To identify the right properties and ingredients which can help our users achieve their skin goals and improve Routinely's product catalog.
  • To improve product recommendations.
  • To develop comprehensive skincare routines for Routinely users.
  • User-provided data is submitted to a server of Routinely where it is validated, processed and stored in a database.
  • Skin ID tests are tied to a registered user when performed with an active account or when the user opted to create an account while performing the skin ID test. Otherwise, it is marked as an anonymous test result.
  • Routinely commits to delete user data within 1 month of their request.
  • Anonymous test will be automatically removed after 12 months, which is to be implemented.
  • Source code change management in place.
  • Database additionally secured with IP access list.
  • Data is processed by Laravel: a very popular and thus community-tested backend framework, reinforcing our commitment to using secure systems in handling customer information.
  • Systems alerting and monitoring in place.
Location nameGoogle PlacesInstead of GPS-based location coordinates, users can choose, or on devices without a GPS-chip, to enter the name of their current location, which a Google Places lookup will translate into coordinates if the location is selected by the user (i.e. a dropdown menu of available locations is shown to the user).
  • To analyse exogenous factors such as air quality, humidity and temperature and give Routinely users informed advice about how to adapt their skincare routine to these conditions. These factors are location specific.
  • Via a client-side API call to Google Places, a city/location name is translated into GPS coordinates.
  • Google Places does not retain data.
  • Fine-grained access for API has been set up.
google.com
Ad attributionFacebookRoutinely advertises via Facebook/Instagram, Google Ads, Pinterest, Snapchat, TikTok and Apple Search Ads. When an ad yields a page view and follow-up actions, these actions are stored in cookies for ad attribution purposes and Facebook, Google Ads, Pinterest, Snapchat, TikTok and Apple Search Ads will be informed of conversions.
  • To refine marketing campaigns, maximise engagement and conversion optimization.
  • To improve the relevancy of advertisements.
  • An individual 'Pixel' for each tool is loaded on the website so that ad attribution can be tracked when cookies are allowed by the user.
  • Data is only held for so long as is necessary for the purposes for which it was collected, and that data subjects are informed of the retention period and retention period criteria. Facebook, Google Ads, Pinterest, Snapchat, TikTok and Apple Search Ads will continue to comply with these requirements.
facebook.com
snap.com
google.com
tiktok.com
pinterest.com
apple.com
App fraud prevention and installation and attribution metricsAdjustMobile Measuring Partner. As Routinely advertises through different platforms Adjust unifies the attributions from app advertising activities. When a page view and follow-up actions these are stored in adjust and Facebook, Google Ads, Pinterest, Snapchat, TikTok, Apple Search will be informed of conversions.
  • To refine marketing campaigns, maximise engagement and conversion optimization.
  • To improve the relevancy of advertisements.
  • To prevent fraudulent activities from third parties.
  • An SDK (Software Development Kit) is installed in our app so that ad app attribution can be tracked when users give consent.
  • From the moment of consent until a maximum of 25 months after.
adjust.com
Support requestsIntercomCustomer support requests (i.e. emails) and live chat.
  • To provide customer support.
  • Third party Intercom receives email send to our general customer support e-mail address.
  • A support conversation is then performed via Intercom by an employee. Only approved employees can access Intercom.
  • An Intercom live chat widget is integrated on the website and in the apps so that visitors can contact us via the widget.
  • Intercom automatically expires data about visitors not seen in 9 months.
  • Accounts secured with two-factor authentication.
intercom.com
Image deliverySanityBrowser and device information is send to Sanity as part of image (.jpg/.png) HTTP requests.
  • Sanity acts as an image content delivery network (CDN) so that assets are send (1) fast, (2) in optimal resolution for the requesting device and (3) in optimal file type which the browser supports.
  • The HTTP request for images contain HTTP headers that provide this information to Sanity, such as the common 'User-Agent' header.
  • Sanity does not retain this browser and device information.
sanity.io
App Store dataApple App Store, Google Play StoreThe mobile Routinely app is available in Apple's App Store and Google's Play Store. They host the app data and track visitor data who download the app, they expose these aggregated download quantity metrics to Routinely employees.
  • To make informed business decisions regarding app download quantities.
  • Via an online dashboard, available for approved Routinely employees, they can see aggregated download metrics.
  • As long as the app is available to download.
  • Accounts secured with two-factor authentication.
apple.com
google.com
SurveysTypeform, TallyRoutinely occasionally will ask users to, voluntarily and without obligation, to participate in a survey. These third parties allows Routinely to define questions and answers, which are then stored by them upon completion.
  • For product research & development purposes.
  • To improve skincare routines and product recommendations.
  • Product management: e.g. user testing invites.
  • Customer experience evaluation.
  • Via a third-party hosted form. Responses are stored by them, only accessible by approved Routinely employees.
  • As long as a form is active.
  • Routinely commits to delete user data within 1 month of their request being processed.
typeform.com
tally.so
Product feedbackProductboardA publicly accessible product portal allows visitors to see and vote on product features and improvements. Visitors can there subscribe per e-mail on product updates. Our customer service CRM is integrated with Productboard such that customer feedback is forwarded to Productboard, including name and email address.
  • For product research & development purposes.
  • To identify service areas of improvement.
  • Via a Productboard-Intercom integration, with a manual action by an employee, feedback is forwarded into Productboard, where a Product Manager can link the feedback to a feature request. The actual feedback is only visible for approved employees.
  • Visitors can see, vote or comment on feature requests. There they can opt to share their data.
  • As long as our Productboard account is active, unless the author asks us or Productboard to delete their records from Productboard.
productboard.com
Location coordinatesRoutinely, WeatherbitLocation coordinates are periodically and upon significant location changes (as determined by host operating system) submitted to a server of Routinely, if a user consents to this via the default location consent modal of the host operating system (asked when first starting the app). Using third-party Weatherbit, Routinely can retrieve weather data based on someone's location.
