Table of Contents

Third Party Tools - End User data collection

Lydia Joynes Updated by Lydia Joynes

Data collection from 3rd party tools used in Padoq:

Firebase:

Firebase Data Processing and Security Terms

When customers use Firebase, Google is generally a data processor under GDPR and processes personal data on their behalf. Similarly, when customers use Firebase, Google generally operates as a service provider under the CCPA handling personal information on their behalf. Firebase terms include Data Processing and Security Terms detailing these responsibilities.

Certain Firebase services governed by the Google Cloud Platform (GCP) Terms of Service are already covered by associated data processing terms, the GCP Data 

Data processing information

Examples of end-user personal data processed by Firebase

Some Firebase services process your end users' personal data to provide their service. The chart below has examples of how various Firebase services use and handle end-user personal data. In addition, many Firebase services offer the ability to request deletion of specific data or control how data is handled.

Firebase service

Personal data

How data helps provide the service

Cloud Functions for Firebase

  • IP addresses

How it helps: Cloud Functions uses IP addresses to execute event-handling functions and HTTP functions based on end-user actions.

Retention: Cloud functions only saves IP addresses temporarily, to provide the service.

Firebase App Distribution

How it helps: Firebase App Distribution uses the data to distribute app builds to testers, monitor tester activity, and associate data with tester devices.

Retention: Firebase App Distribution retains user information until the Firebase customer requests its deletion, after which data is removed from live and backup systems within 180 days.

Firebase Authentication

  • Passwords
  • Email addresses
  • Phone numbers
  • User agents
  • IP addresses

How it helps: Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication.

Retention: Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Firebase customer initiates deletion of the associated user, after which data is removed from live and backup systems within 180 days.

Firebase Cloud Messaging

  • Instance IDs

How it helps: Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to.

Retention: Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Crashlytics

  • Instance IDs
  • Crash traces
  • Breakpad minidump formatted data
    (NDK crashes only)

How it helps: Firebase Crashlytics uses crash stack traces to associate crashes with a project, send email alerts to project members and display them in the Firebase Console, and help Firebase customers debug crashes. It uses Instance IDs to measure the number of users impacted by a crash and minidump data to process NDK crashes. The minidump data is stored while the crash session is being processed and then discarded. Refer to Examples of stored device information for more detail on the types of user information gathered.

Retention: Firebase Crashlytics retains crash stack traces, extracted minidump data, and associated identifiers (including Instance IDs) for 90 days.

Note: Firebase Crashlytics stores minidump data only temporarily in order to process NDK crashes.

Firebase Dynamic Links

  • Device specs (iOS)
  • IP Addresses (iOS)

How it helps: Dynamic Links uses device specs and IP addresses on iOS to open newly-installed apps to a specific page or context.

Retention: Dynamic Links only stores device specs and IP addresses temporarily, to provide the service.

Firebase Hosting

  • IP addresses

How it helps: Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data.

Retention: Hosting retains IP data for a few months.

Firebase ML

  • Uploaded Images
  • Instance IDs

How it helps: The Cloud based APIs store uploaded images temporarily, to process and return the analysis to you. Stored images are typically deleted within a few hours. See the Cloud Vision Data Usage FAQ for more information.

Instance IDs are used by Firebase ML when interacting with app instances, for example, to distribute developer models to app instances. Instance IDs also allow Firebase ML to utilize Firebase Remote Config to ensure device-side APIs (e.g., topic lists and filters) are kept up to date.

Retention: Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Performance Monitoring

  • Instance IDs
  • IP addresses

How it helps: Performance Monitoring uses Instance IDs to calculate the number of unique Firebase installations that access network resources, to ensure that access patterns are sufficiently anonymous. It also uses Instance IDs with Firebase Remote Config to manage the rate of performance event reporting. Additionally, it uses IP addresses to map performance events to the countries they originate from. For more details, refer to Examples of information collected.

Retention: Performance Monitoring keeps instance and IP-associated events for 30 days and de-identified performance data for 90 days.

Firebase Predictions

  • Instance IDs

How it helps: Predictions uses Instance IDs to associate Firebase installations with a project and to retrieve a time series of events. It uses those events to enable prediction of the likelihood of occurrence of customer-specified events, as well as spend and churn predictions by default.

Retention: Predictions stores instance-associated events for 60 days, and predictions made based on these events for a few weeks. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Realtime Database

  • IP addresses
  • User agents

How it helps: Realtime Database uses IP addresses and user agents to enable the profiler tool, which helps Firebase customers understand usage trends and platform breakdowns.

