one Scope of application and explanation of terms
Shence Network Technology (Beijing) Co., Ltd. (hereinafter referred to as "Shence" or "we"), as the operator of Shence official website, Shence software products and services, always attaches great importance to the protection of users' personal information. In order to help enterprise customers using Shence software products (hereinafter referred to as "customers") better implement matters related to the protection of personal information of end users, and at the same time, to facilitate customers to better understand the compliance of Shence software products and the adopted security protection technology capabilities, especially the methods and measures to protect personal information and privacy, Shence specially prepared this version of Compliance Instructions 。 This description is applicable to all Shence products and services as well as specific software products and services that may be involved (hereinafter referred to as "Shence software products and services"), including but not limited to the official website SDK one APIs, plug-ins, components, codes, tools, and software products (Shence analysis, Shence intelligent operation, Shence intelligent recommendation, etc.) and services that are constantly innovated and developed 。
two Description of data storage and application of Shence software products
2.1. Shence solemnly promises not to contact customer data without authorization
For users of Shence software products with privatization deployment, that is, the system is deployed in the customer's machine room or the public cloud used by the customer (including but not limited to Alibaba Cloud, Tencent Cloud, Huawei Cloud AWS 、 Azure The relevant security measures and authority restrictions are all controlled by the customer, and the customer has no right to obtain the data in the computer room.
For using SaaS Users of Shence software products in the deployment mode, that is, multi node distributed deployment on the server side of the customer system. Shence also has no access to customer data, and only manages service resources for service purposes.
Shence promises that in the process of providing software products and services, it will not contact the statistical results in the form of relevant data or statements without the authorization of customers.
2.2. The software products and services provided by Shence can only be used for legal purposes
Customers can only use Shence software products and services for legal purposes. Customers need to ensure that they use Shence Software Product and service Behavioral compliance relevant The provisions of laws and regulations and regulatory requirements shall not infringe the intellectual property rights and other legitimate rights and interests of any third party, nor violate the provisions of the legal documents binding on them. Shence has the right to suspend if the customer violates the above agreement Provide products and services, and If this agreement is terminated, the service fees charged will not be refunded ; If Shence is subject to third-party recourse, administrative investigation or other legal proceedings, the customer shall also compensate Shence for all losses (including but not limited to litigation response costs, costs incurred in cooperation with the investigation, third-party recourse compensation, compensation, attorney fees, etc.).
In order to comply with the requirements of the Personal Information Protection Law on "obtaining the authorized consent of the right owner when collecting data", customers who use Shence software products to collect compliance data need to disclose the third party in the User Privacy Instructions SDK And Shence software products.
2.3. Disclaimer
If customers use Shence software products for data collection, they should ensure that the data sources are legal and compliant, or have obtained authorization from interested parties and end users.
The customer's information processing to the end user should be legal and compliant, otherwise Shence has the right to require the customer to stop using Shence software products for data collection and processing, and reserves the right to investigate the responsibility, and it will not be deemed as Shence's breach of contract.
If the customer uses Shence software products to collect and process data from the third party designated by the customer, Shence has the right to require the customer to bear or compensate for the third party's demands and corresponding responsibilities arising from this behavior.
