At TUNE, we aim to align our practices with best-practice privacy and security standards, including compliance with the laws and requirements of the various countries we do business in.
This tutorial and overview will help you understand:
- How TUNE treats different types of data—depending on whether they are categorized as anonymous, personal or pseudonymous.
- Why it’s important to secure personal data before sharing with TUNE or other third parties.
- Treatment of various data types in TUNE.
- TUNE’s client data retention policy.
Personal, Pseudonymous & Anonymous Data
Under many privacy or security best practices discussions, data is often classified into three categories: personal, pseudonymous, or anonymous. Securing “personal” data, or data that can identify an individual person, before “processing” or sharing that data, is a best practice under most privacy and data protection frameworks. TUNE clients retain the obligation to (i) provide legally required notices to, and (ii) acquire applicable consent from end-users.
What is Personal Data?
Generally, “personal data” means any information relating to an identified or identifiable natural person. At TUNE, we treat data as personal depending on the laws of the relevant jurisdiction.
What is Pseudonymous Data?
Pseudonymous data is data that is linked to an end user’s device and cannot specifically identify that end user but still provides some non-remote possibility of future identification.
What is Anonymous Data?
Unlike both personal and pseudonymous data, Anonymous data is not linked to an end user’s device and does not specifically identify an end user in any way nor provide the potential for future identification of that end user.
Treatment of Various Data Types in TUNE
Included below is a table listing the common types of data uploaded by clients to the TUNE platform and potential TUNE Practice and Use cases.
This list is not exhaustive, but is intended to give you a guide on how TUNE treats—and empowers its clients to treat—certain types of data.
Data Type | TUNE Practice and Use Cases |
IP Address | IP addresses from most of the world are considered pseudonymous or personal data. Clients can anonymize IP addresses to be stored in an obfuscated form within their platform. Details about current functionality are in our article on IP Address Obfuscation. |
Device IDs | A distinctive number is associated with a particular handheld device. Device IDs will be treated as personal data, and the TUNE client may opt-in to replace such data points with an empty string. |
MAC Address | MAC addresses are also known as the networking hardware address. MAC addresses will be treated as personal data, and the TUNE client may opt to replace such data points with an empty string. |
Pixel Tracking | Website base code is used in conjunction with cookies, which are registered when a user visits a particular page. |
Cookies | Small text files allow websites to recognize users and keep track of their preferences. |
User Agent | Identifies the type of device and browser to be used for measurement and targeted advertising. |
Referral Link (URL or IP) | Allows clients to see where publishers are promoting the offers when available. |
Mobile Carrier | Clients can see which mobile carrier a particular device is registered with based on IP. |
Geolocation (through IP Addresses) | Geolocation assists with target advertising in certain countries, states, and cities. TUNE utilizes an external service provider to determine a user's general vicinity based on their IP address. (See here for more details.) |
Please note: TUNE allows clients to configure the product to allow for various data points to be sent to TUNE. This includes Advertising Identifiers used for analytics, which are not automatically collected as part of TUNE services. Additional details on the information that TUNE may process on your behalf and at your discretion are available in TUNE’s Privacy Policy. The responsibility for configuring the product and collecting data ultimately lies with our clients. At no time should clients, partners, publishers, or ad networks send TUNE any personal data belonging to end users if proper consent has not been obtained and the data is not reasonably protected.
Data Retention
TUNE abides by data minimization principles as guided by the European Union’s General Data Protection Regulation. Unless otherwise agreed in writing between the parties, TUNE applies the following data retention rules:
- Mobile device identifiers, MAC addresses, customer-supplied user identifiers, customer-supplied advertising identifiers, and request URLs, regardless of jurisdiction, will have a 123-day rolling data retention window on the TUNE platform (if the data controller does not opt-in to do so earlier).
- The last octet of IP addresses, regardless of jurisdiction, will be redacted based on a 123-day rolling data retention window on the TUNE platform (if the data controller does not opt-in to do so earlier).
- Log-level reporting on the TUNE platform will have a 25-month rolling data retention window (if the data controller does not opt-in to do so earlier). This window only impacts the Conversion Report.
- All Stats Report queries will still be available beyond these retention windows, though Partner Sub 1-5 or Source Stats queries are available for 18 months.
- TUNE retains client data so long as it is contractually required, and will delete all client data in a reasonable amount of time after the conclusion of our relationship.
- Additional guidance on end-user rights is available at https://optoutmobile.com.
For additional information on how we use data collected, see the TUNE Privacy Policy.