- UID - a unique identification of your device.
- "IP to location" data - approximation of location to city/country level.
- Implicit PII - data collected with assumed consent (e.g. by tapping a sticky). This may include your IP address, "IP to location" data and user agent. Every data point contains a UID which allows data points to be associated with each other.
- Explicit PII - data collected with specific consent, such as your name or shipping address.
What data do we collect?
Tapping a sticky
We collect implicit PII.
We collect explicit PII, such as your name and address, so we can send you stickies and charge you in the right currency.
How do we use your data?
Tapping a sticky
- We provide analytics and an event log to our customers. They include "IP to location" data and user agent for each sticky. They don't include your UID.
- We perform personalisation by your UID.
We use explicit PII to fulfill orders and for customer service. We don't use implicit PII or explicit PII for marketing.
How do we store your data?
We store all data in "Google Cloud Platform". We access data via our secure API and all requests are logged. Special privileges are required to access raw data.
We store your UID using a single cookie.
What are my rights?
- Right to access - we will give you a copy of relevant explicit PII.
- Right to rectify - we will change relevant explicit PII if you believe is is incorrect or incomplete.
- Right to erasure - we will erase relevant explicit PII under any condition. We don't erase implicit PII. To disassociate yourself from implicit PII, clear your browser's "Local Storage".
- Right to restrict processing - you can ask us not to process relevant explicit PII. You can't ask us not to process implicit PII; we need it to make Sticky work.
- Right to portability - we will give you relevant explicit PII in any reasonable format.
Engaging with kids
Sticky ensures flows by customers operating an online service with an under 13 audience are compliant with kids' data privacy laws around the world. We call this our "zero-data" standard.
Our "zero-data" standard is applied to flows which a customer has marked as "kid safe". "Zero-data" means the app:
- Does not collect any implicit PII, explicit PII or "IP to location" data
- Does not create a UID (COPPA/GDPR-K "persistent identifier") so we cannot track any activity both between tapping stickies or online visits
It may be possible for elements of a Sticky app's complete flow to collect kids' PII if the customer has verifiable parental consent. Sticky itself will never ask for verifiable parental consent because we apply a "zero-data" standard.