for the Software-as-a-Service Aam Digital Case Management Platform
As a social impact organisation dealing with very sensitive information in our software we value data privacy and security very highly. We are based in the EU and fully complying with the GDPR (General Data Protection Regulation).
Below we explain how and what personal information we handle as part of our Software-as-a-Service product, the Aam Digital Case Management Platform.
Who we are
Aam Digital is a social enterprise based in Germany, developing an open source case management system for the social sector. We work as a company as well as a broader team of contributors to the open source project.
Aam Digital Case Management Platform
User & Account data
In order to provide your team members access to the software, you manage their user names and emails within our platform. We use this data exclusively to provide users their account credentials.
Beneficiary / Participant data (that you enter in the system)
Our case management system is designed to help you manage personal data of people you work with. What kind of data you enter and how you use it is entirely up to you. We act as a Data Processor (according to Art. 28 GDPR) for you. All rights around the data you enter remains with you (as does the responsibilities to ensure you yourself have the right to collect and store that data about other people).
As part of your registration with us we sign a Data Processing Agreement that clearly specifies your rights and our responsibilities to ensure the data safety and security.
Map / Location Integration
If you use our location feature, which let’s you visualize a location on a map and enter an address to place it on the map, we use OpenStreetMap and the Nominatim API to provide this functionality.
Where we store your data
All data is only stored on servers managed by us. Our servers are based in Germany run by a German hosting provider not affiliated with a company outside the EU.
How we secure your data
We have extensive technical and organizational measures (TOMs) in place to protect your data. This includes processes and reviews from the software development phase and across administration and hosting of the platform as well as state-of-the-art technical security measures. We share the full list of TOMs with you as part of our data processing agreement. Feel free to reach out to us for more details also.
Open Source / Self-hosted Systems
Our software is fully Open Source (available on GitHub) and can therefore be hosted by anyone on their own servers, taking complete control over operation and storage of the software and all data. In this case, no data whatsoever is shared with us.
Monitoring & Usage Analytics
When you visit the application as a user, we store: the interactions with the site, the date and duration of your visit, a pseudonymized id of the user account, your anonymised IP address and information about the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit.
When unexpected errors occur in the software while you use it, we automatically send technical details to Sentry and alert our team. These details are explicitly filter to remove any sensitive personal data but may include your username. Data stored includes: the interactions with the site, the date of the incident, your username and information about the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used and technical details of the error like the lines of code that failed.
Where we store your data
All data except error monitoring (see above) is only stored on servers managed by us. We do not use external services like Google Analytics. Our servers are based in Germany run by a German hosting provider.