Privacy Policy
for the Software-as-a-Service Aam Digital Case Management Platform
As a social impact organisation dealing with very sensitive information in our software we value data privacy and security very highly. We are based in the EU and fully complying with the GDPR (General Data Protection Regulation).
Below we explain how and what personal information we handle as part of our Software-as-a-Service product, the Aam Digital Case Management Platform.
Our Privacy Policy for this website and you as a visitor is kept separately here: Privacy Policy.
Who we are
Aam Digital is a social enterprise based in Germany, developing an open source case management system for the social sector. We work as a company as well as a broader team of contributors to the open source project.
If you have any questions about this privacy policy, please contact us at data-protection@aam-digital.com. For details and contact information also see our imprint.
Aam Digital Case Management Platform
User & Account data
In order to provide your team members access to the software, you manage their user names and emails within our platform. We use this data exclusively to provide users their account credentials.
Beneficiary / Participant data (that you enter in the system)
Our case management system is designed to help you manage personal data of people you work with. What kind of data you enter and how you use it is entirely up to you. We act as a Data Processor (according to Art. 28 GDPR) for you. All rights for the data you enter remains with you (as does the responsibility to ensure you yourself have the right to collect and store that data about other people).
As part of your registration with us we sign a Data Processing Agreement that clearly specifies your rights and our responsibilities to ensure the data safety and security.
Map / Location Integration
If you use our location feature, which let’s you visualize a location on a map and enter an address to place it on the map, we use OpenStreetMap and the Nominatim API to provide this functionality.
We transfer only the address text to the external service and do not expose related details like names to them. The Nominatim API then translates written addresses to long-lat coordinates and vice versa. The non-profit OpenStreetMap Foundation (OSMF) operating this service is collecting technical details of this as specified here in OSMF’s privacy policy.
Push Notifications
If you use the “Push Notifications” of our notifications module (i.e. system notifications that inform you about new data while the application is not opened) we use Google’s Firebase Cloud Messaging service to be able to reach your device. Google stores Firebase installation IDs from you to determine which devices to deliver messages to. These IDs do not contain any personal data. (see Firebase Privacy; Firebase is GDPR-compliant, see Firebase Data Processing and Security Terms; we do not use its other services except “Cloud Messaging”)
We do not send any case data contain any of your information through Firebase Cloud Messaging services. Only generated event IDs and generic descriptions are passed through this system.
Where we store your data
All data is only stored on servers managed by us. Our servers are based in Germany run by a German hosting provider not affiliated with a company outside the EU.
How we secure your data
We have extensive technical and organizational measures (TOMs) in place to protect your data. This includes processes and reviews during the software development phase, across administration and hosting of the platform, as well as state-of-the-art technical security measures. We share the full list of TOMs with you as part of our data processing agreement. Feel free to reach out to us for more details also.
Open Source / Self-hosted Systems
Our software is fully Open Source (available on GitHub) and can therefore be hosted by anyone on their own servers, taking complete control over operation and storage of the software and all data. In this case, no data whatsoever is shared with us.
Monitoring & Usage Analytics
Usage Statistics
In order to improve the product and understand which functionalities may need changes or additions we use the open source analytics software Matomo. However, to respect your privacy we do not collect personal information.
When you visit the application as a user we store: the interactions with the site, the date and duration of your visit, a pseudonymized id of the user account, your anonymised IP address and information about the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit.
Error Monitoring
In order to discover technical problems and analyze errors in the software, we use the open source monitoring software Sentry and its hosted service Sentry.io.
When unexpected errors occur in the software while you use it, we automatically send technical details to Sentry and alert our team. These details are explicitly filtered to remove any sensitive personal data but may include your username. Data stored includes: the interactions with the site, the date of the incident, your username and information about the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used and technical details of the error like the lines of code that failed.
Where we store your data
All data except error monitoring (see above) is only stored on servers managed by us. We do not use external services like Google Analytics. Our servers are based in Germany run by a German hosting provider.
