Privacy Policy

Updated on January 23, 2024. All policies.
This privacy notice applies to Bucket ApS (“Bucket,” “we,” “our,” “us”).

We strive to only collect data that is required for us to provide you with the Service. We do use third party services to operate the Service, like server hosting, payment processing and customer support.

We will never sell your data. We’ll only ever access your account to help you with a problem or to debug a software bug. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.

Identity and Access #

When you sign up for Bucket, we ask you to authenticate with Google, which provides us with your name and email address. We do so, so we can send you invoices, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company name in marketing statements without your permission.

You always have the right to access the personal information we store about you.

When you pay for Bucket, we ask for your credit card and billing address. That’s so we can charge you for service and send you invoices. Your credit card is passed directly to our payment processor and doesn’t ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history, invoicing, and billing support.

When you write Bucket with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we’ll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we’ll ever share your info:
  • To provide products or services you’ve requested, with your permission. List of third-party services we use.
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
  • If Bucket is acquired by or merged with another company, we’ll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

Your Rights With Respect to Your Information #

General Data Protection Regulation (“GDPR”) gives people under its protection certain rights with respect to their personal information collected by us on the Site. Accordingly, Bucket recognizes and will comply with GDPR and those rights, except as limited by applicable law.

The rights under GDPR include:
  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. This is your right to request correction of your personal information.
  • Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using Bucket services and may result in closing your account.
  • Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
  • Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
  • Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
  • Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.
If you have questions about exercising these rights or need assistance, please contact us at hello@bucket.co.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. List of Supervisory Authorities.

Processors we use #

As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information. For identification of these processors, and where they are located, please see our Subprocessor listing. We have signed appropriate data processing contracts that comply with GDPR with each processor.

Security and Encryption #

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The data is encrypted at rest, and so is our database backups.

For more information about how we keep your information secure, please review our Security policy page

Cookies #

Cookies are required to use Bucket.

Data Deletion #

When you cancel your account, you can request to get your data deleted on hello@bucket.co. Bucket furthermore reserves the right to delete your data 60 days after you have canceled your account. This information can not be recovered once it has been permanently deleted.

When transferring personal data from the EU #

The GDPR requires that any data transferred out of the EU must be treated with the same level of protection that the EU privacy laws grant. The privacy laws of the United States generally do not meet that requirement. That is why since GDPR went into effect, Bucket has offered a data processing agreement. We have incorporated a Data Processing Agreement to our Terms of Service that is in effect when the GDPR applies to your use of Bucket Services to process Customer Data as defined in the DPA. You can find the DPA linked within clause 5 of the Security and Privacy section in the Terms. The DPA includes the European Commission’s Standard Contractual Clauses to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. Furthermore to aid our customers, we have provided summary of GDPR in our Privacy Regulation Reference.

To get an executed copy of the Data Processing Agreement, follow the instructions listed in our Privacy Regulation Reference. Regardless of whether you execute or not, we protect and secure your data to the high standards set out in the agreement.

There are also a few ad-hoc cases where EU personal data may be transferred to the US related to Bucket, Inc. operations. For instance, if someone in the US comments on our company blog or a customer participates in one of our infrequent surveys or someone applies to one of our open positions or buys swag on our company shop. Such transfers are only occasional and transferred under the Article 49(1)(b) derogation under GDPR.

Law enforcement #

While we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, Bucket won’t otherwise hand your data over to law enforcement unless a court order says we have to. We flat-out reject such other requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made. We will provide delayed notice if the legal prohibition is lifted. Bucket's accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Bucket remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Bucket proves that it is not responsible for the event giving rise to the damage.

Location of Site and Data #

This Site is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.

Changes and Questions #

Bucket may update this policy. We’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site.Questions about this privacy policy? Please contact us at hello@bucket.co or via mail at Bucket ApS, Klosterstræde 9, 1159 Copenhagen, Denmark.

This policy have been adapted from the Basecamp open-source policies.