We do not partner with or have special relationships with any ad server companies.
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
This policy does not guarantee the ability to be able to delete your data. However, it is mentioned that you can do so via an automated method on their help page at https://get.todoist.help/hc/en-us/articles/203799822
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
Q: How does Doist process data?
A: Doist is considered a Data Processor which means that Doist controls how your user data is processed and is responsible for the data to be processed within GDPR regulations. Although Doist owns the code, databases, and all rights to the Todoist and Twist applications, you retain all rights to your data.
When it’s absolutely necessary, we use GDPR-compliant third party services and hosting partners such as Stripe, AWS and Google G-Suite. In these cases, we take the necessary safeguards to ensure that we are GDPR compliant when sending and receiving data from the third party.
Q: Do you provide a list of relevant third party services?
A: Yes. When necessary, we use the following GDPR-compliant third party services:
- Amazon Web Services
- Google Analytics
- Microsoft Azure
- Microsoft Visual Studio App Center
- CloudBees Rollout
On their security FAQ (https://get.todoist.help/hc/en-us/articles/360000814029), they mention the other critical service provider
There is no mention of how this service complies with legal orders
All data and information transmitted with [the] Service is secured by SSL protocol.
A more in-depth whitepaper can be found at https://todoist.com/security
Effective Date: May 15th, 2018
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
The service is not required by this policy to notify users of data breaches.
If our information practices change at some time in the future we will post the policy changes to our Web site to notify you of these changes and we will use for these new purposes only data collected from the time of the policy change forward. If you are concerned about how your information is used, you should check back at our Web site periodically.
This includes the use of data brokers and independent verification authorities (such as background check providers).
No data is collected from third parties.
Todoist collects the email addresses of those who communicate with us via email, and information submitted through voluntary activities such as site registrations or participation in surveys. Todoist also collects aggregated, anonymous user data regarding app usage. The user data we collect is used to improve Todoist and the quality of our service. We only collect personal data that is required to provide our services, and we only store it insofar that it is necessary to deliver these services.
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
Data is not used for non-critical purposes
Q: What types of personal data does Doist collect?
A: When registering for Todoist and Twist you voluntarily give us information such as your name and email address. You can access and update this information at any time in your personal Account Settings.
In addition, when you use our services, you give us the consent to use the following data:
Name and surname (optional, not processed)
Job (optional, not processed)
Phone number (optional, not processed)
VAT ID (optional)
Invoice address (for Premium accounts)
This is located on the privacy FAQ found at https://get.todoist.help/hc/en-us/articles/360000814029
June 24, 2020