User privacy
Work with Localytics to ensure that user privacy rights are respected and protected.
In this topic:
- Our approach
- Data collected
- Consent
- User requests to be forgotten
- User requests for access to their data
- Final notes
Our approach
Ensuring the proper handling of data requires a shared responsibility approach where Localytics and our customers must work together to ensure privacy rights are respected and protected. You are responsible for controlling all of the data you choose to collect from your users.
You're also responsible for providing Localytics all necessary processing instructions through the appropriate configuration and implementation of our products. In turn, Localytics is responsible for processing the data in accordance with your instructions.
To support our customers’ unique privacy policy requirements, as well as various privacy regulations, such as the General Data Protection Regulation (GDPR), Localytics provides various methods, tools, and controls to assist you to meet your obligations. The following is an overview of our approach as well as the various tools and methods you may use to effectively respect user privacy.
Note: There are additional considerations to take into account to ensure proper handling across devices, applications, and digital properties. Be sure to reference all documentation and consult with your developers, engineers, product team, and privacy and legal teams to ensure that your implementation of our products meets your unique privacy and regulatory requirements.
Data collected
Generally, Localytics customers control all of the data collected in the form of events, attributes, profiles, etc. However, there are a set of anonymous data points captured automatically by our SDK.
Localytics SDK automatically collects basic session data that includes session open/close timestamps, OS version, platform, model, time zone, language preferences, etc. (For more information, see the default dimensions table.)
In addition to those data points, Localytics also captures coarse location data out of the box. The location data is based on IP address lookups, which is generally only available if a user is connected via WiFi.
A note about location data
Location data may be considered personal data. Depending on your unique privacy requirements, consent may be required prior to collecting non-precision location data generated from an IP lookup. Localytics expects customers to solicit consent as appropriate to their unique privacy requirements.
IP Addresses are not stored in any Localytics analytics databases, but the location data generated from an IP lookup is, by default, collected and stored including country, region, state, city/metro if available.
Identifiers
Localytics uses various proprietary identifiers in conjunction with other optional or industry identifiers to determine unique devices and/or individuals. This is so we can assemble our analytics data and support accurate segmentation and audience creation. For more information, see What are some of the IDs that Localytics collects?
In order to process analytics effectively, Localytics sets a random unique identifier called an install ID the first time a user downloads and launches an application in which our SDK is configured. This ID helps us understand if that device is new or returning, and helps us to effectively assemble our analytics data.
Our SDK will also collect the advertiser ID (Identifier for Advertisers or IDFA for iOS; Google Advertiser ID or GAID for Android) to improve the accuracy of identifying unique devices across uninstall/reinstall.
This advertiser ID is also used to support some other optional features. Advertisers IDs are collected by default. Customers can optionally configure our SDK to ignore the advertiser ID as appropriate.
Note: If advertiser IDs are optionally suppressed, this may impact usage data reliability, specifically in your use of our acquisition feature. We use advertiser IDs to help identify returning users across an uninstall/reinstall action. In this case, if advertiser IDs are not collected, these users will be counted as a new users. Additionally, since our acquisition feature relies heavily on advertiser IDs, this feature may not function if advertiser IDs are not collected.
Customer IDs
Customers may also set a unique customer ID to further identify their users. Customer IDs allow you to connect observed behavioral data collected by Localytics with a user identity familiar to you.
Tip: If the customer ID you use contains any personal data or identifying information, Localytics strongly recommends hashing the identifier before setting it as the customer ID. Hashing is a method of transforming a given input (for example, a user's email address) into a unique, fixed-length string that cannot be converted back to the original input.
Other data collected
Beyond these default data points that Localytics SDK will collect automatically, all other data is fully controlled by you through optional tagging and configuration.
Depending on your unique privacy requirements, some data may be protected under certain privacy regulations, such as the General Data Protection Regulation (GDPR), and require special handling. Localytics recommends working with your developers, engineers, product team, and privacy and legal teams to ensure that your implementation of our products meets your unique privacy and regulatory requirements.
Consent
Many privacy policies and certain regulations require that users grant consent prior to their personal data being collected. Localytics tools can be configured to collect a wide array of different data types.
Depending on your unique privacy requirements, some, or maybe all, of the data may require user consent to collect. Localytics does not have a direct relationship with your users and does not solicit consent directly from them. Localytics in-app messaging may be used to effectively solicit and manage consent.
