1. Scope of application and noun interpretation

Sensors Network Technology (Beijing) Co., LTD. (hereinafter referred to as "Sensors" or "We"), as the operator of the official website of Sensors and the software products and services of Sensors, always attaches great importance to the protection of users' personal information. In order to help enterprise customers using Sensors Software products (hereinafter referred to as "customers") better implement matters related to the protection of end user personal information, and to facilitate customers to better understand the compliance of Sensors Software products and the security protection technology capabilities that have been adopted, especially the methods and measures to protect personal information and privacy, Sensors has prepared this version of the Compliance Note. This note applies to all of our products and services and to specific software products and services that may be involved (hereinafter referred to as "our software products and services"), including but not limited to our official website,SDK1、API、Plugins, components, code, tools, and innovative software products (analytics, smart operations, smart recommendations, etc.) and services.

2. Description of data storage and application of Sensors software products

2.1. We solemnly promise not to access customer data without authorization

For users of Sensors software products that adopt the private deployment mode, that is, the system is deployed in the customer's computer room or the public cloud used by the customer (including but not limited to Alibaba Cloud, Tencent Cloud, Huawei Cloud, and Huawei Cloud).AWSAzure .etc), related security measures and permission restrictions are controlled by the customer, and the data gods in the customer's computer room are not authorized to obtain them.

For adopting SaaS The user of the software product of the deployment mode, that is, the multi-node distributed deployment of the client system server, the user also has no right to contact the customer data, and the service resources are hosted only for service purposes.

We promise that in the process of providing software products and services, we will not contact relevant data or statistical results in the form of reports without the authorization of customers.

2.2. The software products and services provided by the Company may only be used for lawful purposes

Customers may use the software products and services for legitimate purposes only, and Customers need to ensure their use of the software软件Products and services Behavior conformityrelated to the provisions and regulatory requirements of laws and regulations do not infringe on the intellectual property rights and other legitimate rights and interests of any third party, and do not violate the provisions of legal documents binding on them. If the customer violates the above agreement, the company has the right to suspend provide products and services, and Upon termination of this Agreement, the service fee received will not be refundedIf the company is subject to third-party recourse, administrative investigation or other legal proceedings, the customer shall also compensate for all losses suffered by the company (including but not limited to the cost of responding to the lawsuit, the cost of cooperating with the investigation, the compensation of the third-party recourse, the attorney's fee, etc.).

In order to comply with the requirements of the Personal Information Protection Act on "obtaining the authorized consent of the right owner when collecting data", if the customer uses the software products for compliance data collection, it is required to disclose the third party in the User Privacy Note document SDK And mention of Sensors software products.

2.3. Disclaimer

If the customer uses the software products for data collection, it should ensure that the data source is legal and compliant, or has been authorized by the relevant parties and end users.

The customer's information processing of the end user shall be lawful and compliant, otherwise Shence has the right to request the customer to stop using Shence software products for data collection and processing, and reserves the right to pursue responsibility, and shall not be deemed as a breach of contract by Sensors.

If the customer uses the software products to collect and process the data of the third party designated by the customer, the third party demands and corresponding responsibilities arising from the behavior, the customer has the right to claim or compensate.

3. Sensors for data processing security protection measures

3.1. Data collection security

3.1.1. SDK Delayed initialization

3.1.1.1. Android Compliance steps

Android SDK Inv6.0.0 versions and above provide a way to delay initialization to meet complianceCustomers and its user agrees to the Privacy Policy after initialization SDK to collect data. You can refer to the following steps:

Calls for the first time after the agree with privacy policy called SensorsDataAPI. StartWithConfigOptions () to initialize the SDK, then in the Application of the onCreate () method of the main thread to initialize the SDK.

// Application 的 onCreate() 方法中主线程初始化 SDK if (同意隐私条款) { 	// 初始化配置 SAConfigOptions saConfigOptions = new SAConfigOptions(SA_SERVER_URL); // 开启全埋点 saConfigOptions.setAutoTrackEventType(SensorsAnalyticsAutoTrackEventType.APP_CLICK | SensorsAnalyticsAutoTrackEventType.APP_START | SensorsAnalyticsAutoTrackEventType.APP_END | SensorsAnalyticsAutoTrackEventType.APP_VIEW_SCREEN); // 其它初始化配置 // 初始化 SDK SensorsDataAPI.startWithConfigOptions(this, saConfigOptions); }
JAVA
// 在 Activity 中同意隐私条款后初始化 SDK if (未同意隐私条款) { 	//隐私协议弹窗相关逻辑 	 	if(同意隐私条款) { 		// 初始化配置 		SAConfigOptions saConfigOptions = new SAConfigOptions(SA_SERVER_URL); 		// 开启全埋点 		saConfigOptions.setAutoTrackEventType(SensorsAnalyticsAutoTrackEventType.APP_CLICK | 		SensorsAnalyticsAutoTrackEventType.APP_START | 		SensorsAnalyticsAutoTrackEventType.APP_END | 		SensorsAnalyticsAutoTrackEventType.APP_VIEW_SCREEN); 		// 其它初始化配置 		// 初始化 SDK,延迟初始化场景 context 需要传递 Activity 		SensorsDataAPI.startWithConfigOptions(this, saConfigOptions); 	} }
JAVA
  1. Deferred initialization only supports passing context as Activity for now.
  2. Disable initialization in onDestroy
  3. The Deeplink arousal page needs to be the same as the initialization page
  4. For the delayed initialization scenario, the triggered $AppStart event will not be able to carry static public attributes and will need to be usedAttribute plugins in advanced functionsto set properties in initialization.