three Description of Shence's security measures for data processing
3.1. Data collection safety instructions
3.1.1. SDK Delay Initialization
3.1.1.1. Android Compliance Steps
Android SDK in v6.0.0 Version and above provide a way to delay initialization to meet compliance 。 customer stay his After the user agrees to the Privacy Policy, initialize S DK conduct Data collection. Refer to the following steps for details:
First call Call SensorsDataAPI. startWithConfigOptions() after agreeing to the privacy terms to initialize the SDK, and then the main thread initializes the SDK in the onCreate() method of Application
//The main thread initializes the SDK in the onCreate() method of Application If (agree to the privacy clause){ SAConfigOptions saConfigOptions = new SAConfigOptions(SA_SERVER_URL); //Initialize SDK SensorsDataAPI.startWithConfigOptions(this, saConfigOptions); }
JAVA
//Initialize SDK after agreeing to privacy terms in activity If (does not agree to the privacy clause){ //Privacy protocol pop-up related logic If (agree to the privacy clause){ //Initialize Configuration SAConfigOptions saConfigOptions = new SAConfigOptions(SA_SERVER_URL); //Initialize the SDK and delay the initialization of the scenario context. Activity needs to be passed SensorsDataAPI.startWithConfigOptions(this, saConfigOptions); } }
JAVA
- Delayed initialization only supports the incoming context as Activity
- Disable initialization in onDestroy
- The Deeplink call page should be consistent with the initialization page
- For the delayed initialization scenario, the triggered $AppStart event will fail to carry the static public attribute. You need to use the Attribute plug-in in advanced functions Set properties in initialization
If some buttons (such as the secure keyboard for entering the user password) contain privacy information, the Android full burial point provides the API to ignore the click event collection of controls:
SensorsDataAPI.shareInstance().ignoreView(View view);
CODE
Android SensorsFocus SDK in v0.5.0 Version and above provide a way to delay initialization to meet compliance 。 customer stay his After the user agrees to the Privacy Policy, initialize S DK 。 Refer to the following steps for details:
First call Call SensorsFocusAPI.startWithConfigOptions (this, new SFConfigOptions ("pop-up server address")) after agreeing to the privacy terms; Initialize the SDK, and then the main thread initializes the SDK in the onCreate() method of Application
//The main thread initializes the SDK in the onCreate() method of Application If (agree to the privacy clause){ //Initialize SDK SensorsFocusAPI. startWithConfigOptions (this, new SFConfigOptions ("pop-up server address")); }
JAVA
//Initialize SDK after agreeing to privacy terms in activity If (does not agree to the privacy clause){ //Privacy protocol pop-up related logic If (agree to the privacy clause){ SensorsFocusAPI. startWithConfigOptions (this, new SFConfigOptions ("pop-up server address")); } }
JAVA
- Delayed initialization only supports the incoming context as Activity
- Disable initialization in onDestroy
3.1.1.2. IOS Compliance Steps
The customer ensures that the user initializes the i OS SDK。
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { // Override point for customization after application launch. //Judge whether to open the app for the first time, if it is the code related to entering the privacy agreement If (<# Open the app for the first time | | Not the first time to open the app but have not agreed to the user agreement #>){ //Privacy protocol pop-up related logic If (<# Agree to the User Agreement #>){ //Initialize SDK SAConfigOptions *options = [[SAConfigOptions alloc] initWithServerURL:SA_SERVER_URL launchOptions:launchOptions]; options.autoTrackEventType = SensorsAnalyticsEventTypeAppStart | SensorsAnalyticsEventTypeAppEnd | SensorsAnalyticsEventTypeAppClick | SensorsAnalyticsEventTypeAppViewScreen; [SensorsAnalyticsSDK startWithConfigOptions:options]; } }else{ //Initialize SDK SAConfigOptions *options = [[SAConfigOptions alloc] initWithServerURL:SA_SERVER_URL launchOptions:launchOptions]; options.autoTrackEventType = SensorsAnalyticsEventTypeAppStart | SensorsAnalyticsEventTypeAppEnd | SensorsAnalyticsEventTypeAppClick | SensorsAnalyticsEventTypeAppViewScreen; [SensorsAnalyticsSDK startWithConfigOptions:options]; } ... return YES; }
CODE
If some buttons (such as the secure keyboard for entering the user password) contain privacy information, the iOS full burial point provides the collection of click events that can be ignored by the API:
button.sensorsAnalyticesIgnoreView = YES;
CODE
3.1.1.3. Web JS SDK Compliance Steps
Web JS SDK in v1.21.1 Version and above provide a way to delay initialization to meet compliance 。 customer stay his After the user agrees to the Privacy Policy, initialize S DK conduct Data collection. Refer to the following steps for details:
<script> window.sensors_data_pre_config = { is_compliance_enabled: true } </script> <script charset='UTF-8 'src="Download a new version of sensorsdata.min.js at github"></script> If (agree to the privacy clause){ sensors.init({ server_url: ' http://test-syg.datasink.sensorsdata.cn/sa?token=xxxxx&project=xxxxxx ', Is_track_single_page: true,//Single page configuration, enabled by default. If there is an anchor design in the page, you need to delete the configuration, otherwise triggering the anchor will trigger more $pageview events use_client_time:true, send_type:'beacon', heatmap: { //Whether or not to enable the click map. Default means enabled. $WebClick events are automatically collected. You can set 'not_collect' to disable. clickmap:'default', //Whether to enable touchmap, not_collect indicates that it is off, and $Webstay events will not be automatically collected. You can set 'default' to indicate that it is on. scroll_notice_map:'not_collect' } }); sensors.quick('autoTrack'); }
CODE
- Set the window global variable sensors_data_pre_config before loading the Web JS SDK.
