By default, and only from the time chosen by the publisher, WonderPush does not collect any personnal or sensitive data, nor persistent identifiers such as device id, idfa, etc., nor geographical coordinates, nor IP address. The publisher is then the sole master of the information it retrieves and stores on behalf of its end users, via the tools made available to it such as tags, custom properties and events.
The data collected by default by wonderpush, once the user has granted permission to push notifications, are: a random installation identifier representing the user's device, a push token allowing to send him notifications and properties related to the device, such as the system used, the system language, the time zone...
The installation identifier is random and does not depend on the IP address, or the user agent of the user's terminal, or IDFA type identifier. The same user on the same terminal who would delete his browsing data and then subscribe again to pushes, would be allocated a new installation identifier and a new push token. The push token can be revoked at any time by the end user, from his terminal, by unsubscribing to push notifications. Furthermore, the deletion of browsing data by the user causes the deletion of the installation identifier.
Here is the list: https://docs.wonderpush.com/docs/collected-data
It depends on what the publisher chooses to collect. The publisher is the sole master of his tagging plan.
Sensitive personal data be processed in the framework of the project (eg. Health data, trade union membership, etc.)?
WonderPush does not collect any sensitive data. The unique process consists of:
-extracting from WonderPush database, at the initiative of the publisher when he triggers a push, data attached to randomly generated installation IDs and their associated push tokens, revocable at any time by the end user, plus the tagging data decided by the publisher.
What is the data storage medium (it can be hardware, software, paper documents or computer for example)?
Data is encrypted in transit via HTTPS supporting TLS 1.3 and at rest on secure Google Cloud servers in Brussels using AES256.
No interconnection is made with any other tool / software unless requested by the customer.
90 days by default for user events. Inactive installations which are older than 90 days are automatically deleted.
From experience, we find that a user who has not reopened the application for 90 days, i.e. inactive for 3 months, is no longer able to be re-engaged via the push channel. In addition, we believe that data older than 90 days is no longer useful for the use of pushes. Nevertheless, a publisher who does not share our vision has the possibility of recovering all the data in real time on its own servers, of applying its own data retention policy on its servers and of using, on their base, the APIs of WonderPush to trigger its pushes.
Yes, but not beyond 6 months. We recommend using our apis or our webhooks to retrieve your data as you go. In addition to security and privacy reasons, WonderPush does not accumulate raw data because the accumulation is not useful in the context of pushes.
You can identify inactive installations for a given period. WonderPush also detects phantom devices that are devices which somehow no longer receive your notifications without having ever unsubscribed. They include lost, sold, broken, forgotten or factory reset devices, uninstalled apps, etc.
WonderPush uses a sophisticated algorithm based, among other things, on the repeated lack of acknowledgment to identify them.
Only the publisher's staff authorized according to their rights, with and admin role minimum, can remove data and after activating a 2 Factors Authentication. WonderPush does not touch, modify or delete any of your data, apart from the automatic deletion of old data as explained
Back-ups are incremental and made on a daily basis. They are kept during 90 days and fully destroyed after.
Anonymization is by design since WonderPush does not collect any stable identification data by default (IP, User Agent, IDFA, precise geography...). In fact, the data collected does not in any way allow the "re-identification" of users. If the publisher wishes to consolidate the data thus collected with those collected via another source (for example, CRM), then he must himself define a user identifier transmitted to WonderPush at the time of initialization of the SDK. From then on, he will be able to reconcile his data on his own servers.
WonderPush lets you build a team of collaborators and give each of them an appropriate level of access to your project. Here is the list of possible roles: https://docs.wonderpush.com/docs/dashboard-staff
The processed personal data be relevant and limited to what is necessary for the purposes for which they are processed?
By default, and only from the time chosen by the publisher, WonderPush does not collect any sensitive data, nor persistent identifiers such as device id, idfa, etc., nor geographical coordinates, nor IP address. The publisher is then the sole master of the information it retrieves and stores on behalf of its end users, via the tools made available to it such as tags, custom properties and events.
By default, data relating to a device is linked to an installation id. This installation id is random and never the same.
The only way to do this is for the publisher to define a user ID that will be provided to the SDK at initialization time. This user ID will allow the publisher, and him exclusively, to reconcile the data collected via WonderPush with those he has via the publisher's other systems.
The installationId is a hash calculated from the user ID provided by the publisher but also from a random number that changes with each reinstallation or deletion of data. It is in fact impossible to trace the user identifier provided by the publisher from the installationId.
WonderPush provides, among other things, tools to allow users to download all data stored on WonderPush concerning their terminal as well as to delete them on their own.
The display of adapted messages must be carried out by the publisher.
The operation is different depending on whether you are on an android device or an iOS device.
On Android, by default the end user is automatically subscribed to push notifications and can unsubscribe at any time by accessing the settings at the top right of a notification.
On iOS, by default, the end user is not subscribed to push notifications. iOS requires you to prompt the end user to opt in.
Yes. WonderPush provides the publisher with a tool to activate WonderPush on the sole condition that the end user has given their consent.
End users do not need to request access to their data to you. WonderPush directly allows them to:
- download all the data stored on the server side concerning his device
- immediately delete all the data stored on the server side concerning his device.
WonderPush recommends exposing within the application, in its settings and in a "personal data and privacy" section, a switch "Disable push notifications", as well as two links "Download my notification data", and " Delete my notification data". These functionalities are directly offered by the WonderPush SDKs and aim to give the user control over the management of his personal data.
If a user has in the meantime deleted their application and therefore cannot access these personal data management features, then their data will follow the general life cycle within WonderPush, namely, 90-day deletion.
If the publisher wants to delete all the data of a user to whom the publisher would have associated a user id, then the publisher can either find within the dashboard the installations corresponding to the user id and delete them, or delete them directly via a call to API from the publisher servers.
The users can only download or delete their data. The possibility of downloading / deleting personal data by the user himself seems to us to be a fundamental right and WonderPush strongly advocates allowing it. Free to the publisher not to expose this functionality.
The users can unsubscribe from push at any time and de facto block any further processing.
WonderPush uses a unique subcontractor as servers and data hosting provider. This is Google Cloud Computing, based in Brusssels (Belgium).
The data is stored on WonderPush servers within Google Cloud Platform Brussels. The data is stored and processed exclusively within this area. The data is anonymized and temporarily stored for the exclusive use of allowing the publisher to send push notifications to the subscribed users it has targeted.
No, in no case. The publisher is the sole owner of the data (with its users) and only he decides on their use.
No. The data is hosted on dedicated servers rented by WonderPush from Google Cloud Computing in Brussels (Belgium). WonderPush has no other subcontractors.
Google Cloud Platform's parent company is located in the United States. Don't you think it is necessary to regulate potential data transfers outside the EU (in application of the Cloud act).
WonderPush has chosen to deploy its service within the infrastructure of Google Cloud France, Europe Region (specifically in Belgium), for its location in the EU, scalability, resilience and the very high level of security offered by GCP. GCP contractually guarantees that the absence of external transfer of data stored within the region chosen by the publisher.
In addition, the storage policy (anonymization, encryption, no IP or IDFA, no deletion of data beyond 90 days, etc.) deployed by WonderPush, renders unusable by design, data that would eventually be transferred to under the application of the Cloud Act.
Updated 5 months ago