If some buttons (such as a secure keyboard for entering a user password) contain private information, Android Buried Point provides an API to ignore the control's click event collection:

SensorsDataAPI.shareInstance().ignoreView(View view);
CODE

Android SensorsFocus SDK Inv0.5.0 version and above provide a way to delay initialization to meet complianceCustomers and its user agrees to the Privacy Policy after initialization SDK. You can refer to the following steps:

Call for the first time after the agree with privacy policy called SensorsFocusAPI. StartWithConfigOptions (this, new SFConfigOptions (" pop-up window server address ")); Initializes the SDK, after which the main line initializes the SDK in the onCreate() method of the Application

// Application 的 onCreate() 方法中主线程初始化 SDK if (同意隐私条款) { // 初始化 SDK     	SensorsFocusAPI.startWithConfigOptions(this, new SFConfigOptions("弹窗服务端地址")); }
JAVA
// 在 Activity 中同意隐私条款后初始化 SDK if (未同意隐私条款) { 	//隐私协议弹窗相关逻辑 	 	if(同意隐私条款) { 		SensorsFocusAPI.startWithConfigOptions(this, new SFConfigOptions("弹窗服务端地址"));   	} }
JAVA
  1. Deferred initialization only supports passing context as Activity for now
  2. Disable initialization in onDestroy

iOS Compliance steps

The Customer ensures that the user agrees to the Privacy Policy after the initial iOS SDK。

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {     // Override point for customization after application launch.           // 判断是否第一次打开 App,如果是进入隐私协议相关代码     if (<#第一次打开 App || 非第一次打开 App 但尚未同意用户协议#>) {         // 隐私协议弹窗相关逻辑         if (<#同意用户协议#>) {             // 初始化 SDK             SAConfigOptions *options = [[SAConfigOptions alloc] initWithServerURL:SA_SERVER_URL launchOptions:launchOptions];             options.autoTrackEventType = SensorsAnalyticsEventTypeAppStart | SensorsAnalyticsEventTypeAppEnd | SensorsAnalyticsEventTypeAppClick | SensorsAnalyticsEventTypeAppViewScreen;             [SensorsAnalyticsSDK startWithConfigOptions:options];         }     }else{         // 初始化 SDK         SAConfigOptions *options = [[SAConfigOptions alloc] initWithServerURL:SA_SERVER_URL launchOptions:launchOptions];         options.autoTrackEventType = SensorsAnalyticsEventTypeAppStart | SensorsAnalyticsEventTypeAppEnd | SensorsAnalyticsEventTypeAppClick | SensorsAnalyticsEventTypeAppViewScreen;         [SensorsAnalyticsSDK startWithConfigOptions:options];     }     ...     return YES; }
CODE

Certain buttons (such as the secure keyboard for entering a user password) contain private information, iOS Full Bury provides apis that can ignore the control's click event collection:

button.sensorsAnalyticesIgnoreView = YES;
CODE

3.1.1.2. Web JS SDK Compliance steps

Web JS SDK 在 v1.21.1 Version and above provide a way to delay initialization to meet complianceCustomers and its user agrees to the Privacy Policy after initialization SDK to collect data. You can refer to the following steps:

<script> window.sensors_data_pre_config = { is_compliance_enabled: true } </script> <script charset='UTF-8' src="在 github 下载新版本的 sensorsdata.min.js "></script> if(同意隐私条款){ sensors.init({ server_url: 'http://test-syg.datasink.sensorsdata.cn/sa?token=xxxxx&project=xxxxxx', is_track_single_page:true, // 单页面配置,默认开启,若页面中有锚点设计,需要将该配置删除,否则触发锚点会多触发 $pageview 事件 use_client_time:true, send_type:'beacon', heatmap: { //是否开启点击图,default 表示开启,自动采集 $WebClick 事件,可以设置 'not_collect' 表示关闭。 clickmap:'default', //是否开启触达图,not_collect 表示关闭,不会自动采集 $WebStay 事件,可以设置 'default' 表示开启。 scroll_notice_map:'not_collect' } });    sensors.quick('autoTrack'); }
CODE
  1. Set the window global variable sensors_data_pre_config before loading the Web JS SDK.
  2. The use of callback functions in the Web JS SDK API is not supported.
  3. Compliance does not support the asynchronous loading of the Web JS SDK.

