This Privacy Commitment is jointly made by Sensors Data Network Technology (Beijing) Co., Ltd. and related parties ("service providers").

Definitions

Customer: The party who uses the service provided by Sensors Data

Sensors Data: Sensors Data Network Technology (Beijing) Co., Ltd. and related parties ("service providers")

Sensors Data solemnly promises not to touch any data

All systems of Sensors Data adopt the system structure of privatization deployment. Both the system is deployed in the customer's server room or the customer's public cloud. All security measures and permission restrictions are controlled by the customer, and Sensors Data cannot obtain customer data. .

Unlike general third-party service providers, Sensors Data relies on providing tools and support services to charge, and does not rely on the data itself to obtain commercial value, so it does not need to obtain customer data or use customer data for any commercial activities. .

Since Sensors Data cannot obtain any business data of customers, when facing ordinary users, all systems of Sensors Data are the same structure as customers' own systems. Therefore, from the perspective of Sensors Data and considering the aforementioned data storage and application arrangements, customers do not need to mention Sensors Data’s system when explaining whether the data is transmitted to the third party in the "User Privacy Statement" document, because Sensors Data is not the third party, no data will be shared.

Sensors Data promises not to actively contact any unnecessary raw data or statistical results in the form of reports during product implementation and maintenance. If Sensors Data proactively contacts relevant information and causes losses to customers due to leakage, Sensors Data will to bear corresponding legal liabilities.

The data products provided by Sensors Data can only be used for Legitimate uses

Customers can only use the services provided by Sensors Data and related application software (including but not limited to SDK, software, and underlying storage) for Legitimate uses. Customers need to ensure that their use of this service and related application software comply with applicable laws and regulatory requirements, does not infringe the intellectual property rights and other legal rights of any third party, And does not violate the provisions of the binding legal documents. If the customer violates the above agreement, Sensors Data has the right to suspend the customer’s use of this service and related application software or terminate this agreement. The service fee collected will not be refunded, and Sensors Data is therefore subject to long-term third-party recourse, administrative investigation or involvement in other legal procedures, the client must also compensate for all losses suffered by Sensors Data (including but not limited to the costs of responding to the lawsuit, the costs incurred in cooperation with the investigation, media public relations costs, third-party recourse compensation, compensation, lawyers Fees etc.).

How to use collected information

All systems of Sensors Data adopt the system structure of privatization deployment. Both the system is deployed in the customer's server room or the customer's public cloud. All security measures and permission restrictions are controlled by the client, and Sensors Data cannot obtain customer data.

Unlike general third-party service providers, Sensors Data relies on providing tools and support services to charge, and does not rely on the data itself to obtain commercial value, so it does not need to obtain customer data or use customer data for any commercial activities.

Therefore, Sensors Data will not make any application to the data collected by the system.

Sensitive permissions and collected information related to Sensors Data

Sensors Data SDK Product Permission Description

Android SDK

Sensors Data Android SDK requires the following system permissions to ensure the normal data collection:


Authority

Use

Whether must

INTERNET

Allow App to send statistics

Required permission, SDK needs this permission to send tracking data

ACCESS_NETWORK_STATE

Allow App to detect network status

Required permission, SDK will choose whether to send data according to network status

READ_PHONE_STATE

Allow App to obtain device IMEI

Optional permissions, This permission is used when using in-app promotion and collection of $carrier attributes

ACCESS_WIFI_STATE

Allow the App to obtain the MAC address

Optional permission, this permission will be used when using in-App promotion

Although Sensors Data Android SDK requires the above system permissions, but:

  • Sensors Data Android SDK will not apply for permissions other than the above permissions. If it is detected that the SDK with the same name as the Sensors SDK has a permission other than the above permissions, please contact the staff of Sensors Data, and Sensors Data will work together to investigate , To avoid data security accidents.
  • Sensors Data Android SDK will not actively initiate authorization requests to users. Sensors Data will inform the customer's R&D that they need the above permissions to ensure the normal operation of the system when the customer integrates the SDK. The customer’s R&D need to open above permissions before the SDK is initialized.
  • Note on Android ID: There is a certain compliance risk when collecting anonymous ID, Sensors will use Android ID by default. However, considering the accuracy of collection, Sensors still provides an Android ID collection method, if not required To collect Android ID, please call the following interface. If you have any other questions, please contact the staff of Sensors.

iOS SDK

Sensors Data iOS SDK requires the following system permissions to ensure normal data collection:

Authority

Use

Whether must

Network (special for national service)

Allow Apps to send data

Required permission, SDK needs this permission to send tracking data

Location

Allow Apps to obtain GPS data

Optional permission, which is required when the SDK collects GPS data

Although Sensors Data iOS SDK requires the above system permissions, but:

  • Sensors Data iOS SDK will not apply for permissions other than the above permissions. If it is detected that the SDK with the same name as the Sensors SDK has a permission other than the above permissions, please contact the staff of Sensors Data, and Sensors Data will work together to investigate , To avoid data security accidents.
  • Due to the characteristics of the iOS system, Sensors Data iOS SDK may proactively initiate authorization to users, but only with the above permissions.
  • A note about IDFA: There is a certain compliance risk that Sensors will use IDFA by default when collecting anonymous ID and matching channels. However, considering the accuracy of collection, Sensors still provides IDFA collection methods. If not collect IDFA, please remove the reference of the framework in the project, and do not import AdSupport related header files into the project; if you have any other questions, please contact the staff of Sensors.