Opting users out
Based on the users' consent response, you may need to opt users out of data collection. You may choose to provide your users the ability to opt into or out of data collection at any time via a settings feature.
To support this, Localytics provides an opt-out method (iOS and Android) to configure our SDK to control data collection. (For more information, see "Opting users out" in the iOS SDK or Android SDK documentation.) If, during the consent solicitation your user opts out, this method would be set to true
and all future data from that user will be dropped.
Alternatively, this opt-out method may be used at any time to allow your users to change their preferences from opted-out to opted-in and back again if appropriate. Setting Opted Out simply tells our systems to no longer process any of that user's data, but their historical data will remain.
Methods are available to pause upload of user data or to simply prevent any data capture at all until consent is confirmed.
User consent and data tagging
Beyond the "all on" or "all off" nature of opting a user in or out of data collection, you can control the tagging of all data points as appropriate to your unique user consent requirements. All tagged data points are controlled by you. This way, you can selectively collect different data points as appropriate to your unique consent model.
For example, assume your privacy policy does not require consent to track anonymous session activity or default session dimensions (for example, basic usage and engagement data). At the same time, your policy does require consent to set a customer ID, track that user's profile, or track their in-application behaviors as events.
In that scenario, you would custom configure the logic in your application to collect only the basic session data until/unless the user grants consent for the higher-sensitivity data. At which point your custom configuration would conditionally pass tagged data to Localytics SDK for upload.
Note: These capabilities are fully customizable by your engineers and developers, and Localytics Services team may be engaged to assist.
User requests to be forgotten
Some privacy regulations require our customers to delete a user's data upon request. Localytics provides two primary methods that allow you to delete the data you’ve collected in our systems for a specific user: a client-side method, and a server-side method.
Client-side, from device/application, Localytics SDK supports a call that allows customers to configure the SDK (iOS and Android) to opt a user out of data collection and delete all historical data. (For more information, see "Methods to support GDPR and other privacy requirements" in the iOS SDK or Android SDK documentation.) This will:
- opt the device out of future data collection,
- delete local data,
- disable location monitoring,
- delete push tokens,
- disable location monitoring,
- and set the
"privacy_delete" : 1
profile attribute.
By setting this profile attribute, you’ll instruct Localytics to delete that user's personal data and identifiers. (See the server side methods for additional details on the data deletion process.)
Server-side, from your backend systems, Localytics supports a profile attribute ("privacy_delete"
) to mark a user's data for deletion on the Localytics side. (For more information, see End-User Privacy in the Developer documentation.) Setting this attribute to 1 will run a back-end process to delete the identified user’s personal data and identifiers.
Once this attribute is marked, Localytics will begin dropping any additional data uploaded from the user's device and will proceed with deleting all personal data and identifiers to complete the intended Right-to-be-Forgotten request.
Note: When a user is set to be forgotten, and their data is deleted, messaging will be disabled. For additional information, see Messaging.
Keep in mind, Privacy_delete attributes and setPrivacyOptedOut APIs only control deleting app-level data and do not affect any organization-level profile attributes. Org-level profile attributes, including Special Profile IDs, must be deleted at the org-level or set to null. (For more information, see Setting Special Profile IDs via the API and Deleting profiles in the Developer documentation.
It is the customer's responsibility to ensure their shared organization-level attributes are managed according to the user's privacy guidance.
User requests for access to their data
Certain regulations may require that you provide your users with access to the data you've collected about them. To support these rights and privacy requests, Localytics supports multiple methods to access or query your data, such as our export API or our direct access tools. (For more information, see Export APIs in the Developer documentation.) You may use any of those tools to access and assemble your data as necessary.
As Localytics has no direct relationship with your users, we do not have the ability to send any user data directly to the user. Any direct request from users will be directed to the app owner. However, the Localytics Services team may be engaged to assist with any custom data export requirements. For more information on this option, contact our Support team.
Final notes
Localytics provides the tools necessary to meet any unique privacy requirements; however, it is important to understand that you are the controller of your user's data, and Localytics will process your data only as instructed through your proper configuration of our SDK and product.
We recommend that you work internally with your developers, engineers, product team, and privacy and legal teams to ensure your implementation of Localytics meets your unique privacy and regulatory requirements. Our Support and Services teams may also be engaged to assist.