3.1.1.3. Wechat mini program SDK compliance steps

Wechat mini program SDK Inv1.17.1 Version and above provide a way to delay initialization to meet complianceCustomers and the user agrees to the Privacy Policy after initialization SDK to collect data. You can refer to the following steps:

Create and introduce the config configuration file based on the following code to configure whether users are required to handle the user privacy Agreement

// config.js 文件 var sensors_data_pre_config = {    is_compliance_enabled: true } // global 是微信小程序运行环境中提供的一个全局对象,需要给此全局对象设置 sensors_data_pre_config 属性 global.sensors_data_pre_config = sensors_data_pre_config; module.exports = sensors_data_pre_config;
JS

In app.js, before the introduction of Sensors wechat mini program SDK file, the config.js file should be introduced first (make sure that config.js is introduced before the introduction of Sensors wechat mini program SDK, if the customer will introduce other files before the introduction of Sensors wechat mini program SDK, You can also put the identifier in config.js about setting the privacy protocol into its file code)

Before executing the init method of Sensors wechat mini program SDK, it is necessary to execute the relevant logic of the user privacy agreement first, that is, if the pop-up window shows that the user agrees to the privacy bar box, then the init method must be called after the customer clicks on the consent to the privacy terms to complete the Sensors SDK initialization

var pre_config = require('./utils/config.js'); var sensors = require('./utils/sensorsdata.js'); // 用户隐私协议相关处理逻辑处理 // ...... // 同意隐私协议 // 在客户同意用户隐私协议后再调用 setPara 配置 SDK,然后调用 init 完成 SDK 的初始化 if(同意隐私协议){ 	sensors.setPara({ 		server_url: 'xxx', 	// 初始化配置 	});   	// 在用户同意隐私协议后,调用此方法表示可以进行数据采集 & 暂存,此方法需要保证在所有神策 SDK 调用前调用 	sensors.enableDataCollect(); 	sensors.init(); } 
JS

3.1.1.4. React Native Compliance steps

React Native Module v2.2.5 Versions and above provide a way to delay initialization to meet complianceCustomersand the user agrees to the Privacy Policy after initialization SDK tocollect data. You can refer to the following steps:

// 程序入口初始化 SDK import sensors,{SAAutoTrackType} from 'sensorsdata-analytics-react-native' if (未同意隐私条款) { 	// 隐私协议弹窗相关逻辑    if (<#同意用户协议#>) {    // 初始化 SDK 	sensors.init({    	server_url:'数据接收地址',     	auto_track:SAAutoTrackType.START|SAAutoTrackType.END|SAAutoTrackType.CLICK|SAAutoTrackType.VIEW_SCREEN 	}) } else { // 初始化 SDK 	sensors.init({    	server_url:'数据接收地址',     	auto_track:SAAutoTrackType.START|SAAutoTrackType.END|SAAutoTrackType.CLICK|SAAutoTrackType.VIEW_SCREEN 	}) }
CODE


3.1.2. SDK Local data encryption

3.1.2.1. Android SDK Compliance steps

Version requirement

Android SDK v6.2.0 version and above

The Android SDK provides encryption for cache content, which needs to be manually enabled. If there are requirements on the encryption method, the default encryption can not meet the requirements, you can realize custom encryption, custom encryption method can consult SDK students on duty.

Use the default encryption method

The Android SDK implements encryption by default, using AES encryption mode, AES 128 offset 16 bits, press the following code to enable encryption:

SAConfigOptions configOptions = new SAConfigOptions("数据接收地址"); //注册 MuPlugin 插件 configOptions.registerStorePlugin(new SAEncryptStorePlugin(this)); SensorsDataAPI.startWithConfigOptions(this, configOptions);
JAVA

Once compliant encryption or custom encryption is implemented,Encrypted data cannot be restored to unencrypted data

3.1.2.2. iOS SDK Compliance steps

Version requirement

iOS SDK v4.2.0 version and above

The iOS SDK provides encryption for cache content, which needs to be manually enabled. If there are requirements on the encryption method, the default encryption can not meet the requirements, you can realize custom encryption, custom encryption method can consult SDK students on duty.

Default Encryption Method

The iOS SDK implements encryption by default, using AES encryption with a 128-bit key and 16-bit offset. Just use the following code to enable encryption:

SAConfigOptions *options = [[SAConfigOptions alloc] initWithServerURL:<#数据接收地址#> launchOptions:launchOptions]; //注册加密插件 SAAESStorePlugin *plugin = [[SAAESStorePlugin alloc] init]; [options registerStorePlugin:plugin]; [SensorsAnalyticsSDK startWithConfigOptions:options];
CODE
let options = SAConfigOptions.init(serverURL: <#数据接收地址#>, launchOptions: launchOptions) //注册加密插件 let plugin = SAAESStorePlugin() options.register(plugin) SensorsAnalyticsSDK.start(configOptions: options)
CODE

Once compliant encryption or custom encryption is implemented, encrypted data will not be able to be restored to unencrypted data

3.1.2.3. Web JS SDK Compliance Steps

Currently, the Web JS SDK saves cookies that contain user information and properties set by the register function. The cookie can be deeply encrypted to ensure security.

