MyTommy.com

Privacy Requirements

Tommy is a GDPR compliant platform and while GDPR regulations are specific to Europe Tommy chooses to respect the privacy of user data regardless of location.

If your mini program connects to third party systems (external to Tommy) then it is mandatory for you to implement and maintain the proper functionality of the webhooks as listed below. Failure to maintain the proper technical and operational function of these webhooks will result in the removal of non-compliant developers and their mini programs.

Note: This Privacy Requirement imposed by Tommy on developers is not intended to provide you with legal advice only to serve as a guide for how to produce mini programs in compliance with Tommy’s privacy requirements.

Privacy Webhooks

Webhook

Events

Response to webhooks

When your endpoint receives a request, you need to execute the following:

  1. Confirm receipt by responding with a 200 series status code.
  2. Complete the requested action within 30 days of receipt with the exception for any specific data you have a legal obligation to retain.

Manage your endpoints

Developers can configure their webhooks from within the Partner Dashboard. Endpoints must be HTTPS with a valid SSL for the correct event notification to occur.

team_Members/Data_Request

Team members can submit a request to Team owners. Tommy then sends a payload to the team_members/data_request endpoint for all mini programs installed on that team while that team member was present.

If your mini program has currently or previously had access to the team member data, then your endpoint will receive a payload.

The payload contains the IDs of the team member data for your matching, so that you can provide the related data to the team owner who may then respond to the team member. It is your own responsibility to provide the response data to the team owner directly.

team_member/data_request payload:

{
 "team_id": 1234,
 "team_name": "{team}",
 "team_member": {
 "id": 1234,
 "email": "[email protected]",
 "phone": "1234567890"
 },
 "privacy_request_id": {
 "id": 123456
 }
}

team_Members/Redact

Team owners can request that data be deleted on behalf of a team member. When this request is made Tommy sends a payload to the team_members/redact webhook to all mini programs installed on that team.

If your mini program has currently or previously had access to team member data, then your endpoint will receive the payload.

The payload contains the ID(s) of the team member data for your matching, so that you may redact or delete data as required. It is your own responsibility to redact or delete data as required by participation in the Tommy platform and by law.

team_member/redact payload:

{
 "team_id": 1234,
 "team_name": "{team}",
 "team_member": {
 "id": 1234,
 "email": "[email protected]",
 "phone": "1234567890"
 },
 "privacy_request_id": {
 "id": 123456
 }
}

team/Redact

After a Team owner has uninstalled your mini program, Tommy will send a payload to the team/redact endpoint. This payload includes the Team’s team_id and team_name so that you can redact (where delete is not possible) or delete data for that team from your system.

It is your own responsibility to redact or delete data as required by participation in the Tommy platform and by law.

team/redact payload:

{
 "team_id": 1234,
 "team_name": "{team}",
 "privacy_request_id": {
 "id": 123456
 }
}