This Privacy Commitment is jointly made by Sensors Data Network Technology (Beijing) Co., Ltd. and related parties ("service providers").
Definitions
Customer: The party who uses the service provided by Sensors Data
Sensors Data: Sensors Data Network Technology (Beijing) Co., Ltd. and related parties ("service providers")
Sensors Data solemnly promises not to touch any data
All systems of Sensors Data adopt the system structure of privatization deployment. Both the system is deployed in the customer's server room or the customer's public cloud. All security measures and permission restrictions are controlled by the customer, and Sensors Data cannot obtain customer data. .
Unlike general third-party service providers, Sensors Data relies on providing tools and support services to charge, and does not rely on the data itself to obtain commercial value, so it does not need to obtain customer data or use customer data for any commercial activities. .
Since Sensors Data cannot obtain any business data of customers, when facing ordinary users, all systems of Sensors Data are the same structure as customers' own systems. Therefore, from the perspective of Sensors Data and considering the aforementioned data storage and application arrangements, customers do not need to mention Sensors Data’s system when explaining whether the data is transmitted to the third party in the "User Privacy Statement" document, because Sensors Data is not the third party, no data will be shared.
Sensors Data promises not to actively contact any unnecessary raw data or statistical results in the form of reports during product implementation and maintenance. If Sensors Data proactively contacts relevant information and causes losses to customers due to leakage, Sensors Data will to bear corresponding legal liabilities.
The data products provided by Sensors Data can only be used for Legitimate uses
Customers can only use the services provided by Sensors Data and related application software (including but not limited to SDK, software, and underlying storage) for Legitimate uses. Customers need to ensure that their use of this service and related application software comply with applicable laws and regulatory requirements, does not infringe the intellectual property rights and other legal rights of any third party, And does not violate the provisions of the binding legal documents. If the customer violates the above agreement, Sensors Data has the right to suspend the customer’s use of this service and related application software or terminate this agreement. The service fee collected will not be refunded, and Sensors Data is therefore subject to long-term third-party recourse, administrative investigation or involvement in other legal procedures, the client must also compensate for all losses suffered by Sensors Data (including but not limited to the costs of responding to the lawsuit, the costs incurred in cooperation with the investigation, media public relations costs, third-party recourse compensation, compensation, lawyers Fees etc.).
How to use collected information
All systems of Sensors Data adopt the system structure of privatization deployment. Both the system is deployed in the customer's server room or the customer's public cloud. All security measures and permission restrictions are controlled by the client, and Sensors Data cannot obtain customer data.
Unlike general third-party service providers, Sensors Data relies on providing tools and support services to charge, and does not rely on the data itself to obtain commercial value, so it does not need to obtain customer data or use customer data for any commercial activities.
Therefore, Sensors Data will not make any application to the data collected by the system.
Sensitive permissions and collected information related to Sensors Data
Sensors Data SDK Product Permission Description
Android SDK
Sensors Data Android SDK requires the following system permissions to ensure the normal data collection:
Authority | Use | Whether must |
INTERNET | Allow App to send statistics | Required permission, SDK needs this permission to send tracking data |
ACCESS_NETWORK_STATE | Allow App to detect network status | Required permission, SDK will choose whether to send data according to network status |
READ_PHONE_STATE | Allow App to obtain device IMEI | Optional permissions, This permission is used when using in-app promotion and collection of $carrier attributes |
ACCESS_WIFI_STATE | Allow the App to obtain the MAC address | Optional permission, this permission will be used when using in-App promotion |
Although Sensors Data Android SDK requires the above system permissions, but:
- Sensors Data Android SDK will not apply for permissions other than the above permissions. If it is detected that the SDK with the same name as the Sensors SDK has a permission other than the above permissions, please contact the staff of Sensors Data, and Sensors Data will work together to investigate , To avoid data security accidents.
- Sensors Data Android SDK will not actively initiate authorization requests to users. Sensors Data will inform the customer's R&D that they need the above permissions to ensure the normal operation of the system when the customer integrates the SDK. The customer’s R&D need to open above permissions before the SDK is initialized.
- Note on Android ID: There is a certain compliance risk when collecting anonymous ID, Sensors will use Android ID by default. However, considering the accuracy of collection, Sensors still provides an Android ID collection method, if not required To collect Android ID, please call the following interface. If you have any other questions, please contact the staff of Sensors.
iOS SDK
Sensors Data iOS SDK requires the following system permissions to ensure normal data collection:
Authority | Use | Whether must |
Network (special for national service) | Allow Apps to send data | Required permission, SDK needs this permission to send tracking data |
Location | Allow Apps to obtain GPS data | Optional permission, which is required when the SDK collects GPS data |
Although Sensors Data iOS SDK requires the above system permissions, but:
- Sensors Data iOS SDK will not apply for permissions other than the above permissions. If it is detected that the SDK with the same name as the Sensors SDK has a permission other than the above permissions, please contact the staff of Sensors Data, and Sensors Data will work together to investigate , To avoid data security accidents.
- Due to the characteristics of the iOS system, Sensors Data iOS SDK may proactively initiate authorization to users, but only with the above permissions.
- A note about IDFA: There is a certain compliance risk that Sensors will use IDFA by default when collecting anonymous ID and matching channels. However, considering the accuracy of collection, Sensors still provides IDFA collection methods. If not collect IDFA, please remove the reference of the framework in the project, and do not import AdSupport related header files into the project; if you have any other questions, please contact the staff of Sensors.