- Compliance does not support the use of callback functions in the Web JS SDK API.
- Compliance does not support importing the Web JS SDK by asynchronous loading.
3.1.1.4. WeChat applet SDK compliance steps
WeChat applet The SDK can first call sensors. disableSDK() to disable data collection.
After agreeing to the privacy policy, use sensors. enableSDK() to enable data collection.
import sensors from '../sensorsdata.esm.js'; sensors.init(...) sensors.disableSDK(); If (agree to the privacy policy){ sensors.enableSDK(); }
CODE
3.1.1.5. React Native Compliance Steps
React Native Module v2.2.5 Versions and above provide delayed initialization to meet compliance 。 customer stay his After the user agrees to the Privacy Policy, initialize S DK conduct Data collection. Refer to the following steps for details:
//Program Portal Initialization SDK import sensors, {SAAutoTrackType} from 'sensorsdata-analytics-react-native' If (does not agree to the privacy clause){ //Privacy protocol pop-up related logic If (<# Agree to the User Agreement #>){ //Initialize SDK sensors.init({ Server_url: 'Data receiving address', auto_track:SAAutoTrackType. START|SAAutoTrackType.END|SAAutoTrackType.CLICK|SAAutoTrackType.VIEW_SCREEN }) } else { //Initialize SDK sensors.init({ Server_url: 'Data receiving address', auto_track:SAAutoTrackType. START|SAAutoTrackType.END|SAAutoTrackType.CLICK|SAAutoTrackType.VIEW_SCREEN }) }
CODE
3.1.2. SDK local data encryption
3.1.2.1. Android SDK compliance steps
Version requirements
Android SDK v6.2.0 Version and above
The Android SDK provides encryption of the contents in the cache, which needs to be manually enabled. If there are requirements for the encryption method, Shence default encryption can not meet the requirements, and you can implement custom encryption. You can consult the SDK students on duty for custom encryption methods.
Use default encryption
The Android SDK implements encryption by default. AES encryption is used, and AES 128 is offset by 16 bits. Encryption can be enabled by pressing the following code:
SAConfigOptions configOptions=new SAConfigOptions ("data receiving address"); //Register the MuPlugin plug-in configOptions.registerStorePlugin(new SAEncryptStorePlugin(this)); SensorsDataAPI.startWithConfigOptions(this, configOptions);
JAVA
Once compliant encryption or custom encryption is implemented, Encrypted data cannot be recovered to unencrypted data
3.1.2.2. IOS SDK compliance steps
Version requirements
iOS SDK v4.2.0 Version and above
The iOS SDK provides encryption of the contents in the cache, which needs to be manually enabled. If there are requirements for the encryption method, Shence default encryption can not meet the requirements, and you can implement custom encryption. You can consult the SDK students on duty for custom encryption methods.
