Login
Become a Partner
Request A Demo
Menu
Close

Data Protection and Privacy on the Emojot Platform

Last Updated: February 2023

The Emojot platform operates as both a data controller for its own data and a data processor for customer data. Emojot follows the EU GDPR (General Data Protection Regulation) definitions (Article 4), which state that:

  • A data controller determines the purpose and means of processing personal data.
  • A data processor processes data on behalf of the controller.

     

What is Personally Identifiable Information (PII)?

Personally Identifiable Information (PII) refers to any data that can identify an individual. This includes:

  • Common PII: National Identity Card numbers, Social Security numbers, mailing addresses, email addresses, and phone numbers.
  • Digital PII: IP addresses, login IDs, social media activity, and digital images.
  • Sensitive PII: Geolocation data, biometric information, and behavioral data.

The Emojot platform collects and stores PII in its role as both a data processor and a data controller.

Emojot’s Compliance with Data Privacy Laws

Emojot is committed to complying with data protection regulations applicable to its operations. This includes GDPR and other relevant laws.

To inquire about specific compliance measures, please email security@emojot.com

As a data processor, Emojot also enables its customers to comply with relevant privacy regulations. For further assistance, customers should contact their Account Manager.

Data Privacy: PII Data Subject Requests

As a survey platform, Emojot collects data on respondents on behalf of customers. Under GDPR and other privacy regulations, individuals have the right to:

  • Access personal data
  • Rectify inaccurate data
  • Request data deletion
  • Restrict data processing
  • Request data portability
  • Object to data processing
  • Withdraw consent at any time

However, these rights depend on the legal basis under which Emojot’s customers (data controllers) collect the data. If a survey respondent wants to exercise these rights, they should contact the respective data controller (Emojot’s customer).

For data controlled directly by Emojot, requests should be sent to security@emojot.com

Data Privacy: Automated Actions & Profiling

Emojot’s customers, as data controllers, determine:

  • What type of data is collected
  • Who data is collected from
  • Where data is collected
  • Why data is collected
  • When data is deleted

Emojot provides built-in governance tools that allow customers to manage data subject requests related to automated decision-making and profiling.

Data Privacy: Consent & Special Data Categories

Following GDPR guidelines, Emojot ensures that consent is:

  • Freely given
  • Specific & Informed
  • Unambiguous & affirmative

Consent collection can be included as the first question in a survey.

Health Data Disclaimer: GDPR categorizes health data as “special data.” Emojot does not process health-related data and therefore has not implemented stricter consent protocols required for health data processing.

Data Privacy: Data Collection

1.  Sign-In & Authentication

When signing up via Google OAuth, Emojot collects:

  • Name
  • Email address
  • Google ID
  • Basic profile information

Privacy Assurance: Emojot does not access additional Google account data beyond what is necessary for authentication.

2. Online Reputation Management (ORM)

Emojot’s ORM feature allows customers to manage Google Business locations and respond to reviews.

To facilitate this, Emojot collects:

  • Email address of the business location owner
  • Google Business locations managed by the user
  • Customer reviews linked to those locations

Privacy Assurance: Only authorized users can manage reviews. Emojot does not access additional Google data beyond authentication.

Data Protection & Security

1. Data Encryption

All Emojot data is encrypted both at rest and in transit to ensure security.

2. Data Storage & Compliance

Emojot data is stored in AWS cloud infrastructure, which includes:

  1. High availability & failover support
  2. Replication for data redundancy

Compliance with AWS security standards

3. Identity & Access Management

Emojot restricts data access to authorized applications within a private AWS network.

At the application level, access is managed through:

  • API authentication & governance
  • Role-based access control (RBAC)
  • User-level permissions (SAML & OAuth2)
  • Multi-factor authentication (MFA) for added security

4. Security Monitoring & Governance

Emojot follows industry best practices for IT security, including:

  • Automated server patching
  • Vulnerability scanning
  • Continuous security audits

Data Protection: Data Breach Protocol

Under GDPR, data breaches must be reported within 72 hours. Emojot’s governance framework ensures:

  • Rapid breach detection
  • Customer notifications within 72 hours
  • Ongoing improvements to compliance processes

For any security concerns, please contact security@emojot.com

Transforming customer interactions with real-time, AI-powered insights. Empowering businesses to connect, engage, and grow.

  • Colombo, Sri Lanka
  • California, USA

info@emojot.com

Explore

Home

Products

Solutions

Resources

About

Become a Partner

Request a Demo

SOLUTIONS

Hotels & Hospitality

Hospitals & Healthcare

Restaurants & Cafes

Retail & E-Commerce

BFSI (Banking, Financial Services & Insurance)

Manufacturing

General & Cross-Industry Solutions

Resources

Blogs

Case Studies

White Papers

Articles

Research Documents

social

Linkedin

Facebook

X

Instagram

Privacy Policy

Security & Compliance

Terms of Service

Copyright © 2025 Emojot. All Rights Reserved.