As a third-party customer analytics provider, the safety, security, and privacy of our customers' data is always our primary concern. Beyond achieving and maintaining regulatory compliance (for example: GDPR, CCPA, and COPPA) and in addition to our Privacy Shield certification, customers can count on us to stay ahead of new developments as the digital privacy landscape continues to evolve.
Please don't hesitate to reach out to firstname.lastname@example.org if you have questions or concerns about compliance with the following local data regulations.
The General Data Protection Regulation (GDPR) is an EU regulation aimed to enhance privacy and expand individual choice when it comes to the tracking and retention of personal information. GDPR went into effect on May 25th, 2018.
Indicative has tackled GDPR with a two-pronged approach, in response to our dual role under the regulations as both a Data Processor and Data Controller:
As a Data Processor
Under GDPR, a data processor is defined as “any person (other than an employee of the data controller) who processes the data on behalf of the data controller.” As a customer analytics platform, Indicative is a third-party vendor that ingests and processes consumer data on behalf of our clients. Thus, we are a data processor.
In order to comply with GDPR, we have implemented the following measures:
- APIs: Indicative provides two APIs which may be used to delete or cease processing of data in accordance with GDPR stipulations. Customers may use these APIs to rectify or delete user data.
- Data Access Form: A form to request to view, alter, delete, or transfer existing data is available on our website. It may be accessed here.
- Data Processing Agreement: Our Data Processing Agreement has been updated to reflect EU model clauses. Customers may access the updated agreement here.
As a Data Controller
A data controller is defined as the “person or persons who determine the matter in which any personal data is processed.” Since Indicative collects information about the usage of our platform for the purposes of quality assurance and bug tracking, we are the data controller for information relating to our own customers.
In order to comply with GDPR, we implemented the following measures:
- Comprehensive Review of Vendors: Our team comprehensively reviewed our existing vendors with the aim of ensuring that our contracts conform with GDPR security and privacy standards.
- Data Collection Opt-In: Indicative users will be prompted with a pop-up widget, allowing them to opt in or opt out of data collection.
- Data Access Form: Users may request to view, alter, delete, or transfer existing data through this form.
The California Consumer Privacy Act (CCPA) is a California state statute aimed at enhancing privacy and expand individual choice when it comes to the tracking and retention of personally identifiable information. CCPA went into effect on January 1st, 2020.
The following measures ensure that Indicative is fully compliant to CCPA as a service provider.
Indicative provides two APIs which may be utilized to delete or cease processing of data in accordance with GDPR stipulations. Customers may utilize these APIs to rectify or delete user data.
- Data Deletion API: Allows quick and easy deletion of existing data.
- Data Rectification API: Allows the alteration and rectification of existing data.
- Data Suppression API: Prevents future data from being processed.
The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that imposes certain data tracking restrictions onto companies that provide online services directed toward children 13 years of age or younger. Click here for more information on COPPA compliance.
Indicative as a Third Party
- "In order to use our Services, you will not use our service to send us sensitive information where unauthorized disclosure could cause material, severe, or catastrophic harm or impact to Indicative, You or Your Customers. Sensitive Information includes: Personally identifiable information knowingly collected from children under the age of 13 or form online services directed toward children"
IP Geolocation Tracking
Please note that IP geolocation tracking is restricted under COPPA. Please ensure that you have disabled this within any project that contains data from online services directed towards children 13 years of age or younger. Customers using Indicative's SDK can do this in Project Settings:
- On the top right next to the account drop down, click on the project that may contain data from online services directed toward children 13 years of age or younger
- Navigate to the Settings in the top middle of the screen and click on Project Settings
- In the General section, click on Disable "IP Address Collection"
Customers with integrations from other sources may require additional configurations to disable IP geolocation tracking.
Privacy Shield Certification
As a leader in the data analytics field, Indicative maintains Privacy Shield Certification.