Use default encryption
Encryption is implemented by default in the iOS SDK. AES 128 is offset by 16 bits using the AES encryption method. Encryption can be enabled by pressing the following code:
SAConfigOptions * options=[[SAConfigOptions alloc] initWithServerURL:<# data receiving address #>launchOptions: launchOptions]; //Register encryption plug-in SAAESStorePlugin *plugin = [[SAAESStorePlugin alloc] init]; [options registerStorePlugin:plugin]; [SensorsAnalyticsSDK startWithConfigOptions:options];
CODE
Let options=SAConfigOptions. init (serverURL:<# data receiving address #>, launchOptions: launchOptions) //Register encryption plug-in let plugin = SAAESStorePlugin() options.register(plugin) SensorsAnalyticsSDK.start(configOptions: options)
CODE
Once compliant encryption or custom encryption is implemented, Encrypted data cannot be recovered to unencrypted data
3.1.2.3. Web JS SDK Compliance Steps
Currently, cookies saved by the Web JS SDK contain user information and attribute information set by register, which can be deeply encrypted to ensure security
When using the encryption function, you must ensure that the SDK of all pages is the latest version; Otherwise, if some pages use the function of encrypting cookies, then cookies are encrypted. Once individual pages use the old version of the SDK without the decryption function, cookies will not be parsed, resulting in new users and users cannot be unified
Function configuration
<script charset="UTF-8"> var sensors = window["sensorsDataAnalytic201505"]; //Initialize SDK sensors.init({ Server_url: "Data receiving address", //Enable cookie encryption configuration, default is false encrypt_cookie: true }); sensors.quick("autoTrack"); </script>
JS
3.1.2.4. Applet SDK compliance steps
At present, the information stored in the storage by the SDK includes user information and attribute information set by register. The data in the storage can be deeply encrypted to ensure security
Version requirements
- WeChat applet SDK v1.14.9 And above
Function configuration
// app.js var sensors = require('sensorsdata.min.js'); sensors.setPara({ name: 'sensors', Server_url: 'Data receiving address', Encrypt_storage: true//Whether to enable local encrypted storage });
JS
3.1.3. App Store Privacy Guidelines
Please refer to: https://manual.sensorsdata.cn/sa/latest/tech_sdk_client_app_store_compliance-41845311.html
3.1.4. Android SDK Configuration Item
3.1.4.1. Forbid getting Android ID
Call SensorsDataUtils.enableAndroidId (boolean enab Led) interface is used to control the opening and closing of Android ID acquisition. True indicates that it can be collected. False indicates that it cannot be collected.
//Close collecting Android IDs SensorsDataUtils.enableAndroidId(false);
CODE
3.1.4.2. Prohibit obtaining OAID
Call SensorsDataUtils. enableOAID (boolean enabled) The interface is used to control the opening and closing of OAID collection. True indicates that it can be collected. False indicates that it cannot be collected.
//Close OAID collection SensorsDataUtils.enableOAID(false);
CODE
3.1.4.3. Mac address, IMEI number, MEID number, operator information, IMSI information
The business logic processing of obtaining Mac address, IMEI number, MEID number, operator information and IMSI information has been deleted in Android SDK v6.8.0 and above, that is, the SDK does not involve the reading and use of the above identifiers.
3.1.4.4. Turn off the screen direction sensor
After initializing the SDK, you can actively turn on/off screen direction acquisition.
//Turn off screen direction acquisition and direction sensor SensorsDataAPI.sharedInstance().enableTrackScreenOrientation(false)
CODE
3.2. Description of Shence Information Desensitization
3.2.1. Encrypt the specified display information
In Shence software products, display information can be configured according to roles, and corresponding encryption user attributes and encryption event attributes can be configured for each role. It can effectively desensitize important information without affecting the analysis.
