Menu Close

Privacy Policy

1. Purpose

At Native Touch, we are committed to client and user Privacy. This Privacy Policy outlines the ways we collect, use, and share our data products. It also outlines our commitment to data security by highlighting the precautions and safeguards we have implemented to protect data from unauthorized use and disclosure. As well as the ways in which we insure regulatory compliance and a commitment to user rights. 

2. Personal Identifiable Information & Data Security

2.1 Privacy First

As a Trusted Data Provider Native Touch is committed to maintaining full compliance with all regional and international privacy regulations. We proactively monitor legal and regulatory changes to ensure that we remain ahead of the curve, adapting our practices swiftly to meet new privacy and data protection standards. Because of our position in the market are goal is to not only meet privacy and security guidelines but exceed them 

We take an aggressive stance on handling Personally Identifiable Information (PII), implementing rigorous data management practices to ensure the highest level of privacy and security. Our commitment to safeguarding PII starts from the moment any data enters our system

2.2 Personally Identifiable Information (PII)

Our approach to PPI is to only keep the information that we need and is integral to our core business to insure this we have put into place a series of safeguards that are designed to insure we are meeting our security and privacy commitments

  • Rigorous Vetting of Data Partners: we ensure that we only collect and use the best raw data from reliable partners who are equally committed to safeguarding user privacy, this means we only onboard data that has been sufficiently anonymized and hashed according to industry best practices.
  • Primary PPI: We do not at any stage store raw Primary PPI (ex phone numbers, names, credit cards) as this data is volatile and completely unnecessary for our needs.
  • Secondary PPI: when it comes to secondary identifiers we store and maintain these in full compliance with regional guidelines (PIPEDA, Loi 25, etc) 
  • End-to-End Privacy Control: From data ingestion to final delivery to our clients, we maintain strict controls of the data to ensure that no data contained is ever shared, stored, or exposed. Our systems are designed to prevent the possibility of re-identification by ensuring that any information shared with third parties is fully anonymized, aggregated, and stripped of any identifiers that could be traced back to individuals.
  • Encryption and Secure Storage: In addition to anonymization, we control and secure all access to data ensuring that even anonymized data is protected from unauthorized access. 
  • Ongoing Audits and Monitoring: We continuously audit our data handling practices to ensure compliance with regulatory standards. We conduct annual reviews of our data handling policies to and take proactive steps to address any issues we identify
  • Future-Proofing for Regulatory Changes: As new privacy regulations emerge, we are dedicated to staying ahead by proactively adjusting our practices. Our commitment is not only to meet the requirements but to set a standard through R&D and Thought leadership by pushing the industry forward .

3. Data Collection

3.1 Information We Collect

When it comes to data that we directly collect, we only collect non-PII data as part of our regular operations, this data is used for reporting and optimizations as well as data products

  • Behavioral Data: Information on how users interact with websites, apps, and online content.
  • Device Information: Details about the device used, such as browser type, operating system, and device identifiers.
  • Location Data: General geographic information based on IP address or device location, which is anonymized and never tied to specific individuals.
  • Analytics Signals: Specific anonymous signals used for interest based and inferred analytics

We do not collect PII such as names, addresses, phone numbers, or email addresses from our active collection processes

3.2 Information Collected From Our Data Suppliers

We obtain Information about our users from our Data Suppliers and use it to provide our Solutions to Clients. Our Data Suppliers are owners of Apps or data aggregators who primarily receive information from software development kits that are embedded directly into Apps. The data is all opted in and our Data Suppliers provide us with the following Information.

  • Mobile ad identifiers, primarily Apple iOS IDFAs or Google Android IDs.
  • The precise geographic location of a device at a certain time, usually expressed in latitude/longitude coordinates along with a timestamp.
  • The horizontal accuracy of the latitude/longitude coordinates.
  • Phone carrier and connection type (e.g., cellular, Wi-Fi).
  • The direction in which the device is traveling as a degree coordinate and speed of the device.
  • Information about a device such as device type and model and OS type and version.
  • Device language.

This data is all anonymous with no PII and is used for various data products and follows the same security and privacy rules as our collected data

3.3 Location Data

When it comes to our location data specifically we are compliant with all applicable user choice regulations, and have systems in place to protect a users rights 

  • Right To Be Forgotten: We have user opt out policies with all of our data providers, and we have automated processes in place to facilitate this process. 
  • Location Precision: we are compliant with all restrictions on geo precision and sensitive POI exclusion as it applies to location data

 

4. Data Solution Opt-Out Process

If users want to opt-out of our use of their hashed email address, device’s mobile advertising identifiers, location data, and other related data we use in our solutions. To opt-out the user should adjust the settings on their mobile device with respect to location to ensure that their data is not collected again in the future. Once they have changed their settings they can submit the opt-out request found HERE. We will use this data to remove the user from our solutions and send upstream requests to our partners to ensure they are removed.

Please note that the opt-out will be specific to the device for which they submit the opt-out request. This means that if the user uses multiple devices, they will need to opt out each device that they use. In addition, if they re-set their mobile advertising ID, they will need to opt-out that device again.

 

5. Data Security and Retention

At Native Touch, we take data security seriously. Our robust data management practices include:

  • Encryption: All data is encrypted and securely stored to prevent unauthorized access. 
  • Access Controls: Only trained and authorized personnel, trained in data security best practices have access to the data, and strict controls are in place to protect it from unauthorized access.
  • Secure Client Access: Production Data is never delivered or granted to clients through unsecure avenues, and samples are always built using lookalike data unless it's transmitted via our traditional routes.  
  • Data Retention: We retain non-PII for as long as necessary to fulfill our business purposes or comply with legal obligations.