Data Security & Privacy

Overview

As a third-party customer analytics provider, the safety, security, and privacy of our customers' data is always our primary concern. Beyond achieving and maintaining regulatory compliance (for example: GDPR, CCPA, and COPPA) and in addition to our Privacy Shield certification, customers can count on us to stay ahead of new developments as the digital privacy landscape continues to evolve.

Please don't hesitate to reach out to support@indicative.com if you have questions or concerns about compliance with the following local data regulations.

GDPR

The General Data Protection Regulation (GDPR) is an EU regulation aimed to enhance privacy and expand individual choice when it comes to the tracking and retention of personal information. GDPR went into effect on May 25th, 2018.

Indicative has tackled GDPR with a two-pronged approach, in response to our dual role under the regulations as both a Data Processor and Data Controller:

As a Data Processor

Under GDPR, a data processor is defined as “any person (other than an employee of the data controller) who processes the data on behalf of the data controller.” As a customer analytics platform, Indicative is a third-party vendor that ingests and processes consumer data on behalf of our clients. Thus, we are a data processor. 

In order to comply with GDPR, we have implemented the following measures:

  • APIs: Indicative provides two APIs which may be used to delete or cease processing of data in accordance with GDPR stipulations. Customers may use these APIs to rectify or delete user data.
  • Data Access Form: A form to request to view, alter, delete, or transfer existing data is available on our website. It may be accessed here.
  • Data Processing Agreement: Our Data Processing Agreement has been updated to reflect EU model clauses. Customers may access the updated agreement here.

As a Data Controller

A data controller is defined as the “person or persons who determine the matter in which any personal data is processed.” Since Indicative collects information about the usage of our platform for the purposes of quality assurance and bug tracking, we are the data controller for information relating to our own customers.

In order to comply with GDPR, we implemented the following measures:

  • Privacy Policy Update: In conjunction with our legal team, we conducted a comprehensive review and update of our privacy policy to ensure it complies with GDPR. The privacy policy is GDPR-compliant as of May 25th, 2018, and may be accessed here
  • Comprehensive Review of Vendors: Our team comprehensively reviewed our existing vendors with the aim of ensuring that our contracts conform with GDPR security and privacy standards.
  • Data Collection Opt-In: Indicative users will be prompted with a pop-up widget, allowing them to opt in or opt out of data collection.
  • Data Access Form: Users may request to view, alter, delete, or transfer existing data through this form.

CCPA

The California Consumer Privacy Act (CCPA) is a California state statute aimed at enhancing privacy and expand individual choice when it comes to the tracking and retention of personally identifiable information. CCPA went into effect on January 1st, 2020.

The following measures ensure that Indicative is fully compliant to CCPA as a service provider.

APIs 

Indicative provides two APIs which may be utilized to delete or cease processing of data in accordance with GDPR stipulations. Customers may utilize these APIs to rectify or delete user data.

Data Protection Addendum

Indicative has written a Data Protection Addendum specific to CCPA. This DPA is available by request. Please contact support@indicative.com for a copy of this DPA.

COPPA

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that imposes certain data tracking restrictions onto companies that provide online services directed toward children 13 years of age or younger. Click here for more information on COPPA compliance.

Indicative as a 3rd Party

By default, Indicative does not collect any personal information as defined under COPPA. Please keep in mind that it is the sole responsibility of our customers to ensure that any additional data that is being collected is compliant from a COPPA perspective. In section 2 of our Privacy Policy, we specifically highlight:

  • "In order to use our Services, you will not use our service to send us sensitive information where unauthorized disclosure could cause material, severe, or catastrophic harm or impact to Indicative, You or Your Customers. Sensitive Information includes: Personally identifiable information knowingly collected from children under the age of 13 or form online services directed toward children"

IP Geolocation Tracking

Please note that IP geolocation tracking is restricted under COPPA. Please ensure that you have disabled this within any project that contains data from online services directed towards children 13 years of age or younger. Customers using Indicative's SDK can do this in Project Settings:

  1. Navigate to "Settings" on the left navigation bar and click "Projects" Screen_Shot_2020-01-27_at_5.14.01_PM.png
  2. Click "Settings" for the project that may contain data from online services directed toward children 13 years of age or youngerScreen_Shot_2020-01-27_at_5.04.19_PM.png
  3. Disable "IP Address Collection"

Screen_Shot_2020-01-09_at_11.12.01_AM.png

Customers with integrations from other sources may require additional configurations to disable IP geolocation tracking.

Privacy Shield Certification

As a leader in the data analytics field, Indicative maintains Privacy Shield Certification.

1 users found this helpful