The Data Collection Description of Sensors Data SDK
Sensors Data SDK has the function of automatically collecting data, and the common attributes involved are as follows:
User Info | Information notes | Information privacy risk assessment | Risk assessment notes |
$app_version | App version | no risk | |
$browser | Browser | no risk | Technical metadata |
$browser_version | Browser version | no risk | Technical metadata |
$latest_referrer | Last offsite address | low risk | The user does not necessarily want to capture the last browsed page |
$latest_referrer_host | Last offsite domain name | low risk | The user does not necessarily want to collect the last browsed page |
$latest_search_keyword | Last search engine keywords | no risk | Risk-free business information |
$latest_traffic_source_type | Last traffic source type | no risk | Risk-free business information |
$referrer | Forward address | low risk | The user does not necessarily want to collect the last browsed page |
$referrer_host | Forward domain | low risk | The user does not necessarily want to collect the last browsed page |
$title | Page title | no risk | |
$url | H5 url | no risk | |
$url_path | H5 url path | no risk | |
$lib | The SDK type generated by Sensors data, JS, iOS, Android | no risk | Technical metadata |
$lib_version | The SDK version generated by Sensors Data | no risk | Technical metadata |
$resume_from_background | Whether restore from the background | no risk | |
$latest_scene | Last open source | no risk | |
$utm_source | Advertisement sourse | no risk | |
$utm_medium | Advertisement medium | no risk | |
$utm_term | Advertisement term | no risk | |
$utm_content | Advertisement content | no risk | |
$utm_campaign | Advertisement name | no risk | |
$carrier | Operator | no risk | |
$manufacturer | The manufacturer of the data uploader | no risk | |
$model | The manufacturer's sub-version of the data uploader | no risk | |
$os | Operating system of data uploader | no risk | |
$os_version | Operating system version of the data uploader | no risk | |
$screen_height | Screen height | no risk | |
$screen_name | Screen name | no risk | |
$screen_width | Screen width | no risk | |
$network_type | Network type | no risk | This item requires the App to have network permissions. In Google’s classification, network permissions are normal permissions and do not involve user privacy. |
$wifi | Whether wifi | no risk | This item requires the App to have network permissions. In Google’s classification, network permissions are normal permissions and do not involve user privacy. |
$city | City where the event occurred | no risk | This item is obtained by back-end analysis, the client does not collect |
$country | Country where the event occurred | no risk | This item is obtained by back-end analysis, the client does not collect |
$device_id | Device identifier | medium risk | What we collected is AndroidID |
$ip | Ip when the event occurred | no risk | This item is obtained by back-end analysis, the client does not collect |
$province | Province where the event occurred | no risk | This item is obtained by back-end analysis, the client does not collect |
$is_first_day | Determine whether visit on the first day | no risk | Risk-free business information |
$is_first_time | Determine if it is the first time | no risk | Risk-free business information |
$is_login_id | Determine whether log in | no risk | Risk-free business information |
$event_duration | Duration | no risk | Risk-free business information |
time | Event time | no risk | Risk-free business information |
user_id | Sensors user id | no risk | The client does not collect, the server processes |
event | Event | no risk | Risk-free business information |
distinct_id | Customer's user id or Sensors device id | no risk | Risk-free business information |
$ios_install_source | Channel tracking key fields | high risk |
- All the preset attributes involve more than 100 types. The above table lists the attributes that are strongly related to the customer's personal privacy information. If you need to view the full number of preset attributes, please contact the support staff of Sensors. All relevant information related to the business or the user's own data needs to be embedded in the code by the app developer (manually write data collection code), and the Android SDK and iOS SDK will not actively collect it.
- At the same time, Sensors Data SDK provides a variety of interfaces to meet the needs of customers to close the collection of specific attributes. If you need to avoid the risks caused by $ios_install_source, you can choose the following methods:
- Method 1: Avoid using the channel tracking function, and do not call "activation events" and "channel information events".
- Method 2: Disable IMEI.
For more detailed information, please contact the staff of Sensors.
Sensors data complies with laws and regulations on data collection in various countries
According to self-examination, Sensors Data’s products meet the requirements of the "Information Security Technology Mobile Internet Application (App) Basic Regulations for the Collection of Personal Information (Draft)", as well as the EU GDPR standards and the United States’ California Consumer Privacy Act (CCPA). Requirement, for the above standards, Sensors Data SDK provides the following functions:
- Whether to start collecting data after initialization
- Turn off/on data collection for the current App, prohibit collection of specific attributes
- Prohibit the collection of specific tracking data
- It is forbidden to collect the current user's identification ID under specific tracking used to export data and delete specific user data
- Function to delete data based on interface/tool
Network security
Self-inspection results based on the "Network Security Law of the People's Republic of China"
According to self-examination, the Sensors analysis products (including SDK) do not violate the mandatory provisions of the Cyber Security Law.
Self-inspection based on ISO 27001 information security management system
Sensors Data complies with ISO 27001 information security management system certification standards. Sensors Data also has ISO 9001 and CMMI 3 certifications, and has solid strengths in quality management, project management and information security.
appendix
"Sensors Data Android SDK Source Code Security Audit Report"
"Sensors Data iOS SDK Source Code Security Audit Report"
"Sensors Data JS SDK Source Code Security Audit Report"
"Sensors Data WeChat Mini Program Source Code Security Audit Report"