This chapter describes how Hareja AB handles personal identifiable information in relation to the Team-in-Touch application.
Hareja AB reserves the right to make adjustments to this document at any moment. No rights can be derived from the information in this document.
Collected information and usage¶
Team-in-Touch is collecting the following personal identifiable information:
- User email address
The user email address is required for identification purposes at login.
The user email address is used to send the user messages by email.
The user email address is used to contact the user in case of important information about Team-in-Touch.
- User name or nick
The user can provide and change his/her name or nick so that other users can recognize the user in communications.
Team-in-Touch is not using this name or nick for any purpose.
- User password
The user password is stored in an obfuscated form using industry standard algorithms.
Team-in-Touch is using the user password to be able to identify the identity of the user at login.
- User Phone Number
The user can provide a phone number. This number is shared with other users in the same team, depending on the team settings by the coach.
Team-in-Touch does not use the phone number for any other purpose.
Team-in-Touch does not exclude the use of this phone number for communication with the user when there is an urgent need.
- User IP address
IP addresses are stored in log entries for customer support purposes and usage analysis in line with common practice.
- User configuration actions
For security and traceability purposes, Team-in-Touch is storing configuration changes in log entries. Configuration changes include for example inviting a new team member, changing contact options etc. Those changes are stored without any further identifiable information than the internal user id and the action.
- User web browser and mobile phone brand, type and operating system
Team-in-Touch stores the web browser used (including operating system) and mobile phone brand, type and operating system version for service analytics. This allows us to focus on the systems used and optimize for those configurations.
- Mobile Phone App Notification identifier
When the user allows Team-in-Touch to send push notifications, Apple/Google provide a unique identifier for the user applicable for that specific phone and the Team-in-Touch application. Team-in-Touch requires this unique identifier to tell Apple/Google whom to send a push notification. Team-in-Touch will remove this identifier when requested to do so by Apple/Google.
Information Storage and security¶
Hareja AB stores passwords in an obfuscated form using a technique called hashing with a seed. Access to such hash doesn’t allow one to reconstruct the real password.
All network communication between Team-in-Touch web site and mobile applications is done with state of the art TLS encrypted HTTPS connections. Insecure encryption protocols are disabled and internal processes exist to regularly analyze the security of the used technology.
All data, including backups and log files, is stored on secured servers. Access to servers is controlled and limited to only those that require access. Access to databases is password protected.