When using encryption, all pages utilizing the SDK must be the latest version. Otherwise, if some pages use encrypted cookies and others use an older version of the SDK without decryption capabilities, it will lead to an inability to parse the cookies, resulting in the generation of new users that cannot be unified.

Version Requirements

Function Configuration

 <script charset="UTF-8"> var sensors = window["sensorsDataAnalytic201505"]; // 初始化SDK sensors.init({ server_url: "数据接收地址", // 开启 cookie 加密配置,默认 false encrypt_cookie: true }); sensors.quick("autoTrack"); </script>
JS

3.1.2.4. Mini Program SDK Compliance Steps

Currently, the SDK saves user information and properties set by the register function in storage. The data in storage can be deeply encrypted to ensure security.

Version Requirements

  • WeChat Mini Program SDK v1.14.9  and above

Function Configuration

 // app.js var sensors = require('sensorsdata.min.js'); sensors.setPara({ 	name: 'sensors', 	server_url: '数据接收地址', 	encrypt_storage : true // 是否开启本地加密存储 });
JS

3.1.3. App Store Privacy Guidelines

For issues related to App Store submission, please refer to: https://manual.sensorsdata.cn/sa/latest/tech_sdk_client_app_store_compliance-41845311.html

3.2. SensorsData Information Desensitization Instructions

3.2.1. Encrypt specified display information

In the Sensors Analytics product, the display information can be configured based on roles, and corresponding encrypted user properties and event properties can be configured for each role. It can effectively desensitize important information without affecting the analysis.

Configuration reference document link: https://manual.sensorsdata.cn/sa/latest/guide_role-41844972.html#id-.成员与角色v2.3-指定加密信息

3.3. Sensors Data Destruction Security Instructions

3.3.1. It supports the EU General Data Protection Regulation (GDPR) and can delete underlying user data.

  • Solution 1: Use the sa_clean data cleaning tool to delete the data

Configuration reference document link: https://manual.sensorsdata.cn/sa/latest/tech_assist_delete-22255166.html#id-.sa_clean数据清理工具使用说明v1.17-支持GDPR欧盟标准,删除底层用户数据(目前仅支持单机版&amp;云版)

  • Solution 2: Contact Sensors Data staff to delete the data after customer authorization confirmation.

    If data deletion is required, the customer can contact Sensors Data staff and after customer authorization confirmation, the staff can assist the customer in deleting the data.

4. Sensors Data SDK Attribute Collection Compliance Instructions

4.1. Sensors Data SDK Product Permission Instructions

4.1.1. Android SDK Product Permission Instructions

To ensure the normal collection of customer data, Android SDK requires the following system permissions:

Permission

Usage

Required

INTERNET

Allows the application to send statistical data

Required permission, SDK requires this permission to send event data

ACCESS_NETWORK_STATE

Allows the application to detect network status

Must-have permission, the SDK will choose whether to send data based on the network status

READ_PHONE_STATE

Allow the application to get the device's IMEI

Optional permission, this permission is used when collecting the $carrier attribute for in-app promotion and collection

ACCESS_WIFI_STATE

Allow the application to get the MAC address

Optional permission, this permission is used for in-app promotion

Although the Sensors Analytics Android SDK requires the above system permissions:

  • The Android SDK will not request any permissions other than the above. If it is detected that a SDK with the same name as the Sensors Analytics SDK has requested permissions other than the above, please contact Sensors Analytics staff in a timely manner. Sensors Analytics will work with customers to investigate to avoid data security incidents.
  • The Android SDK will not actively request authorization from the user. Sensors Analytics will inform customers of the above permissions when integrating the SDK, and customers need to call them themselves before initializing the SDK.
  • About Android ID: When collecting anonymized ID using the Android SDK, Android ID is commonly used to ensure accuracy. This method may have certain compliance risks. If customers do not need to use Android ID, they can disable the AndroidID interface by calling. If there are any other questions, please contact Sensors Analytics staff promptly.

  • Regarding OAID: When collecting anonymous IDs using the Android SDK, if the customer integrates the OAID SDK, in order to ensure accuracy, the OAID may be collected. If you have other questions, please contact Sensors Analytics staff in a timely manner.