Retention: Realtime Database keeps IP addresses and user agent information for a few days, unless a customer chooses to save it for longer.

Firebase Remote Config

  • Instance IDs

How it helps: Remote Config uses Instance IDs to select configuration values to return to end-user devices.

Retention: Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Google Analytics for Firebase

How it helps: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. For more information see Data collection.

Retention: Google Analytics retains certain advertising identifier associated data (e.g., Apple’s Identifier for Advertisers and Identifier for Vendors, Android’s Advertising ID) for 60 days, and retains aggregate reporting without automatic expiration. Retention of user-level data, including conversions, is fixed at up to 14 months. For all other event data, you may set the retention in your Analytics settings to 2 months or 14 months. Learn more.

Branch:

Branch collects the following information from web URLs created by the Client and pixels placed on Client websites. Some of this information is considered personal data under applicable law (in other words, information that itself may identify a unique individual or can be linked back to an individual) (“Personal Data”).

Type of Information Collected

Purpose

IP Address

Standard web HTTP request; used for matching and to understand general location

Cookie

Standard web cookies, used for matching

Link Data

Metadata controlled by the Client, which may be used to interpret the data for reporting, or for analytics

User Agent

Standard web browser user agent metadata; used for matching

Referrer

Standard web browser HTTP referrer; may be used for reporting and analytics

Request

Standard web HTTP request

Phone Number

(Optional) used only to facilitate the “Text me the app” feature if used

Engagement Data

Information relating to the Client’s ad campaigns and User interactions, such as clicks on Client ads, Client ad impressions viewed, audiences or segments to which an ad campaign is attributed, type of ads and the webpage from which such ads were displayed, and webpages on Client’s website visited by a User.  

Other interactions, events and actions Clients choose to measure and analyze within their mobile website (e.g. add to cart, in-app purchases made, clicks, engagement time etc.).  

 

Information Collected by Branch SDKs

SDKs are Software Development Kits that include code that allows Clients to use the Branch Services. The Branch Mobile App SDKs and Web SDKs collect the following information when Clients use these SDKs in their mobile applications or websites, some of which may be considered Personal Data under applicable law:  

Type of Information Collected

Purpose

iOS Identifier for Advertising (IDFA)

Used for identification and matching

iOS Identifier for Vendors (IDFV)

Used for identification and matching

Android Advertising ID (GAID)

Used for identification and matching

Android ID

Used for identification and matching

Branch Cookie ID

Used for identification and matching

IP Address

Standard web HTTP request; used for matching and to understand general location

Application version

Metadata feature used for identification and matching

Device model

Metadata feature used for identification and matching

Manufacturer

Metadata feature used for identification and matching

Operating system

Metadata feature used for identification and matching

Operating system version

Metadata feature used for identification and matching

Screen size

Metadata feature used for identification and matching

Screen resolution

Metadata feature used for identification and matching

Session start/stop time

Metadata feature used for reporting and analytics

Mobile network status (WiFi, etc)

Metadata feature used for identification and matching

Application installed time

Metadata feature used for reporting and analytics

Application updated time

Metadata feature used for reporting and analytics

Device locale (country and language)

Metadata feature used for identification and matching

Local IP address

Metadata feature used for identification and matching

Mobile platform

Metadata feature used for identification and matching

Branch SDK version

Metadata feature used for identification and matching

Developer ID

(optional) Client-supplied unique identifier; metadata feature used for identification and matching

Carrier ID

Metadata feature used for identification and matching

Engagement Data

Information relating to the Client’s ad campaigns and User interactions, such as clicks on Client ads, Client ad impressions viewed, audiences or segments to which an ad campaign is attributed, type of ads and the mobile application page from which such ads were displayed, pages on Client’s application visited by a User, and downloads and installations of mobile applications.  

Other interactions, events and actions Clients choose to measure and analyze within their application (e.g. add to cart, in-app purchases made, clicks, engagement time etc.).  

 

In addition to the information identified above, the Branch Desktop SDKs collect the following identifiers when Clients use these SDKs in their desktop applications, some of which may be considered Personal Data under applicable law:  

Type of Information Collected

Purpose

MAC address

Used for identification and matching

Windows Advertising ID

Used for identification and matching

CPU ID

Used for identification and matching

Twilio:

What Personal Information Twilio collects

While we’re on the subject of Customer Account Data and Customer Usage Data, we’d like to give you a brief summary of the categories of personal information that might be found in the Customer Account Data and Customer Usage Data that we collect from our customers and their end users, so you can know at a glance what we’re talking about.

