At TUNE, we aim to align our practices with best-practice privacy and security standards, including compliance with the laws and requirements of the various countries we do business in.
This tutorial and overview will help you understand:
- How TUNE treats different types of data—depending on whether they are categorized as anonymous, personal or pseudonymous.
- Why it’s important to secure personal data before sharing with TUNE or other third parties.
- Treatment of various data types in TUNE.
- TUNE’s client data retention policy.
Personal, Pseudonymous & Anonymous Data
Under many privacy or security best practices discussions, data is often classified into three categories: personal, pseudonymous, or anonymous. Securing “personal” data, or data that can identify an individual person, before “processing” or sharing that data, is a best practice under most privacy and data protection frameworks. TUNE clients retain the obligation to (i) provide legally required notices to, and (ii) acquire applicable consent from end-users.
What is Personal Data?
Generally, “personal data” means any information relating to an identified or identifiable natural person. At TUNE, we treat data as personal depending on the laws of the relevant jurisdiction.
What is Pseudonymous Data?
Pseudonymous data is data that is linked to an end user’s device and cannot specifically identify that end user but still provides some non-remote possibility of future identification.
What is Anonymous Data?
Unlike both personal and pseudonymous data, Anonymous data is not linked to an end user’s device and does not specifically identify an end user in any way nor provide the potential for future identification of that end user.
Treatment of Various Data Types in TUNE
Included below is a table listing the common types of data uploaded by clients to the TUNE platform and potential TUNE Practice and Use cases.
This list is not exhaustive, but is intended to give you a guide on how TUNE treats—and empowers its clients to treat—certain types of data.
|Data Type||TUNE Practice and Use Cases|
|IP Address||IP addresses from most of the world are considered pseudonymous or personal data. Clients can anonymize IP addresses so they are stored in an obfuscated form within their network. Details about current functionality are in our article on IP Address Obfuscation.|
|Device IDs||A distinctive number is associated with a particular handheld device. Device IDs will be treated as personal data, and the TUNE client may opt-in to replace such data points with an empty string.|
|MAC Address||Also known as the networking hardware address. MAC addresses will be treated as personal data, and the TUNE client may opt-in to replace such data points with an empty string.|
|Pixel Tracking||Website base code is used in conjunction with cookies which register when a user visits a particular page.|
|Cookies||Small text files allow websites to recognize users and keep track of their preferences.|
|User Agent||Identifies the type of device and browser, to be used for measurement and targeted advertising.|
|Referral Link (URL or IP)||Allows networks to see where publishers are promoting the offers when available.|
|Mobile Carrier||Based on IP, allows networks to see which mobile carrier a particular device is registered with.|
|Geolocation (through IP Addresses)||Geolocation assists with target advertising in certain countries, states, and cities. TUNE utilizes an external service provider to determine the general vicinity of a user based on their IP address. (See here for more details).|
TUNE abides by data minimization principles as guided by the European Union’s General Data Protection Regulation. Unless otherwise agreed in writing between the parties, TUNE applies the following data retention rules:
- Mobile device identifiers, MAC addresses, customer-supplied user identifiers, customer-supplied advertising identifiers, and request URLs, regardless of jurisdiction, will have a 123-day rolling data retention window on the TUNE platform (if the data controller does not opt-in to do so earlier).
- The last octet of IP addresses, regardless of jurisdiction, will be redacted based on a 123-day rolling data retention window on the TUNE platform (if the data controller does not opt-in to do so earlier).
- Log-level reporting on the TUNE platform will have a 25-month rolling data retention window (if the data controller does not opt-in to do so earlier). This window only impacts the Conversion Report.
- All Stats Report queries will still be available beyond these retention windows, though Partner Sub 1-5 or Source Stats queries are available for 18 months.
- TUNE retains client data so long as it is contractually required, and will delete all client data in a reasonable amount of time after the conclusion of our relationship.
- Additional guidance on end-user rights is available at https://optoutmobile.com.