Our Approach
Ensuring the proper handling of data requires a shared responsibility approach where Localytics and our customers must work together to ensure privacy rights are respected and protected. You are responsible for controlling all of the data you choose to collect from your end users.
You're also responsible for providing Localytics all necessary processing instructions through the appropriate configuration and implementation of our products. In turn, Localytics is responsible for processing the data in accordance with your instructions.
To support our customers’ unique privacy policy requirements, as well as various privacy regulations such as the General Data Protection Regulation (GDPR), Localytics provides various methods, tools, and controls to assist you to meet your obligations. The following is an overview of our approach as well as the various tools and methods you may use to effectively respect end-user privacy.
Data Collected
Generally, Localytics customers control all of the data collected in the form of events, attributes, profiles, etc. However, there are a set of anonymous data points captured automatically by our SDK.
Localytics SDK automatically collects basic session data that includes session open/close timestamps, OS version, platform, model, timezone, language preferences, etc. (Refer to default dimensions detailed in our Data Types article for further detail.)
In addition to those data points, Localytics also captures coarse location data out of the box. The location data is based on IP address lookups, which is generally only available if a user is connected via WiFi.
A Note about Location Data
Location data may be considered personal data. Depending on your unique privacy requirements, consent may be required prior to collecting non-precision location data generated from an IP lookup. Localytics expects customers to solicit consent as appropriate to their unique privacy requirements.
IP Addresses are not stored in any Localytics analytics databases, but the location data generated from an IP lookup is, by default, collected and stored including country, region, state, city/metro if available.
Identifiers
Localytics uses various proprietary identifiers in conjunction with other optional or industry identifiers to determine unique devices, and/or individuals. This is so we can assemble our analytics data and support accurate segmentation and audience creation.
In order to process analytics effectively, Localytics sets a random unique identifier called an install ID the first time a user downloads and launches an application in which our SDK is configured. This ID helps us understand if that device is new or returning, and helps us to effectively assemble our analytics data.
Our SDK will also collect the advertiser ID (Identifier for Advertisers or IDFA for iOS, Google Advertiser ID or GAID for Android) to improve the accuracy of identifying unique devices across uninstall/reinstall.
This advertiser ID is also used to support some other optional features. Advertisers IDs are collected by default. Customers can optionally configure our SDK to ignore the advertiser ID as appropriate.
Customer IDs
Customers may also set a unique Customer ID to further identify their users. Customer IDs allow you to connect observed behavioral data collected by Localytics with a user identity familiar to you.
Other Data Collected
Beyond these default data points that Localtyics SDK will collect automatically, all other data is fully controlled by you through optional tagging and configuration.
Depending on your unique privacy requirements, some data may be protected under certain privacy regulations such as the General Data Protection Regulation (GDPR), and require special handling. Localytics recommends working with your developers, engineers, product team, privacy, and legal teams to ensure your implementation of our products meets your unique privacy and regulatory requirements.
Consent
Many privacy policies and certain regulations require that end users grant consent prior to their personal data being collected. Localytics tools can be configured to collect a wide array of different data types.
Depending on your unique privacy requirements, some, or maybe all of the data may require end-user consent to collect. Localytics does not have a direct relationship with your end users and does not solicit consent directly from them. Localytics in-app messaging may be used to effectively solicit and manage consent.
Opting Users Out
Based on the end users' consent response, you may need to opt users out of data collection. You may choose to provide your end users the ability to opt into or out of data collection at any time via a settings feature.
To support this, Localytics provides an opt-out method (iOS and Android) to configure our SDK to control data collection. If, during the consent solicitation your end user opts out, this method would be set to true and all future data from that user will be dropped.
Alternatively, this opt-out method may be used at any time to allow your users to change their preferences from opted-out to opted-in and back again if appropriate. Setting Opted Out simply tells our systems to no longer process any of that user's data, but their historical data will remain.
Methods are available to pause upload of end-user data or to simply prevent any data capture at all until consent is confirmed.
Check out our developer docs for iOS and Android for more information on using these features.
User Consent and Data Tagging
Beyond the "all on" or "all off" nature of opting an end user in or out of data collection, you can control the tagging of all data points as appropriate to your unique user consent requirements. All tagged data points are controlled by you. This way, you can selectively collect different data points as appropriate to your unique consent model.
For example, assume your privacy policy does not require consent to track anonymous session activity or default session dimensions (i.e. basic usage and engagement data). At the same time, your policy does require consent to set a Customer ID, track that user's profile, or track their in-application behaviors as events.
In that scenario, you would custom configure the logic in your application to collect only the basic session data until/unless the end user grants consent for the higher-sensitivity data. At which point your custom configuration would conditionally pass tagged data to Localtyics SDK for upload.
End-User Requests to be Forgotten
Some privacy regulations require our customers to delete an end user's data upon request. Localytics provides two primary methods that allow you to delete the data you’ve collected in our systems for a specific user: a client-side method, and a server-side method.
Client-side, from device/application, Localytics SDK supports a call that allows customers to configure the SDK (iOS and Android) to opt an end user out of data collection and delete all historical data. This will:
- opt the device out of future data collection,
- delete local data,
- disable location monitoring,
- delete push tokens,
- disable location monitoring,
- and set the
"privacy_delete" : 1profile attribute.
By setting of this profile attribute, you’ll instruct Localytics to delete that end user's personal data and identifiers. (See the server side methods for additional details on the data deletion process.)
Server-side, from your backend systems, Localytics supports a Profile attribute ("privacy_delete") to mark an end user's data for deletion on the Localytics side. Setting this attribute to 1 will run a back-end process to delete the identified end user’s personal data and identifiers.
Once this attribute is marked, Localytics will begin dropping any additional data uploaded from the user's device and will proceed with deleting all personal data and identifiers to complete the intended Right-to-be-Forgotten request.
Keep in mind, Privacy_delete attributes and setPrivacyOptedOut APIs only control deleting app-level data and do not affect any organization-level profile attributes. Org-level profile attributes, including Special Profile IDs, must be deleted at the org-level or set to null.
It is the customer's responsibility to ensure their shared organization-level attributes are managed according to the end user's privacy guidance.
End-User Requests for Access to Their Data
Certain regulations may require that you provide your end users with access to the data you've collected about them. To support these rights and privacy requests, Localytics supports multiple methods to access or query your data such as our export API or our direct access tools. You may use any of those tools to access and assemble your data as necessary.
As Localytics has no direct relationship with your end users, we do not have the ability to send any end-user data directly to the end user. Any direct request from end users will be directed to the app owner. However, Localytics services team may be engaged to assist with any custom data export requirements. Reach out to us for more information on this option.
Final Notes
Localytics provides the tools necessary to meet any unique privacy requirements, however, it is important to understand that you are the controller of your end user's data, and Localytics will process your data only as instructed through your proper configuration of our SDK and product.
We recommend that you work internally with your developers, engineers, product, privacy, and legal teams to ensure your implementation of Localytics meets your unique privacy and regulatory requirements. Localtyics Support and Services team may also be engaged to assist. Contact us for more information.