Chameleon is committed to privacy and security and is GDPR compliant as of May 25th 2018. Learn more about our GDPR compliance here

If you collect data about EU residents, you are likely to be considered a Data Controller under the new regulations. If you send that data to Chameleon, we become a Data Processor. 

We are committed to making it easier for you to comply by fulfilling our obligations to you and your users. 

Helping you inform and opt-in users

Chameleon can help you inform users inside your product, about changes to your terms or policies, and to collect opt-ins for data usage. To learn more see below. 

Providing your users their individual rights

To be compliant, companies have to provide the following rights to their users. If you receive a request from one of your users as per these rights, then Chameleon will help you fulfill it within our system. 

The right to be informed 

Individuals need to be informed about the collection and use of their personal data in a clear and transparent way. 

You can include the following information in your Terms & Conditions, your help articles or wherever else you include information about how you use your user data when dealing with Chameleon: 

"We use Chameleon to help our users better learn our web application, using interactive product tours built with Chameleon. Chameleon provides an editor to build these tours, and also delivers them inside our application during their interaction. Chameleon does not automatically collect any personally identifiable information, and uses data we proactively send to Chameleon for the purposes of helping us deliver the right guidance to the right user at the right time. To learn more about Chameleon's security practices, cookie policies and regulatory compliance, please visit https://www.trychameleon.com/security."

The right of access

Individuals can request a copy of their personal data so they can be aware of / validate its lawful processing.

To download any user data, either email us at security@trychameleon.com (from the email address associated with your Chameleon account) or download user data via this API

The right to rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. 

To update or edit any user data, either email us at security@trychameleon.com (from the email address associated with your Chameleon account) or send updated data via this API

The right to erasure (right to be forgotten)

Individuals can request the deletion of their personal data if it is no longer necessary (for the original purpose) or they no longer consent. 

To delete any user data, either:

  •  email us at help@trychameleon.com (from the email address associated with your Chameleon account). 
  • use our API to automatically delete users. Read more here.

We will automatically delete all user data for all accounts that have not been active for 1 year. This is part of our data retention policy as outlined here.

The right to restrict processing

Individuals can request a restriction on usage of their personal data (not erasure) if they believe it to be inaccurate or unlawfully processed.

If a user requests their data not sent to Chameleon please do not call chmln.identify  for their profile. Learn more about installing Chameleon here

The right to data portability

Individuals are entitled to obtain their personal data (in a commonly used format) to reuse for their own purposes across different services.

If you receive a data request for user data sent to Chameleon, please download it via this API and send to your user. 

The right to object

Individuals can object to their data being processed for direct marketing or research. 

Chameleon does not ever use the user data you send for direct marketing or research and will never sell that data to any other parties.

Rights in relation to automated decision making and profiling

Companies can only leverage automated decision-making (without involvement of individuals) that create legal or similarly significant effects upon individuals in very limited and specific circumstances.

Chameleon does not make any automated-decisions based on personal data that cause significant effects to individuals.

Data Processing Agreement

If you are a EU based customer then you may need to sign a Data Processing Agreement with us. To do so, please email us at security@trychameleon.com so we can send you a copy of this to sign. 

Did this answer your question?