General Data Protection Regulation

GDPR stands for General Data Protection Regulation. A new law imposed by the European Union to protect end-user personal data. This law imposes several aspects of data security. Here we want to provide guidance on how we protect your data, what our responsibility is and what your responsibility is. 

We highly suggest you read all our documentation or any other article about GDPR and make a decision whether you want to use our app or not. 

We are not responsible for any negligence or error in data protection on your part or on the part of any third party. Take your time to read the documents and act wisely, stay safe.

Definition of personal data

Any data held by an individual is their personal data. It could be someone's name, photo, email address, physical address, social media post, location, computer IP address, etc.

This means that wherever and how data is saved, it belongs to the user alone. Neither the data collector nor the data user (facebook and youtube) can show, save, share or perform any other activity with the user's personal data without the user's express or implied permission. 

If the user gives permission to use his data for a certain type of action (data storage, data display, etc.), it can be used by the application administrator. 

To visualize this consider a hypothetical situation. Post a status on social media. Here you have given implicit permission to view the post to public or private contacts. 

The application administrator is not responsible for any offensive comment on your post by your contacts. This means that if you make your data public, it is your responsibility. 

But the application administrator bears responsibility for any sharing of data with a third party. If any data is shared, it must be explicitly stated in advance. 

So we see how loading and displaying data depends on both the application administrator and the user. You'll get more details when you read the full documentation.

Developer's responsibility

The responsibility for protecting personal user data on the backend of the site lies with the developer. 

The developer is responsible for how the user's data (name, phone number, email, etc.) and other information (such as records of the user's interaction with the site) are stored in the database and server. 

We will explain in detail how the data you submit directly (name, email etc.) and indirectly (browser name, computer IP address etc.) is saved in the database and server. 

Once any data is uploaded to the server, the security of the data depends on the security of the server and sometimes the site administrator. 

The user will be notified of all temporary (cookie and session) and permanent (data saved in the database) data. 

The user will have the option to permanently erase all his personal data when deleting the account or canceling the service. We assure you that we do not keep logs of user activity and any other backdoor to extract user data. 

At some point, a developer needs access to cpanel and other application administrator credentials to support and maintain the application for a short period before the application is fully online. 

We highly recommend that the application administrator change these credentials after the task is accomplished. The developer cannot be held responsible for any credential leakage on this basis. The developer also cannot be held responsible for any unintentional security flaw in the site. 

After all, data shared online always carries the risk of leaking. Therefore, we strongly suggest that you do not share any data that could put you at risk. 

At some point, a developer needs access to cpanel and other site admin credentials to support and maintain the site for a short period before the site is fully online. 

We highly recommend that the site administrator change these credentials after the task is completed. The developer cannot be held responsible for any credential leakage on this basis. 

The developer also cannot be held responsible for any security flaws on the site. After all, data shared online always carries the risk of leaking. 

Therefore, we strongly suggest that you do not share any data that could put you at risk. At some point, a developer needs access to cpanel and other site admin credentials to support and maintain the site for a short period before the site is fully online. 

We highly recommend that the site administrator change these credentials after the task is completed. The developer cannot be held responsible for any credential leakage on this basis. 

The developer also cannot be held responsible for any unintentional security flaw in the app. After all, data shared online always carries the risk of leaking. Therefore, we strongly suggest that you do not share any data that could put you at risk. 

The developer also cannot be held responsible for any unintentional security flaw in the app. After all, data shared online always carries the risk of leaking.

 Therefore, we strongly suggest that you do not share any data that could put you at risk. The developer also cannot be held responsible for any unintentional security flaw in the app. 

After all, data shared online always carries the risk of leaking. Therefore, we strongly suggest that you do not share any data that could put you at risk.

Responsibility of the site administrator

The site administrator has unrestricted access to the user's personal data. The administrator can access the database, server logs, and any other information about administrator access. The site administrator can see and copy the data saved on the database and server. The site administrator may share user personal data with third parties. How user data will be used must be explicitly announced by the website administrator before the user registers. The administrator must not allow anyone to extract data openly or under the guise of questionnaire, form filling or any other means. The application administrator has the most privilege in the application. Therefore, the administrator bears maximum responsibility for preserving the user's personal data.

User responsibility

It all depends on the user. If the user does not provide the data there will be no data breach. But this is not an option. The user's top priority is to read all documents from the website developer and website administrator and then submit the data. The secure maintenance of user credentials is the sole responsibility of the user.

The password and username may be encrypted in the database, but a dictionary word or highly predictable password for a specific user could easily give access to the user account to a hacker. 

Change your credentials in case of any suspicious activity by unauthorized person or if for some unavoidable reason you share your credentials with others. Always think before sending.  

Our work on the GDPR:

 Once you cancel your subscription or delete your account, we give you the option to delete all of your data in or associated with your account. Note that this action is irreversible. The moment you say yes to deleting all your data will be erased from the database and server forever. You can back up data before deletion in case you re-subscribe or re-register.

Confidentiality is your right: We encrypt most of your personal data in the database. If any bad things happen (data breach), the hacker will get an encrypted hash and not a personal one on plaintext. 

So your confidentiality will remain intact even in the event of a data breach. Note that some data cannot be encrypted because we need to show it when you log in to the account (such as username). We will anonymize all your personal data as much as possible.

Do not save cookies and session: We will provide an option to save cookies and session or not. Even if you save the cookie and session, they will be destroyed after you log out. We strongly suggest that you do not save your credentials in the browser.

Connect without worry: We enforce HTTPS everywhere. Data sniffing is not possible in this case. Even possible, the sniffer will obtain an encrypted hash. So feel safe to use our app.

We do not collect data: We do not collect any user data. There is no backdoor, no hidden data collection option. Once the application is uploaded to the server even we cannot access the website without the website admin password. So don't worry about any hidden data leakage.

Data Breach Policy: We implement all security to carefully store your data in the database (data encryption, MySQLi, SQL injection prevention, input scanning, etc.). But we do not take any responsibility for data breach from server. Because it is entirely the responsibility of the application administrator and server administrator to secure your data from hacking. 

Any weak or too predictable password of the application administrator or server administrator may lead to database compromise. Any inherent error in the database configuration can abandon the database. Any security flaw on the server can lead to data leakage. Please contact your application administrator in this regard.

Children's Privacy StudyShoot.com is not intended for children under the age of 18. If you believe that we have inadvertently collected Personal Data from a child, please contact us and we will promptly delete the information.

contact information