4.1.2. iOS SDK Product Authorization Instructions

To ensure the normal collection of customer data, the iOS SDK requires the following system permissions:

Permission

Purpose

Required

Network (Only for domestic use)

Allow the application to send data

Required permission, the SDK requires this permission to send event data

Location

Allow the app to access GPS data

Optional permission, required for SDK to collect GPS data

IDFAAllow the app to access IDFAOptional permission, used for in-app promotion

Although the Sensors Data iOS SDKrequiresthe above system permissions, but:

  • The iOS SDK does not request permissions other than those mentioned above. If it is detected that an SDK with the same name as the Sensors Data SDK has requested permissions other than the above, please contact Sensors Data staff. Sensors Data will work together with the customer to investigate, to avoid data security incidents.
  • Due to the characteristics of the iOS system, the iOS SDK may actively request user authorization, but only for the above permissions.
  • Explanation of IDFA: When the iOS SDK collects anonymous ID and performs channel matching, in order to ensure the accuracy of the collected data, IDFA is commonly used. This method may involve certain compliance risks; if customers do not need to collect IDFA, please remove the reference to the framework in the project and do not import the AdSupport related header files in the project. If you have any other questions, please contact Sensors Data staff in time.

4.2. SDK Collection, Data Sending, and Exception Handling Policies

See Android SDK &amp; iOS SDK Security Guide for details.

4.3. Explanation of Predefined Attribute Data Collection by Sensors Data SDK

When using the SDK for data collection, the following predefined attributes are involved:

CategoryEnglish Variable NameDisplay Name

Data

Type

Enabled

Auto

Collection

Whether

Support

Close

Default

Whether

Hide

Function

(Analysis

Technology

Debug)

Information Privacy Risk AssessmentRisk Assessment Notes
Reserved Attributesdistinct_idUser IDSTRINGYesNo/AnalyzeNo risk
timeTimeDATETIMEYesNo/AnalyzeNo risk
Basic Preset Attribute$app_stateApp StateSTRINGYes
NoTechnologyRisk-free
$app_idApplication Unique IdentifierSTRINGYesNoNoAnalyzeRisk-free
$app_nameApplication NameSTRINGYesNoNoAnalyzeRisk-free
$app_versionApplication VersionSTRINGYesNoNoAnalyzeLow Risk
$is_first_dayFirst Day VisitBOOLYesNoNoAnalyzeLow RiskServer-based secondary correction
$is_first_timeWhether the event is triggered for the first timeBOOLYesYesNoAnalysisLow riskSecondary correction performed by the server
$timezone_offsetTime zone offsetNUMBERYesNoNoAnalysisLow risk
$event_durationEvent durationNUMBERisisnoanalysislow risk
$latitudelatitudeNUMBERnoyesnoanalysishigh risk
$longitudelongitudeNUMBERnoyesNoAnalysisHigh risk
$titlePage titleSTRINGYesYesNoAnalysisLow risk
$screen_namePage nameSTRINGYesYesNoTechnologyLow Risk
app_crashed_reasonCrash ReasonSTRINGNoYesNoDebugNo Risk
$urlPage AddressSTRINGNoNoNoAnalyzeLow Risk
$url_queryPage ParameterSTRINGYesYesNoAnalysisLow Risk
$url_pathPage PathSTRINGYesYesNoAnalysisLow Risk
$referrerReferring AddressSTRINGisisnoanalysismedium risk
$referrer_hostreferrer domainSTRINGyesyesnoanalysismedium risk
$referrer_titlereferrer page titleSTRINGnoYesNoAnalysisNo Risk
$user_agentUserAgentSTRINGNoYesYesTechnologyMedium Risk
