NB! Pushwoosh does not collect any sensitive or information, i.e. PII about the user, no email address, Phone Number, Name, Credit card or financial information etc. Pushwoosh does not knowingly collect sensitive information about the user unless this information is transferred directly from the Pushwoosh Client.
We do not collect cookies or IMEI/MAC.
We do not share, distribute, market or advertise to ANY third parties nor does Pushwoosh communicate with end-users directly. These are your clients, Pushwoosh is providing the platform so our clients can communicate with their end-users to increase ROI, Engagement, Retention, Customer Experience and of course overall revenues.
What we actually collect
Geolocation information — city and country based on the latest IP address a device was online from.
Precise location data — if a client implemented location tracking function into an app and the end user allowed location tracking on his device (Geofencing).
iOS IDFV (Identifier for vendor) - is used as device HWID for routing pushes between several iOS apps of the same vendor when sent to Application Group.
We also collect and store:
Device time zone;
iOS bundle identifier and Android Package Name (to check for correct push notifications set up);
- Browser - collected for the device platform recognition and as the Device Model Default Tag values for the further targeting by Controller;
Any other data points collected by the SDK on behalf of the customer.
We use the means of GeoIP for geo targeting (IP address), but this data is not collected on our side.
Where is the data originally received/created? (process and place)
Device data is being generated on a user device after the Pushwoosh SDK is initialized. After that, it is being passed to Pushwoosh servers for the further processing in accordance with Pushwoosh customer (Controller) needs.
Is explicit consent given by a customer? How aware is the customer of processing this data?
It depends on the implementation of your apps. Your developers may implement the consent/data deletion mechanisms by themselves.
Also, our SDK includes the functionalities that allow to:
Unsubscribe/subscribe a device from all channels of communication (Pushes, In-App Messages, etc.);
Remove all device-related data from Pushwoosh;
When the data is removed, Pushwoosh SDK is disabled completely, so that no information is passed to our backend.
Please refer to the link below:
Who is the owner (Controller) of the data?
A Pushwoosh customer is the Controller of the data.
Who is the Processor of the data?
Pushwoosh is the Processor of the data.
How do you process the data?
Is the data needed on the individual level, or aggregated?
All types of data described above are being processed for the following:
Sending broadcast push notifications (aggregated level);
Segmenting users by certain sets of Tag conditions (these sets are defined by Controller);
Sending transactional push notifications (individual level);
Sending timezone-sensitive notifications (based on the device time zone information)
It is decided by the data Controller whether the data is needed on the individual level, or aggregated.
Where is the data stored?
Pushwoosh services are hosted in Nuremberg, Germany. The data stored in our data center in Nuremberg, Germany. The secondary backup locations are in Frankfurt, Germany.
Who has access to the data?
Data Controller (data Owner) has access to the data. Processor performs only those operations with data that are stated in the Executed Agreement.