Privacy Policy

Last updated: January 2026

Unplug is operated by Vanilla Telecoms Limited ("we", "our", or "us"), a limited liability company registered and headquartered in Malta in the European Union. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. This Privacy Policy explains how we collect, use, and share information when you use our leave management application.

Data Controller

Vanilla Telecoms Limited is the data controller responsible for your personal data. You can contact us at:

Email: privacy@unplug-app.com
Address: Vanilla Telecoms Limited, Malta

Information We Collect

When you use Unplug, we collect:

Slack Workspace Information: Your Slack workspace ID, name, and domain when you install the app.
User Information: Slack user IDs, names, email addresses, and profile pictures of users in your workspace.
Leave Data: Leave requests, approvals, balances, and related information you enter into the app.
Usage Data: How you interact with the app, including feature usage and access patterns.

Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Article 6:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide the leave management service you have requested.
Legitimate Interests (Art. 6(1)(f)): Processing for service improvement, security, and fraud prevention, where our interests do not override your rights.
Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws.

How We Use Your Information

We use the information we collect to:

Provide and maintain the leave management service
Process leave requests and manage balances
Send notifications via Slack
Improve and develop new features
Provide customer support
Ensure security and prevent fraud

Data Storage and Security

Your data is stored securely on Cloudflare's infrastructure, which maintains data centres globally. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

Encryption of data in transit (TLS/HTTPS)
Encryption of data at rest
Access controls and authentication
Regular security assessments

Data Backup

We perform regular routine backups of data to ensure business continuity and disaster recovery. However, you are solely responsible for maintaining copies of your data. We recommend that workspace administrators regularly export their data using the tools we provide.

Point-in-time recovery available for up to 30 days
Backups are encrypted and stored securely
Workspace administrators can export their data at any time via the dashboard
Business plan subscribers can enable automated daily backups to Google Drive

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

Cloudflare: Operates under Standard Contractual Clauses (SCCs) approved by the European Commission.
Slack: Operates under SCCs and additional safeguards as outlined in their privacy policy.
Stripe: Certified under appropriate data protection frameworks and uses SCCs.

Data Sharing

We do not sell your personal data. We may share your information only:

With Slack, as necessary to provide the integration
With service providers who help us operate the app (Cloudflare for hosting, Stripe for payments) under appropriate data processing agreements
If required by law or to protect our legal rights

Data Retention

We retain your data for as long as your workspace uses the app. When you uninstall the app or your subscription expires, we retain your data for 30 days before permanent deletion, allowing time for reactivation if needed. You may request earlier deletion at any time.

Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

Right of Access (Art. 15): Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing (Art. 18): Request limitation of how we use your data.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing based on legitimate interests.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@unplug-app.com. We will respond to your request within 30 days.

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In Malta, this is:

Office of the Information and Data Protection Commissioner (IDPC)
Website: https://idpc.org.mt
Email: idpc.info@idpc.org.mt

Cookies

We use essential cookies only to maintain your session and provide the service. We do not use tracking or advertising cookies. These essential cookies are necessary for the service to function and cannot be disabled.

For Workspace Administrators

If you are a workspace administrator, you act as a data controller for your employees' leave data. We act as a data processor on your behalf. You are responsible for ensuring you have appropriate legal basis and policies in place for processing your employees' data through Unplug.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where appropriate, notifying you via email or through the app.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

General enquiries: helpdesk@unplug-app.com
Privacy matters: privacy@unplug-app.com