What is GDPR?
GDPR stands for General Data Protection Regulation. It is a law enforced by the EU to protect end users’ personal data. This law enforces several aspects of data security. Here at ClickCast, we want to give you a clear guideline on how we protect your data, what our responsibilities are, and what your responsibilities are.
We strongly suggest you read all our documentation or other articles about GDPR before using our application. It’s your decision whether or not to use ClickCast. We are not responsible for any negligence or fault on your side or by any third party regarding data protection. Please take your time, read the documentation, and act wisely. Stay safe.
Definition of Personal Data
Any data owned by an individual is considered personal data. This includes names, images, email addresses, physical addresses, social media posts, locations, IP addresses, and more. Ownership of personal data is absolute—regardless of where or how the data is stored, it always belongs to the user.
A data collector or user (like Facebook or YouTube) cannot view, store, share, or perform any activity with a user’s personal data without the user’s explicit or implicit permission. For example, when you post on social media, you give implicit permission to show that post to your contacts. However, the application admin is not responsible for abusive comments made by others on your post.
While the user has responsibility for any public data they share, the application admin is responsible for disclosing any data sharing with third parties in advance. Data uploading and sharing involve both the user and the app admin. Further details can be found in the full documentation.
Responsibility of Developer
The developer is responsible for safeguarding user data on the application’s backend. This includes how data like names, phone numbers, and emails are stored in the database and server. We will clearly describe how both directly submitted data and indirectly collected data (browser info, IP address, etc.) are saved.
Once data is uploaded to the server, its security depends on the server and sometimes on the application admin. Users will be notified of all temporary (cookies and sessions) and permanent (database-stored) data usage. Users have the right to permanently delete their personal data upon account deletion or service cancellation.
We do not keep logs of user activity or create any backdoors to extract user data. Sometimes developers may require access to admin credentials temporarily for setup or maintenance. We strongly recommend that app admins change these credentials afterward. Developers are not responsible for any credential leaks or unintentional security flaws. Online data always carries a risk, so please do not share data that could compromise you or others.
Responsibility of Application Admin
Application admins have unrestricted access to user data stored in the database or on the server. Admins must be transparent about how user data is used and must announce this before user registration. Admins must not permit unauthorized data extraction under the guise of surveys, forms, or other tactics.
As the party with the highest privileges in the system, the application admin holds the highest responsibility for ensuring user data security.
User’s Responsibility
Users should read all documentation from both the app developer and admin before submitting data. Data security begins with you. Choosing weak passwords or sharing credentials can easily compromise your account.
Change your credentials if you detect suspicious activity. Avoid storing your credentials in browsers; use password managers like LastPass instead.
Our Action on GDPR
- Collect as little data as possible, and explain why it’s needed
- Enforce HTTPS
- Destroy all sessions and cookies after logout
- Do not track users for commercial purposes
- Inform users about logs like IP and location
- Maintain clear Terms & Conditions
- Notify users about third-party data sharing
- Create policies for data breaches
- Allow full data deletion upon subscription cancellation or account deletion
- Patch vulnerabilities regularly
Supported GDPR Features
Adios, Application
If you cancel your subscription or delete your account on ClickCast, you have the option to delete all associated data. This action is irreversible. You may back up your data before deletion if you plan to return in the future.
Secrecy is My Right
We encrypt most personal data in our database. In the event of a breach, the attacker will only see encrypted hashes. Some data (like usernames) may be visible due to system requirements, but we minimize exposure as much as possible.
No Cookie and Session Saving
You can choose whether or not to save cookies and sessions. All saved sessions are destroyed after logout. We recommend you don’t save credentials in your browser—use secure tools like LastPass.
Destroy Footprints
We do not track your behavior for profit. Login times and IPs may be logged for security purposes only. When your account is deleted, all your data is wiped from our server.
Social Engineering is Bad
We do not log or analyze your personal activity to sell products or manipulate behavior. Such practices are unethical, and we do not engage in them.
Notify Me
Receive email notifications for actions related to your account (like account creation or password changes). If you notice anything suspicious, update your credentials immediately.
Policy Update Notification
You will be notified of any changes to our privacy policy or terms. Read your emails carefully and take appropriate actions. Reach out to us with questions anytime.
Connect Without Worry
We enforce HTTPS across our platform. Data sniffing is not possible, and even if it were, the data would be encrypted.
No Data Collecting
We don’t collect user data secretly. There’s no backdoor. Even we, the developers of ClickCast, cannot access your application without the admin password. Rest easy—no hidden data leaks.
Data Breach Policy
While we implement encryption, input validation, and SQL injection prevention, we are not responsible for server-side breaches. That responsibility lies with the app and server admin. Weak passwords or misconfigured databases (like MongoDB) can still be exploited. For these concerns, contact your app admin directly.