  • To analyse exogenous factors such as air quality, humidity and temperature and give Routinely users informed advice about how to adapt their skincare routine to these conditions. These factors are location specific.
  • The app can ask the host operating system for location coordinates, which is submitted to a server via a HTTPS request. The server stores this in the database.
  • Routinely commits to delete user data within 1 month of their request being processed. A limit on the amount of location coordinates stored per used will be implemented.
  • Fine-grained access for Weatherbit API has been set up.
  • Source code change management in place.
  • Database additionally secured with IP access list.
  • Data is processed by Laravel: a very popular and thus community-tested backend framework, reinforcing our commitment to using secure systems in handling customer information.
  • Systems alerting and monitoring in place.
weatherbit.io
Skin routine feedback questionnairesRoutinelyAnswers to feedback questionnaires.
  • For product research & development purposes.
  • To improve skincare routines and product recommendations.
  • User-provided data is submitted to a server of Routinely where it is validated, processed and stored in a database.
  • Data is processed by Laravel: a very popular and thus community-tested backend framework Laravel, reinforcing our commitment to using secure systems in handling customer information.
  • Routinely commits to delete user data within 1 month of their request being processed.
  • Source code change management in place.
  • Database additionally secured with IP access list.
  • Data is processed by Laravel: a very popular and thus community-tested backend framework, reinforcing our commitment to using secure systems in handling customer information.
  • Systems alerting and monitoring in place.
Health and activity dataApple HealthKit, Google FitMenstrual cycle, activity levels and/or sleep information. Users can opt-in via the standard host operating systems's opt-in functionalities.
  • To analyse physical factors such as menstrual cycle and sleep in order to give Routinely users informed advice about how to adapt their skincare routine to these conditions.
  • The app can ask the host operating system to ask these permissions from the user, which will be synced with a Routinely server. The operating system provides very granular controls about whereto the user opts-in.
  • Routinely commits to delete user data within 1 month of their request. Anonymous test will be automatically removed after 12 months, which is to be implemented.
  • On-device processing whenever possible.
apple.com
google.com
Customer marketingIntercomUsers who opted-in can receive marketing emails (i.e. newsletters) and/or marketing push notifications.
  • To manage newsletter distribution.
  • To share promotional materials and offers via email.
  • To share marketing content via email.
  • To send mobile notifications.
  • Intercom acts as a CRM system where opted-in visitors are stored so that a Routinely employee can create marketing campaigns. These can be one-off or recurring and can dynamically target/filter customers to improve the relevancy to the receiver.
  • Visitors who request to have their account deleted will have all their data removed from Intercom within 1 month after the removal is confirmed.
  • Intercom automatically deletes information about visitors who have not come back to the website in 9 months.
intercom.com
Transactional emailsSendGridName, email address and email contents.
  • To inform users about their account, such as login e-mails and must-read product updates such as changes in Routinely's privacy policy.
  • The server/backend is integrated with an SMTP server from SendGrid. SendGrid sends the email to the account holder and has anti-spam and anti-fraud measures.
  • To investigate deliverability issues, Routinely employees can see which e-mails are send to whom for the past 30 days. Email contents cannot be seen.
  • A delivery window of 30 days is retained by Sendgrid.
  • Accounts secured with two-factor authentication.
twilio.com
Order, contact, payment, address and shipping detailsShopify, MINCOrder, contact, payment, address and shipping details.
  • To fulfill orders, shipments and returns, provide anti-fraud measures and make informed business decisions based on average order quantities and characteristics. Orders are fulfilled by MINC (i.e. the 'warehouse').
  • Order and payment data stored by third party Shopify. Because Routinely uses Shopify's native payment functionalities, Routinely does not store any sensitive payment details/cards.
  • By means of an integration between Shopify and MINC, order data is synchronized with MINC.
  • Data is stored indefinitely at Shopify.
  • Data our our fulfillment party MINC is retained for three months after ordering.
  • Payment method details not visible for employees nor third parties.
  • Shopify and thus our store are PCI compliant.
  • Shopify has Level 1 PCI DSS, ISO 27001 and SOC 2 certifications.
  • Only need to know data is send to MINC.
shopify.nl
minc.nl
Testers, study participantsUsertesting, IntercomName, age, contact details, occupation, education level, income level and interests.
  • To build a user-testing group that we can ask to test new features before/during development.
  • To collect insights in order to prioritise & strategise product development.
  • Routinely only approaches visitors with testing requests after explicit opt-in. This approach can happen via email, phone and/or push notifications.
  • Usertesting: At UserTesting's option, we may delete Personal Data one year after our business relationship ends, subject to our document retention policies and practices.
  • Routinely: Testers may request to have their information deleted from Routinely's Intercom database. Routinely commits to delete tester information within 1 month after the request is processed.
usertesting.com
intercom.com
Support rating and feedbackSurvicateAfter contacting customer support, visitors are requested to leave a rating and/or feedback on our support, with optional name and email address.
  • To evaluate and improve our customer experience.
  • Our CRM system (Intercom) can send out requests in live chat or email to leave a rating or review about our service.
  • Indefinitely unless the author asks us or Survicate to delete a rating/review.
survicate.com
Support phone callsCloudtalkWhich phone number called us when and who answered.
  • To provide phone support.
  • Cloudtalk provides Routinely with a dedicated phone number. Via an employee-only dashboard or app, phone calls can be accepted/made.
  • Routinely commits to delete user data within 1 month of their request being processed.
  • Aggregated phone call metrics are stored indefinitely.
  • Conversations might be recorded at maximum 6 months for evaluation purposed. You will be informed before the conversation.
cloudtalk.io