GDPR is new legislation in the EU that concerns privacy around personal data. The law is meant to ensure that citizens are informed of and give consent to giving the data that is collected about them to third parties.
Most of the regulation involved in GDPR does not impact TINT because TINT does NOT collect any highly sensitive information such as names, IP addresses, health records, or social security data. Most of the data TINT collects is classified as public, or covered by the End User License Agreements (EULAs) that are already implemented in the systems we collect data from. In addition, we do not sell data, which is another important component of GDPR.
However, it is important to understand the different categories of data that TINT collects and how that impacts GDPR compliance:
Category 1 - TINT Account Data
- TINT account email addresses
- TINT account passwords
Category 2 - Information about how TINT customers use our product
- Google Analytics - Product usage analytics
- Mixpanel - Product usage analytics
- FullStory - TINT records session data on how TINT users are using the TINT platform so we can find usability issues
Category 3 -Information about how the end user uses the product
- Engagement Analytics on TINT embeds
- Clicks on TINT posts
- Clicks on TINT Calls-to-Action buttons on posts
- TINT embed views
- This is the most sensitive category of information that applies to the most customers.
- We don’t collect the IP, which reduces the impact GDPR has on this data
- We do have functionality to turn off the cookies by adding the ?notrack=true parameter to a TINT URL which allows them to use TINT without having to get consent. However, when cookies are turned off, they will not be able to take advantage of TINT’s analytics.
Category 4 - Aggregated data from major social networks
- Instagram posts
- Twitter posts
- Facebook posts
- The aggregation of social data falls under the GDPR personal data regulations.
- The social network’s End User License Agreement (EULA) covers consent for this data.
- We implement compliance with the social network to make sure that posts that are deleted or modified on the social network are reflected in our database.
Category 5 - Aggregated data from non-social-networks
- RSS content
- Content from these channels does NOT have the protection of a EULA. The responsibility falls on the customer to make sure that they comply with GDPR when they use these sources, and that they have gotten the proper consent for the data being aggregated.