The Data Collection Description of Sensors Data SDK

Sensors Data SDK has the function of automatically collecting data, and the common attributes involved are as follows:

User Info

Information notes

Information privacy risk assessment

Risk assessment notes

$app_version

App version

no risk


$browser

Browser

no risk

Technical metadata

$browser_version

Browser version

no risk

Technical metadata

$latest_referrer

Last offsite address

low risk

The user does not necessarily want to capture the last browsed page

$latest_referrer_host

Last offsite domain name

low risk

The user does not necessarily want to collect the last browsed page

$latest_search_keyword

Last search engine keywords

no risk

Risk-free business information

$latest_traffic_source_type

Last traffic source type

no risk

Risk-free business information

$referrer

Forward address

low risk

The user does not necessarily want to collect the last browsed page

$referrer_host

Forward domain

low risk

The user does not necessarily want to collect the last browsed page

$title

Page title

no risk


$url

H5 url

no risk


$url_path

H5 url path

no risk


$lib

The SDK type generated by Sensors data, JS, iOS, Android

no risk

Technical metadata

$lib_version

The SDK version generated by Sensors Data

no risk

Technical metadata

$resume_from_background

Whether restore from the background

no risk


$latest_scene

Last open source

no risk


$utm_source

Advertisement sourse

no risk


$utm_medium

Advertisement medium

no risk


$utm_term

Advertisement term

no risk


$utm_content

Advertisement content

no risk


$utm_campaign

Advertisement name

no risk


$carrier

Operator

no risk


$manufacturer

The manufacturer of the data uploader

no risk


$model

The manufacturer's sub-version of the data uploader

no risk


$os

Operating system of data uploader

no risk


$os_version

Operating system version of the data uploader

no risk


$screen_height

Screen height

no risk


$screen_name

Screen name

no risk


$screen_width

Screen width

no risk


$network_type

Network type

no risk

This item requires the App to have network permissions. In Google’s classification, network permissions are normal permissions and do not involve user privacy.

$wifi

Whether wifi

no risk

This item requires the App to have network permissions. In Google’s classification, network permissions are normal permissions and do not involve user privacy.

$city

City where the event occurred

no risk

This item is obtained by back-end analysis, the client does not collect

$country

Country where the event occurred

no risk

This item is obtained by back-end analysis, the client does not collect

$device_id

Device identifier

medium risk

What we collected is AndroidID

$ip

Ip when the event occurred

no risk

This item is obtained by back-end analysis, the client does not collect

$province

Province where the event occurred

no risk

This item is obtained by back-end analysis, the client does not collect

$is_first_day

Determine whether visit on the first day

no risk

Risk-free business information

$is_first_time

Determine if it is the first time

no risk

Risk-free business information

$is_login_id

Determine whether log in

no risk

Risk-free business information

$event_duration

Duration

no risk

Risk-free business information

time

Event time

no risk

Risk-free business information

user_id

Sensors user id

no risk

The client does not collect, the server processes

event

Event

no risk

Risk-free business information

distinct_id

Customer's user id or Sensors device id

no risk

Risk-free business information

$ios_install_source

Channel tracking key fields

high risk





  • All the preset attributes involve more than 100 types. The above table lists the attributes that are strongly related to the customer's personal privacy information. If you need to view the full number of preset attributes, please contact the support staff of Sensors. All relevant information related to the business or the user's own data needs to be embedded in the code by the app developer (manually write data collection code), and the Android SDK and iOS SDK will not actively collect it.
  • At the same time, Sensors Data SDK provides a variety of interfaces to meet the needs of customers to close the collection of specific attributes. If you need to avoid the risks caused by $ios_install_source, you can choose the following methods:
    • Method 1: Avoid using the channel tracking function, and do not call "activation events" and "channel information events".
    • Method 2: Disable AndroidID.

For more detailed information, please contact the staff of Sensors.

Sensors data complies with laws and regulations on data collection in various countries

According to self-examination, Sensors Data’s products meet the requirements of the "Information Security Technology Mobile Internet Application (App) Basic Regulations for the Collection of Personal Information (Draft)", as well as the EU GDPR standards and the United States’ California Consumer Privacy Act (CCPA). Requirement, for the above standards, Sensors Data SDK provides the following functions:

  • Whether to start collecting data after initialization
  • Turn off/on data collection for the current App, prohibit collection of specific attributes
  • Prohibit the collection of specific tracking data
  • It is forbidden to collect the current user's identification ID under specific tracking used to export data and delete specific user data
  • Function to delete data based on interface/tool

 Network security

Self-inspection results based on the "Network Security Law of the People's Republic of China"

According to self-examination, the Sensors analysis products (including SDK) do not violate the mandatory provisions of the Cyber Security Law.

Self-inspection based on ISO 27001 information security management system

Sensors Data complies with ISO 27001 information security management system certification standards. Sensors Data also has ISO 9001 and CMMI 3 certifications, and has solid strengths in quality management, project management and information security.

appendix

"Sensors Data Android SDK Source Code Security Audit Report"

"Sensors Data iOS SDK Source Code Security Audit Report"

"Sensors Data JS SDK Source Code Security Audit Report"

"Sensors Data WeChat Mini Program Source Code Security Audit Report"