$sceneLaunch SceneSTRINGYesYesNoAnalyzeLow Risk
$share_depthNumber of SharesNUMBERYesYesNoAnalyzeMedium Risk
$share_distinct_idSharerSTRINGYesYesNoAnalyzeMedium Risk
$share_url_pathShare PathSTRINGYesYesNoAnalysisLow Risk
$share_methodShare MethodSTRINGYesYesNoAnalysisLow Risk
$source_package_nameSource Application Package NameSTRINGYesYesNoAnalyzeMedium Risk
$bot_nameSpider nameSTRINGYesYesNoAnalyzeLow Risk
$viewport_heightViewport HeightNUMBERNoYesNoAnalysisLow Risk
$viewport_positionPosition from the top of the viewportNUMBERNoYesNoAnalysisLow Risk
$viewport_widthViewport widthNUMBERNoYesNoAnalysisLow Risk
$item_joinItem Match Mode-NoYesNoTechnicalNo Risk
$receive_time$receive_timeNUMBERYesNoYesTechnicalRisk-free
$lib_plugin_versionSDK plugin versionLISTYesNoYesTechnologyRisk-free
Device-related$brandDevice brandSTRINGYesNoNoAnalysisMedium risk
$manufacturerDevice ManufacturerSTRINGYesNoNoAnalyzeMedium Risk
$modelDevice ModelSTRINGYesNoNoAnalyzeMedium Risk
$osOperating SystemSTRINGYesNoNoAnalysisMedium Risk
$os_versionOperating System VersionSTRINGYesNoNoAnalysisMedium Risk
$screen_heightScreen HeightNUMBERYesNoNoAnalysisLow Risk
$screen_widthScreen WidthNUMBERYesNoNoAnalysisLow Risk
$wifiWhether WIFIBOOLYesNoNoAnalysisLow Risk
$carrierCarrierSTRINGYesNoNoAnalysisMedium Risk
$network_typeNetwork TypeSTRINGYesNoNoAnalysisLow risk
$device_idDevice IDSTRINGNoNoNoAnalyzeHigh risk
$screen_orientationScreen OrientationSTRINGNoNoNoAnalyzeLow risk
Browser-related$browserBrowserSTRINGYesNoNoAnalysisMedium risk
$browser_versionBrowser versionSTRINGYesNoNoAnalysisMedium risk
Click event-related$element_idElement IDSTRINGYesYesNoTechnologyLow Risk
$element_nameElement NameSTRINGYesYesNoTechnologyLow Risk
$element_typeElement TypeSTRINGYESYESNoTechnologyLow-risk
$element_contentElement ContentSTRINGYesYesNoAnalysisLow-risk
$element_positionElement PositionSTRINGYesYesNoTechnologyLow risk
$element_selectorElement selectorSTRINGNoYesNoTechnicalLow Risk
$element_target_urlElement Link URLSTRINGYesYesNoTechnologyLow Risk
$element_class_nameElement Class NameSTRINGYesYesNoTechnologyLow Risk
Latest Related Attribute$latest_referrerLast Referring URLSTRINGYesYesNoAnalyzeRisk Medium
$latest_referrer_hostLast Referring DomainSTRINGYesYesNoAnalyzeRisk Medium
$latest_search_keywordLast Search Engine KeywordSTRINGYesYesNoAnalyzeRisk Medium
$latest_traffic_source_typeLatest Traffic Source TypeSTRINGYesYesNoAnalysisMedium Risk
$latest_landing_pageLatest Landing PageSTRINGYesYesNoAnalysisMedium Risk
$latest_utm_campaignLatest UTM Campaign NameSTRINGYESYESNoAnalysisMedium Risk
$latest_utm_contentLatest UTM ContentMetricYesYesNoAnalysisMedium Risk
$latest_utm_mediumLatest UTM MediumSTRINGYesYesNoAnalysisMedium risk
$latest_utm_sourceLatest ad campaign sourceSTRINGYesYesNoAnalysisMedium risk
$latest_utm_termLatest ad campaign termSTRINGYesYesNoAnalysisHigh Risk
$latest_sceneLast Launch SceneSTRINGYesYesNoAnalysisLow Risk
$latest_share_methodThe method of the latest shareSTRINGYesYesNoAnalysisLow Risk
SDK Related$libSDK TypeSTRINGYesNoNoDebugNon-risk
$lib_versionSDK VersionSTRINGYesNoYesDebugNon-risk
$lib_methodEvent Tracking MethodSTRINGYesNoYesDebugSafe
$lib_detailEvent Tracking DetailSTRINGYesYesYesDebugSafe
Channel Related$ios_install_sourceDevice fingerprint information required for App channel matchingSTRINGNoYes/TechHigh risk

