Manage Personal Information
Understand different ways in which CleverTap protects end-user personal information.
Personally Identifiable Information (PII) is any data that can identify an individual. PII may be used alone or with other relevant data to identify an individual.
PII may include the following:
- Telephone Number
- Date of Birth
- Passport Number
- Credit or Debit Card Number
- Social Security Number
CleverTap does not automatically collect PII information, such as usernames, advertising identifiers, email addresses, mailing addresses, phone numbers, precise locations (such as GPS coordinates of four decimal places or more), etc. PII data must be explicitly pushed to CleverTap for it to be collected.
To manage PII for end-users, you may use any or a combination of the following practices:
- Mask PII
- Audit Your Integration
- Use Non-PII Identifiers
- Use Server-Side Implementation
- Track Malicious Users
PII masking is the process of hiding or obscuring sensitive information to protect the privacy and security of individuals. PII masking is commonly used in data storage and transmission, especially in cases where the data needs to be shared with third parties or stored in a less secure location. Organizations need to use PII masking techniques to prevent data breaches and protect the privacy of their customers or users.
CleverTap lets you mask PII information to ensure security. For more information, refer to Enable PII Masking and Masking Personally Identifiable Information.
Audit Your Integration
While planning your Integration, you should consult your internal legal counsel before pushing sensitive information such as PII to CleverTap. Get your Event Design document audited to prevent any arbitrary data from being pushed to CleverTap. We recommend only pushing the data needed to achieve the business objectives. For live integrations, use our Schema framework for auditing the data pushed to CleverTap.
Use Non-PII Identifiers
CleverTap's client-side SDKs automatically assign a unique random identifier called a CleverTap ID. You can associate the CleverTap ID with an identifier such as an email address, phone number, or database ID via client-side SDKs or APIs. We strongly recommend using a non-PII identifier.
Use Server-Side Implementation
CleverTap SDKs are open source and can be viewed in the CleverTap Github Repository. You can also push data to CleverTap using our APIs or SFTP. We recommend a hybrid approach of client-side SDKs and APIs wherein the APIs pass sensitive information to CleverTap when required.
Track Malicious Users
CleverTap SDKs use iOS or Android native storage. If a device's security is compromised or a user roots their Android device or jail breaks their iOS device, the data may be available for access to other third-party apps. We recommend using Non-PII identifiers and Server-Side Implementation for PII data. It can help you avoid any leakages.
CleverTap does not collect any of the data types by default, thus ensuring GDPR compliance for our clients. We go to great lengths to ensure customer data security, privacy, and confidentiality. We provide a role-based app level access control to customers to manage access to their data.
For more information, refer to SDK Changes for GDPR Compliance.
Updated 2 months ago