Privacy Policy

By using pep.cards (the “Website”) and/or a Pep account (the “Service”), you agree to the terms of this Privacy Policy and the Terms of Service. The Service is designed and operated by Slash7 LLC (“Slash7”). Please read the Terms of Service and Privacy Policy in their entirety, and refer to those for definitions and contacts.

Contents

Data Collected
Use of the Data
Sharing of Data
GDPR compliance and Privacy Shield
Changes to the Privacy Policy
Questions and contact information

Data Collected

We're not in the business of selling, renting out or trading your data with 3rd parties. All data collected is used to provide you with the Service only, and all your private data and intellectual property is always yours.

We collect anonymous data from every visitor of the Website and Service to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.

For the Service, we ask you to register an account, log in and provide certain information (such as names and email addresses of your team members, your company name and address and your credit card information) in order to be able to store your task data as well as periodically automatically bill you & charge your card (credit card numbers are never stored on Slash7 servers, but are securely transmitted and stored with our payment provider).

We use cookies to store session information for your convenience. Cookies must be enabled to use the Website and the Service. We also store additional information which may contain personal information (like your time zone) in your local browser cache to ensure peak performance of the Service.

In order to take advantage of certain features of the Service, you may also choose to provide us with other personal information, such as your picture, but your decision to utilize these features and provide such data will always be voluntary.

Use of the Data

We only use your personal information to provide you with the Service to communicate with you about the Service or the Website. This includes both automated and manual processing of data.

With respect to any data you may choose to enter or upload to the Service, we take the privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts (unless you specifically choose to) or with the public. We employ industry standard techniques to protect against unauthorized access of data that we store, including personal information. All off-site backups of your data are securely encrypted.

Please note that if you choose to share data (like sharing a board with a client), we are not responsible for any violation of privacy law you may be liable for.

We do not share personal information you have provided to us without your consent, unless:

The Service is operated from the United States. If you are visiting the Website from outside the U.S., you agree to any processing of any personal information you provide us according to this policy.

The Service may contact you by email. For example, we may send you promotional emails relating to the Service or communicate with you about your use of the Website and Service. If you do not want to receive email from us, please opt out of receiving emails at the bottom of any such email. Please note that for some emails (for example billing issues), there’s no option to opt-out.

Sharing of Data

We don’t share your personal information with third parties except as listed below. Other then the information outlined below, only aggregated, statistical data is periodically transmitted to external services to help us improve the Website and Service.

For client-side analytics and tracking beacons, you’re welcome to use content blocking software; just be aware that this may influence our ability to identify errors and performance problems in your account. We can’t guarantee that the Service will work as intended when browser extensions alter the HTML, CSS or JavaScript code we transmit (however, we don’t take any active steps to prevent you from using extensions, including content blockers).

We listed below what data the third parties we share data with extract exactly. Feel free to check out their own Privacy Policies to find out more.

Communication when getting started with Pep, about new features, special offers relating to the service and recommendations on how to use the app:

Providing email support:

Tracking errors and measuring performance:

Transactional emails (Reports, Billing-related emails, etc.):

Provisioning of application features:

Service hosting and data backups

Additionally, Slash7 uses third party vendors that provide the necessary hardware, software, networking, storage and other technology required to run the Website and the Service. While Slash7 owns the rights to the Website and Service, you retain all rights to the data you enter into the Service.

In order to provide the Service, we also share data with services that help us track errors and bugs, keep backups of log files and identify performance issues (these are listed above).

We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.

If Slash7 is acquired or merged with an other company, or Slash7 sells the Website and Service to an other company, or if Slash7 goes out of business or enters bankruptcy, user information may be transferred to a third party. You acknowledge that such transfers may occur, and that any acquirer of Slash7 or its assets may continue to use your personal information as set forth in this policy.

GDPR compliance and Privacy Shield

For a detailed list of data sub-processors under the GDPR please see above under "Sharing of Data".

Your Data Protection Rights Under The General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

Right to Access, Correct, Update, or Request Deletion of Data

If you want to request an export or deletion of your personal data, and have an account with us, please contact us at support@pep.cards. Please note that we cannot delete personal data in open accounts when you’re not the account owner, as this would prevent us from providing the service the account owner is paying for (We suggest that you contact the account owner of the Pep account in question to ask them to anonymize or remove your data).

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

International data transfers

GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (please see below for details).

Data Retention and Deletion Schedules

Application Data and Backups

In order to accommodate customers who need older data restored, we keep backups indefinitely and cannot delete personal data form them as these are stored off-site, read-only and heavily encrypted and compressed. If we do have access or restore data to our production systems or for purposes of debugging, any deletions of personal data will be applied retroactively or the personal data will be anonymized.

Log files

We store server log files for (up to) one year for the purposes of debugging errors and helping customers find out when specific data changes happened and who did them; and for preventing fraud and providing the neccessary information when fraud is suspected.

Purchase Records and Invoices for our Services and Products

We keep copies of all purchasing records for tax and auditing purposes.

Personal Metadata

We keep personal metadata, given that the user allows us to process their data, which can be controlled by going to the Privacy tab in Settings & Profile.

When a user opts-out of a type of data processing we prevent additional data from being sent to the relevant data controllers. Every quarter, we contact our data processors with a list of users who have opted out of allowing us to process their personal data in the specific manner that we use their tools.

We will respond to Data Subject Rights Requests within the appropriate amount of time

Metadata collected by 3rd-party services

Some 3rd party services collect data independently from us, and have incorporated it as part of their service.

We do not store any copies of this data, and Data Subject Requests for this data must be submitted to the 3rd party service, since we do not control the data.

Slash 7’s Internal Business Data

We keep all internal business data as long as it is relevant; internal business data may include the data listed above.

Data Processing Agreement

We do have a Standard Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). We offer this DPA to our customers that operate in the EU. The DPA offers contractual terms that meet GDPR requirements and reflect our data privacy and security commitments to our clients. To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. We're a small team so we can't offer individual changes to the DPA since we do not have a legal team on staff. Any changes to the standard DPA would require legal counsel that would be cost prohibitive, increase our prices and would put an undue burden on our other customers. The DPA is a part of our Terms of Service. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Slash7 LLC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Slash7 LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Slash7 is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Slash7 complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Slash7 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Slash7 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield principles, Slash7 LLC commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Slash7 LLC at the contact address given at the end of this privacy policy.

Slash7 LLC has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint (free of charge). To facilitate fast and convenient resolution of complaints, you agree to participate in on-line dispute resolution through JAMS Online Mediation (Endispute).

Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution. This is described in Annex I to the Privacy Shield.

Changes to the Privacy Policy

We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make any significant changes in the way we collect or use information, we will notify you by posting an announcement on the Website or sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.

Changes to this Privacy Policy may go into effect immediately to ensure that we can provide the Service without interruptions (for example, we may have to switch 3rd-party providers of application features on short notice if they experience technical difficulties or go out of business).

Questions and contact information

Should you have any question or concern, please write to support@pep.cards, or write to:

Slash7 LLC
PO Box 411
Pipersville, PA 18947
United States

If you need to contact a data privacy officer, please use the contact information above.

Help & Support

Hi there! We make pep and we’re happy to answer all your questions!


Amy

Thomas

Cannon
Send us a message and we'll get back to you by email!
Prefer email? support@pep.cards