The following terms and conditions are part of the Terms of Service (the “Terms”) and govern the way Storyteq processes, stores and secures data. Therefore, please read these Terms carefully since they set out the rights and obligations between you and StoryTEQ B.V.
(“Storyteq“, “we“, “our” or “us“) concerning your and our data.
Data security. Storyteq has put in place commercially reasonable physical, electronic, and organizational procedures to safeguard and secure the information (Data) we collect, receive and/or process through or/and with Storyteq’s services. More explicitly, but not limited by:
We are (under the scope of our parent company ITG Group) ISO27001 certified.
All the connections and applications (including login pages) on our end are TLS 1.2 encrypted.
Storyteq’s account passwords are encrypted and API access tokens are hashed. The stored data can only be accessed by using hashed access tokens.
Our, and thus your Data, is stored on Google Cloud servers (and thus subject to Google Cloud’s security measures). Google Cloud is certified with ISO27001, ISO27017, ISO27018 https://cloud.google.com/security/compliance . The default physical locations are in St. Ghislain, Belgium and Eemshaven, Netherlands.
Storyteq’s databases are only accessible from authorized IP addresses. All data at rest is encrypted using the 256-bit Advanced Encryption Standard (AES-256). Passwords are also hashed.
Data stored in Storyteq databases are separated per client with a unique CompanyID. An access token has only access to data from a specific CompanyID and thus can never access any other data. On request, we can deploy data to separated databases.
All our data has a life-time value and will be deleted after the life-time expires. The standard lifetime is 30 days for data and 60 days for assets (creatives, such as video's).
Generated media is only available through hashed URL’s, therefore it is not possible to randomly gain access to another person’s unique Video or other sorts of media.
We run regular, automated, back-ups of our system and databases (both full and incremental back-ups).
We use separate environments in our infrastructure. There is a separation between development, testing, acceptance and production.
We run daily automated scanning and scripts on our API & database for security checks and do a monthly security analysis to ensure our security is up to date.
Our API and databases run on a flexible hosting environment with a fail-over cluster with constant health checks.
All our technical infrastructure components are hosted within a virtual private cloud. Therefore data in our platform is only available through an API connection.
We educate our (technical) personnel on how to treat personal data on a continuing basis, but at least in monthly, recurring, sessions.
We have several policies and procedures in place in case of incidents and to ensure business continuity.
License to Data
As a Customer, as long as you make use of the Storyteq service, you grant Storyteq a royalty-free, paid-up, non-exclusive, irrevocable and worldwide license to access, log, retain and use all (Consumer) Data and Creative files pertaining to your account, as well as all other data and content you provide to us, to administer and make improvements to the Storyteq’s service, as well as carry out Customer related tasks, ie; billing; generation and the delivery of Creatives; collection and analyzing Consumer Data; and compile statistics, metrics, insights, and general trend-data about the Storyteq’s service for your insight. While doing this, Storyteq will always adhere to the agreements made between you and Storyteq about the handling of (Consumer) Data.
For clarity, as between you and Storyteq, all Consumer Data and Creative files and templates shall be solely and exclusively owned by you. As used herein, Consumer Data means any data pertaining to Consumers’ engagement with Creatives (such as, without limitation, click-to-play events, percentage of a Creative viewed, and click-through rates).
As you use our Services, you (or we for you) may import (manually or automatically) into our system, personal information you have collected from your users/customers or other individuals. We have no direct relationship with these users/customers or any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about those individuals.
The Storyteq’s service may include tools giving you the opportunity to provide us with feedback data (such as but not limited to, comments, suggestions, and questions) about the Storyteq’s service (“Feedback“). You agree that all rights, title, and interest in and to all Feedback (even if provided to us other than through Storyteq’s service tools) are and shall remain the sole and exclusive property of Storyteq.
4. Compliance with Laws
You agree to comply with all applicable international, national, state, regional and local laws and regulations in accessing and/or using the Storyteq’s service (or any part thereof) and in performing your obligations and exercising your rights under these Terms, including without limitation laws relating to privacy, data protection, and exports (such as the GDPR).
For various functional reasons, we make use of a variety of sub-processors. While evaluating these sub-processors, we ensured that they adhere to the same level of security measures that we enforce ourselves. We took the term sub-processor in the widest sense and below you can read how they actually impact our service.
Category 1 (severs/storage): our infrastructure runs on Google Cloud. That means the servers where our service runs, and the databases that we use are part of the Google Cloud Ecosystem.
Category 2 (monitoring): we run a variety of monitoring tools on our architecture. The ones that are outside the Google Cloud eco-system are listed underneath.
Category 3 (other): these sub-processors do not touch your data (or in a fairly limited way), but help to improve our service.
7. Service Level Agreement
Our Service Level Agreement can be found here.
If you have any questions about these terms or other terms of our service. Please contact email@example.com