Short answer: Yes.
There are two ways in which we process data: directly and indirectly. But for us, that applies even more than for other companies. Why? On the one hand, we process data through our own website: https://www.surfly.com (check out our privacy- and cookie policies), and https://surfly.com. These domains are hosted on different servers, and the latter is used for the Surfly dashboard.
Your personal information
You can only get access to the dashboard if you have a Surfly account. When you sign up with your name, company name, and email address, this is the only information we store about you. When you delete your account, your personal info will be removed from our database. If you sign up for a paid plan and enter your credit card info, we send this to Stripe and they handle the rest.
Your session data
With indirectly, we refer to our proxy server. All requests made during a co-browsing session go through our servers.
What does this mean with regards to GDPR?
When a Surfly co-browsing session is started on a website, Surfly sets one cookie. In this, we store the session ID, and the cookie expires when the co-browsing session is ended.
All other cookies set during co-browsing go through our proxy and are therefore cookies that actually come from the websites that are being co-browsed. The responsibility of regulating these cookies belongs to those respective websites.
We don’t store user data.