Attribute not stored

Attribute deleted after channel matching on the server side

$channel_device_infoDevice fingerprint information required for App channel matching (Different from the event variable name above)STRINGNoYes/TechHigh risk

Attribute not stored

Attribute deleted after channel matching on the server side

$ios_install_disable_callbackWhether or not to track callbackBOOLNoYesNoTechnologyLow Risk
$is_channel_callback_eventWhether or not to perform channel matching callbackBOOLNoYesYesTechnologyLow Risk
$channel_extra_informationChannel extra informationSTRINGNoYesYesTechnologyHigh risk
$utm_matching_typeChannel tracking matching modeSTRINGNoYesNoTechnologyLow risk
$utm_sourceAdvertising campaign sourceSTRINGNoYesNoAnalyzeMedium Risk
$utm_mediumAdvertising Campaign MediumSTRINGNoYesNoAnalyzeMedium Risk
$utm_termAdvertising Campaign KeywordsSTRINGNoYesNoAnalyzeMedium Risk
$utm_contentAd Campaign ContentSTRINGNoYesNoAnalyzeMedium Risk
$utm_campaignAd Campaign NameSTRINGNoYesNoAnalyzeMedium Risk
$matched_keyChannel matching keywordSTRINGNoYesNoTechnologyHigh risk
$matching_key_listChannel matching keyword listSTRINGNoYesYesTechnologyHigh risk
$short_url_keyShort URL KeySTRINGNoYesNoTechnologyLow Risk
$short_url_targetShort Link Target URLSTRINGNoYesNoTechnologyLow Risk
$channel_active_period_dayEffective Activation Window (days)NUMBERYesNoNoAnalysisNo risk
$channel_callback_period_dayDepth Return Attribution Window (Days)NUMBERYesNoNoAnalysisNo risk
$channel_attribute_period_hourActivation Attribution Window (Hours)NUMBERYesNoNoAnalyzeNo risk
$channel_nameChannel NameSTRINGYesNoNoAnalyzeNo risk
$channel_account_idChannel Account IDSTRINGYesNoYesAnalyzeNo risk
$channel_campaign_idChannel Campaign IDSTRINGYesNoYesAnalyzeNo Risk
$channel_adgroup_idChannel Adgroup IDSTRINGYesNoYesAnalysisRisk-free
$channel_ad_idChannel Advertising Creative IDSTRINGYesNoYesAnalysisNo Risk
$channel_click_idChannel Tracking Click IDSTRINGYesNoNoAnalysisNo Risk
$first_channel_nameFirst Channel NameSTRINGYesNoNoAnalysisNo Risk
$first_channel_account_idFirst Channel Account IDSTRINGYesNoYesAnalysisNo Risk
$first_channel_campaign_idFirst Channel Campaign IDSTRINGYesNoyesanalysisno risk
$first_channel_adgroup_idFirst Channel Adgroup IDSTRINGyesnoyesanalysisno risk
$first_channel_ad_idFirst Channel Ad Creative IDSTRINGyesnoyesanalysisRisk-free
$first_channel_click_idFirst Channel Click IDSTRINGYesNoNoMetricUser Segment
$channel_active_resultChannel Active IndicatorBOOLYesNoNoMetricUser Segment
IP Related$ipIPSTRINGYesNoNoTechnologyNo risk√(Nginx parsing)
$cityCitySTRINGYesNoNoAnalysisNo risk√(Based on IP parsing)
$provinceProvinceSTRINGYesNoNoAnalysisNo risk√(based on IP resolution)
$countryCountrySTRINGYesNoNoAnalysisNo risk√(based on IP resolution)
$ip_ispIP Service ProviderSTRINGyesnonoanalysisno risk√(resolved by IP)
user association related$is_login_idIs Login IDBOOLyesnoyestechnologylow risk√(added when event is stored)
$track_signup_original_idAssociated Original IDSTRINGyesNoNoTechnologyNo risk
item related preset attributes

$is_validWhether bannedBOOL




$receive_timeArrival timeNUMBER




$update_timeUpdate TimeDATETIME





  • All the preset attributes involve more than 100. The above table lists the commonly collected preset attributes. If you need to view all the preset attributes, please contact the support staff of Sensors Analytics.
  • Sensors Analytics SDK provides multiple interfaces for calling to meet the customer's requirements of turning off specific attribute collection. If you need to avoid the risks brought by $ios_install_source, you can choose the following methods:
    • Method 1: Avoid using the channel tracking function, and do not call "activation event" and "channel information event".
    • Method 2: Disable IMEI

For more detailed information, please contact the staff of Sensors Analytics.

4.4. Information Privacy Risk Assessment Grading Criteria Description

From: National standard GB/T 35273-2020 "Information Security Technology Personal Information Security Code"(hereinafter referred to as the "Specification")

References in the above specification to"personal information”,Information recorded electronically or otherwise capable of identifying, individually or in combination with other information, a particular natural person or reflecting the activities of a particular natural person, Such as name, date of birth, ID number, personal biometric information, address, communication contact information, communication records and contents, account password, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information, etc.

To determine whether a piece of information is personal information,Refer to the following two aspects:One is identification, that is, from information to individuals, a specific natural person is identified by the particularity of the information itself, and personal information should help to identify a specific individual. The second is the association, that is, from the individual to the information, such as a known specific natural person, the information generated by the specific natural person in its activities (such as personal location information, personal call records, personal browsing records, etc.) is personal information. Information that meets either of the above two circumstances shall be considered personal information.

表 A.1 Examples of personal information.

Sensitive personal information refers to personal information that, if leaked, illegally provided or abused, may endanger personal and property safety, easily lead to personal reputation, physical and mental health damage or discriminatory treatment. Under normal circumstances, the personal information of children under 14 years of age and information involving the privacy of natural persons are personally sensitive information. You can determine whether it is personal sensitive information from the following perspectives

DivulgeOnce personal information is leaked, it will cause the personal information subject and the organizations and institutions that collect and use personal information to lose their ability to control personal information, resulting in the spread of personal information and the use of uncontrollable. If some personal information is used directly or associated with other information in a manner contrary to the will of the personal information subject after being leaked, it may bring significant risks to the rights and interests of the personal information subject and should be judged as personal sensitive information. For example, the copy of the identity card of the personal information subject is used by others for real-name registration of the mobile phone number card, bank account opening card, etc.