We collect and process your personal information:

  • When you visit a Twilio public-facing website like twilio.com, twilio.org, authy.com, or sendgrid.com, sign up for a Twilio event, like SIGNAL, or make a request to receive information about Twilio or our products, like a Twilio whitepaper or a newsletter;
  • When you contact our Sales Team or Customer Support Team; and
  • When you sign up for a Twilio, Authy, or SendGrid account and use our products and services.

We call this personal information Customer Account Data. We also collect Customer Usage Data from you when you send or receive communications through your use of our services. This data might take different forms, and we might use it for different purposes — read on for more information.

Learn More

Depending on your interactions with us, we might collect the following categories of personal information, and for the following reasons:

  • We collect Identifiers, like your name and contact information (Customer Account Data), when you sign up or use our products or services and to do things like allow you user our products, verify your identity, and communicate with you.
  • We collect Commercial information when we keep track of the services that you purchase from us and our communications history about those services.
  • We collect Financial information, such as your payment information, when you pay for our services.
  • We collect Internet and other electronic activity information, such as communications metadata, as you browse our website or use our services. This metadata may be information about how you browse our websites and what features you use on our service, or it may be your Customer Usage Data as you send communications over the service.
  • We collect Geolocation information when you use our products or services. Depending on the product or service, this could be location based on your IP address, or, such as if you are using our IoT products and services, based on the cell tower to which a mobile device is connected, or Wi-Fi triangulation,.
  • We collect Professional or employment information, such as your company or employer or your role at your company.
  • If you attend an event or fill out a form or survey with us, we might collect your age, your gender, or other information that counts as characteristics of protected classifications; however, we will only collect those with your knowledge and opt-in consent.

You can always read more in our API documentation about how we treat personal information we process using our service.

When we’re processing your personal information as our customer, we’re generally processing Customer Account Data or Customer Usage Data. When we do, we’re a controller, as we described above, and this Privacy Statement details the rules that control our use of that data.

In addition, as a processor and a service provider, we process Customer Content that may include personal information from any of those categories, plus others. If you’re an end user of a customer of ours, our customer will be able to help you with more details on what categories they’re collecting and using. If you’re our customer, you can read more about our responsibilities as a service provider in our CCPA Notice.

Sendgrid:

 Same as Twilio. Sendgrid is a Twilio Product.

Giphy:

What Information Do We Collect About You?

We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.  The information we gather enables us to improve, understand, and continue to operate the Services. In connection with certain aspects of the Services, we may request, collect and/or display some of your Personal Data. Below explains in greater detail the types of information that we collect about our users.

Information You Provide to Us

Account Information:

If you create an Account, register for a brand or artist channel, or register for a verified user profile, or have registered for Electric Objects, you will provide information that could be Personal Data, such as your email address, username, contact name, password, display name (for artist channel) and art preferences (for Electric Objects). You may also choose to provide additional Personal Data, including an avatar/profile picture, information about yourself, basic demographic information a description of your channel, a brand parent company (brand or artist channel), location (brand or artist channel), your Giphy Channel URL (for verified user profile), attachments to your application (for verified user profile) and links to your website or social media profiles.

Additionally, if you register for or access the Services using a Third Party Service (such as your social media account login credentials), we may receive Personal Data that you have made available to share through such Third Party Service, which may include, without limitation, your name. You may also choose to include your email address.  You acknowledge that this information may be personal to you, and by creating an Account and providing Personal Data to us, you allow others, including us, to identify you and therefore may not be anonymous. We may use your contact information to send you information about our Services.

User Content:

Some features of the Services allow you to provide content to the Services, and related Personal Data if you so choose. User content includes, but are not limited to, GIFs, written comments, links, and pictures. All content submitted by you to the Services and related data (e.g., technical specifications of a GIF) may be retained by us indefinitely, even after you terminate your Account or your access to the Services is terminated. We may continue to disclose such content to third parties in a manner that does not reveal Personal Data, as described in this Privacy Policy. 

Information From Others

As mentioned above, you may be able to register for or access the Services using a Third Party Service, such as your social media account (e.g. Facebook, Twitter, etc.).  Occasionally, you can also use your Account on our Services to interact with your accounts on these other Third Party Services. For example, you may be able to access posting and sharing tools on the Services that allow you to post information to your social networks outside of the Services (“Share”).  By using these tools or Third Party Services, you acknowledge that some information (such as your IP address, language preferences, timestamp and identifiers related to your request) may be transmitted to us, and that such information and content is covered by this Privacy Policy.  . Furthermore, if a tool, such as the Share tool, is operated by a Third Party Service, the Third Party Service that operates the tool may collect information about your browser or online activity, which would be subject to the Third Party Service’s privacy policy and your account settings selected through that Third Party Service. When you use these tools, some of your information from the Services may be shared with the Third Party Service and others, including selected GIF.  Therefore, we encourage you to read the privacy policies and other policies of any Third Party Services, including without limitation any applicable social networks, that you use in connection with the Services.

Information Collected Automatically

We automatically receive and record information from your web browser or device when you interact with the Services, including when you search for, select, view or receive a GIF, such as your IP address, device ID, user query information and cookie information. This information is used to enable us to deliver GIFs to you, for fighting spam/malware, to improve the service and also to facilitate collection of data concerning your interaction with the Services (e.g., what links you have clicked on). Your IP address may be used to send you geographically-targeted advertisements.

Generally, the Services automatically collect usage information, such as the number and frequency of visitors to the Site and the Services. We may use this data in aggregate form, for example, as a statistical measure or in other anonymous forms, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them.

Exponea:

What data does Exponea process as a controller?

Here is a quick list of such data - candidates’ resumes, data collected via cookies on https://exponea.com, our subscribers’ email addresses, data received through our website’s contact forms and other. You can also check out our Privacy Policy for detailed information about the data we collect, process and retain as a controller.

You can download data Exponea as a controller processes in connection with your email address.

What data does Exponea process as a processor?

Please note that you cannot download data that Exponea processes as a processor.

Simply speaking, we process data as a processer when someone purchases our services. In this case we process data not on our own behalf but on behalf this customer.

Let’s say that our customer is as online shoes retailer who sells shoes through its website www.pinkshoes.com On behalf of this retailer Exponea will process certain data about people shopping on www.pinkshoes.com. This data may include, for example, the number of clicks, scrollings, mouse-overs, lengths of visits etc). There are plenty of data we may process as a processor, so check our Privacy Policy for more information.

Please note that by following the instructions you will NOT download data Exponea as a processor processes in connection with your email address.

Google Play:

We want you to understand the types of information we collect as you use our services

We collect information to provide better services to all our users – from figuring out basic stuff such as which language you speak, to more complex things like which ads you’ll find most useful, the people who matter most to you online or which YouTube videos you might like. The information Google collects, and how that information is used, depends on how you use our services and how you manage your privacy controls.

When you’re not signed in to a Google Account, we store the information that we collect with unique identifiers tied to the browser, application or device that you’re using. This helps us do things such as maintain your language preferences across browsing sessions.

When you’re signed in, we also collect information that we store with your Google Account, which we treat as personal information.

Things that you create or provide to us

When you create a Google Account, you provide us with personal information that includes your name and a password. You can also choose to add a phone number or payment information to your account. Even if you aren’t signed in to a Google Account, you might choose to provide us with information – like an email address to receive updates about our services.

We also collect the content that you create, upload or receive from others when using our services. This includes things such as email you write and receive, photos and videos that you save, docs and spreadsheets you create and comments that you make on YouTube videos.

Information that we collect as you use our services

Your apps, browsers & devices

We collect information about the apps, browsers and devices that you use to access Google services, which helps us provide features such as automatic product updates and dimming your screen if your battery runs low.

The information that we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including operator name and phone number and application version number. We also collect information about the interaction of your apps, browsers and devices with our services, including IP address, crash reports, system activity, and the date, time and referrer URL of your request.

We collect this information when a Google service on your device contacts our servers – for example, when you install an app from the Play Store or when a service checks for automatic updates. If you’re using an Android device with Google apps, your device periodically contacts Google servers to provide information about your device and connection to our services. This information includes things such as your device type, operator name, crash reports and which apps you’ve installed.

Your activity

We collect information about your activity in our services, which we use to do things like recommend a YouTube video that you might like. The activity information that we collect may include:

If you use our services to make and receive calls or send and receive messages, we may collect telephony log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information and types of calls.

You can visit your Google Account to find and manage activity information that’s saved in your account.

Go to Google Account

Your location information

We collect information about your location when you use our services, which helps us offer features such as driving directions for your weekend getaway or show times for movies playing near you.