Illegal offeringSome personal information may pose a significant risk to the rights and interests of the personal data subject only because it is spread outside the scope of authorization and consent of the personal data subject, and should be judged as personally sensitive information. For example, sexual orientation, deposit information, infectious disease history, etc.

AbuseWhen some personal information is used beyond the authorized reasonable limits (such as changing the purpose of processing, expanding the scope of processing, etc.), it may bring significant risks to the rights and interests of the personal information subject, and should be judged as personal sensitive information. For example, health information is used by insurance companies for marketing and to determine the level of individual premiums without the authorization of the personal data subject.

表 B.1 个人敏感信息举例。

4.5. Custom property collection disclaimer

Information related to the business or the end user's own data is required by the customer Developer burying points through code (people writing data collection code)can collect, the SDK does not actively collect.

Customers should be guaranteed data sourcesLegal and compliant, or authorized by relevant parties and end users,to collect custom attribute data through our software products.

5. Sensors self-check instructions

5.1. Sensors SDK compliance description

Sensors SDK The only data type commonly collected is "Device ID"Mainly used for analysis。Customer needs collectionOther types of dataNeed customersOn the basis ofbusinessrequirementAnd select the enabled SDK feature to make the corresponding selection:

  • Call -login: Interface: continue to select "User ID"

  • Open the full buried point: continue to select "Product interaction"

  • Enable crash collection: Continue to select "Crash Data"

  • Enable collection of latitude and longitude: Continue to select "precise location"

Also, customers can update their privacy policies in a timely manner based on adjustments to their business.

Sensors Data complies with data-related laws and regulations in multiple countries.

According to self-inspection, Sensors Data software products comply with the requirements of "Basic Specifications for Mobile Internet Application (App) Collection of Personal Information (Draft)" and also comply with the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in the United States. In response to the above standards, Sensors Data SDK provides the following functions:

  • Whether to start data collection after initialization
  • Turn data collection on or off for the current app
  • Disable collection of specific properties
  • Disable collection of specific track events
  • Disable collection of specific properties under specific track events
  • The recognition ID of the current user, used for exporting data
  • Function to delete specific user data
  • Function to delete data based on interface/tools

5.1.1. Self-inspection results based on the "Network Security Law of the People's Republic of China"

According to self-inspection, the Sensors Data software products provided to customers (including SDK) do not violate the mandatory provisions of the "Network Security Law".

5.1.2. Self-inspection results based on the "Personal Information Protection Law of the People's Republic of China"

According to self-inspection, the Sensors Data software products provided to customers (including SDK) do not violate the mandatory provisions of the "Personal Information Protection Law".

5.1.3. Self-assessment based on Data Security Law of the People's Republic of China"

According to self-inspection, the Sensors Data software products provided to customers (including SDK) do not violate the mandatory provisions of the "Data Security Law".

6. Sensors Data Certification Explanation

6.1. Information Security Management Certification

Sensors Data has obtained the ISO 27001 Information Security Management System Certification ISO 27001

Sensors Data has obtained the ISO 27701 Privacy Information Management System Certification

Sensors Data has obtained the ISO 9001 Quality Management System Certification

Sensors Data has obtained the CMMI 3 Certification

Sensors Analytics Cloud, Sensors Marketing Cloud, and Sensors Ads Cloud have obtained Level 3 Network Security Protection Filing and Evaluation

6.2. Industry qualifications

Sensors Data actively practices data compliance and participates in various compliance activities in the industry.


On February 2020, Sensors Data was approved to establish the Working Group on Mobile Internet User Information Security Protection at the 6th China Internet Rule of Law Conference. It included 46 enterprises/institutions/ research institutions such as Sensors Data, Alibaba, ByteDance, Huawei, Baidu, and Xiaomi


In November 2020, the National APP Personal Information Protection Supervision Committee organized by the Ministry of Industry and Information Technology released 10 standards for the "APP User Rights Protection Evaluation Specification" and 8 standards for the "APP Collection and Use of Personal Information Minimum Necessary Assessment Specification". As a member of the Internet Association, Sensors Data's founder & CEO, San Wenfeng, read the "APP Personal Information Protection Public Commitment Letter" during the conference. The commitment letter is as follows:

6.3.

6.4. Security Audit Reports

"Sensors Data Android SDK Source Code Security Audit Report"

"Sensors Data iOS SDK Source Code Security Audit Report"

"Sensors Data JS SDK Source Code Security Audit Report"

"Sensors Data WeChat Mini Program Source Code Security Audit Report"

"Sensors Data Privacy Policy"


Customers can contact Sensors Data's Customer Success/Project Manager to obtain the above security audit reports

7. Noun Explanation

1.SDK (Software Development Kit,Hereinafter referred to as SDK)The SDK provided by Shence includes but is not limited to Android SDK, iOS SDK, Web JS SDK, mini program SDK, mini game SDK, C SDK, C# SDK, Java SDK, etc. Preset attributes refer to the attribute information collected by the SDK.