Your location can be determined with varying degrees of accuracy by:

The types of location data that we collect depend in part on your device and account settings. For example, you can turn your Android device’s location on or off using the device’s settings app. You can also turn on Location History if you want to create a private map of where you go with your signed-in devices.

In some circumstances, Google also collects information about you from publicly accessible sources. For example, if your name appears in your local newspaper, Google’s Search engine may index that article and display it to other people if they search for your name. We may also collect information about you from trusted partners, including marketing partners who provide us with information about potential customers of our business services, and security partners who provide us with information to protect against abuse. We also receive information from advertisers to provide advertising and research services on their behalf.

We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases and server logs.

Apple:

What personal information we collect

  • When you create an Apple ID, apply for commercial credit, purchase a product, download a software update, register for a class at an Apple Retail Store, connect to our services, contact us including by social media or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, device identifiers, IP address, location information, credit card information and profile information where the contact is via social media.
  • When you share your content with family and friends using Apple products, send gift certificates and products, or invite others to participate in Apple services or forums, Apple may collect the information you provide about those people such as name, mailing address, email address, and phone number. Apple will use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes.
  • In certain jurisdictions, we may ask for a government issued ID in limited circumstances including when setting up a wireless account and activating your device, for the purpose of extending commercial credit, managing reservations, or as required by law.

Instabug:

What Personal Data does Instabug collect?

Information That You Provide To Us. Instabug collects the information you voluntarily submit to the Service when you register for an account: your name, email address, mailing address, phone number, payment-related information (credit card number, physical address, etc.). We also collect Personal Data that is entered on our Site or is sent to us electronically when you request information, including a product demo, register for a webinar or other event, complete any “free text” boxes in our forms (for example, support request or survey submission). More, we may collect Personal Data disclosed by you on our forums, blogs and our other areas of the Service to which you can post information and materials.

Information Received From Third-Party Services. If you connect to the Service using credentials from a third-party service or sign-in services such as OAuth (for example, login with a GitHub or Google account), these services will authenticate a user’s identity and provide the user with the option to share certain Personal Data, such as name and email address(es), with us.

Automatically Collected Data. Whenever you interact with the Service, we automatically receive and store certain types of information including information that your browser automatically sends. Such information may include the user's IP address (from which we understand the country you are connecting from at the time you visit the Site), domain server, and type of Internet browser.

We also use "cookies" (small text files placed on your device) and similar technologies to operate the Service, track your experience and use of the Service and to present you with advertising relevant to your interests. You can read more about how we use cookies and similar technologies on our Cookie Policy.

BugBattle:

Whаt Information dоеѕ bugbаttlе.іо collect about уоu?

Infоrmаtіоn wе оbtаіn frоm your uѕе of оur website:

We collect іnfоrmаtіоn аbоut the dеvісе thаt уоu use and hоw уоu use it. Wе use thіѕ іnfоrmаtіоn to support оur lеgіtіmаtе іntеrеѕt іn іmрrоvіng your experience аѕ a uѕеr.

Thіѕ іnfоrmаtіоn іnсludеѕ:

  • System Infоrmаtіоn and dаtа Uѕаgе
  • Wе collect dеvісе-ѕресіfіс information, lіkе unіԛuе dеvісе іdеntіfіеrѕ, ореrаtіng ѕуѕtеm, аnd thе tуре оf device you use.
  • We соllесt іnfоrmаtіоn about how уоu use оur wеbѕіtе. Thіѕ іnсludеѕ license information, whісh applications уоu use and fоr hоw lоng, уоur сіtу аnd соuntrу frоm your IP аddrеѕѕ, and information аbоut уоur brоwѕеr.
  • Our wеbѕіtе also includes lіnkѕ, оr соntеnt thаt takes уоu to аnоthеr соmраnу’ѕ ѕеrvісеѕ. Wе collect іnfоrmаtіоn аbоut уоur use оf these fеаturеѕ through оur Analytics tооlѕ and third-party analytics tools.

Errоr data

We соllесt аnd trасk dаtа on tесhnісаl еrrоrѕ thаt mау occur when уоu uѕе our wеbѕіtе, іf you choose to ѕеnd thе rеlеvаnt report to uѕ іn еасh саѕе. Before thе report іѕ ѕеnt to us, you will bе told whаt information wіll bе соllесtеd аnd hоw it will bе sent to uѕ.

How did we do?

Firebase

Contact