Configuration reference document link: https://manual.sensorsdata.cn/sa/latest/guide_role-41844972.html#id -. Members and roles v2.3 - Specify encrypted information
3.3. Safety instructions for Shence destruction
3.3.1. Support the EU General Data Protection Regulation (GDPR), can Delete underlying user data
- Scheme 1: Use the sa_clean data cleaning tool to delete
Configuration reference document link: https://manual.sensorsdata.cn/sa/latest/tech_assist_delete-22255166.html#id -. sa_clean Data Cleanup Tool Instructions v1.17 - supports GDPR EU standards and deletes underlying user data (currently only supports stand-alone and cloud versions)
four Shence SDK Attribute Collection Compliance Description
4.1. Shence SDK Product Permission Description
4.1.1. Android SDK Product Permission Description
by ensure Support customers Normal expansion of data collection , A ndroid SDK The following system permissions are required :
jurisdiction | purpose | Must | remarks |
|---|
INTERNET | Allow app to send statistics | The permission is required. The SDK needs this permission to send the buried point data |
|
ACCESS_NETWORK_STATE | Allow app to detect network status | You must have permission. The SDK will choose whether to send data according to the network status |
|
READ_PHONE_STATE | Allow applications to acquire device IMEI, MEID and Android 11 and above system versions to acquire network types | Optional permission, which will be used when promoting and collecting the $carrier attribute in the App | Android v6.8.0 and above Shence SDK is only used to obtain network types for Android 11 and above system versions |
ACCESS_WIFI_STATE | Allow application to obtain MAC address | Optional permission, which will be used when promoting in app | Shence SDK for Android v6.8.0 and above does not need to be authorized to open this permission. The permission statement has been deleted |
Although Shence Android SDK requires the above system permissions
- The Android SDK will not apply for permissions other than the above permissions. If it is detected that an SDK with the same name as the Shence SDK has permissions other than the above permissions, please timely Contact Shence staff and Shence will work together Together with the customer Troubleshoot to avoid data security accidents.
- The Android SDK will not initiate authorization requests to users. Shence will inform customers when they integrate the SDK that they need the above permissions to ensure the normal operation of the system. Customers need to call them before the SDK is initialized.
Notes on Android ID: use Android SDK When collecting anonymous IDs, considering the accuracy of the collection, Android IDs are usually used Possible Certain compliance risks ; If the customer does not need use Android ID, Please call Disable Android ID interface If you have other questions, please contact Shence staff in time.
Note on OAID: When collecting anonymous IDs using the Android SDK, if the customer has integrated the OAID SDK, considering the accuracy of the collection, OAID may be collected. If you have other questions, please contact Shence staff in time.
4.1.2. IOS SDK Product Permission Description
To ensure the normal development of customer data collection, iOS The SDK requires the following system permissions:
jurisdiction | purpose | Must |
|---|
Network (special for national service) | Allow app to send data | The permission is required. The SDK needs this permission to send the buried point data |
location | Allow app to get GPS data | Optional permission, which is required when the SDK collects GPS data |
| IDFA | Allow app to obtain IDFA | Optional permission, which will be used when promoting in app |
Although it's a masterstroke iOS SDK The above system permissions are required, but:
- The iOS SDK will not apply for permissions beyond the above permissions. If it is detected that an SDK with the same name as the Shence SDK has permissions beyond the above permissions, please contact the Shence staff take Cooperation Together with the customer Troubleshoot to avoid data security accidents.
- Due to the characteristics of iOS system , The iOS SDK may initiate authorization for users, but only for the above permissions.
Note on IDFA: Use i OS SDK When collecting anonymous IDs and Channel matching In consideration of the accuracy of collection, IDFA will be used routinely Possible Certain compliance risks ; If the customer does not need to collect IDFA, please remove the reference to the framework in the project project, and do not import AdSupport related header files in the project 。 If you have other questions, please timely Contact Shence staff.
4.2. SDK collection, data transmission and exception handling strategies
See Android SDK&iOS SDK Security Notes
4.3. Description of general collection of Shence SDK preset attribute data
use SDK When collecting data, The preset attributes involved are as follows:
| category | English variable name | Display Name | data type | whether automatic collection | whether support close | default whether hide | effect (Analysis technology Debug) | Information privacy risk assessment | Risk assessment remarks |
|---|
| Retention Properties | distinct_id | User ID | STRING | yes | no | / | analysis | No risk |
|
| time | time | DATETIME | yes | no | / | analysis | No risk |
|
| Basic preset attribute | $app_state | App status | STRING | yes |
| no | technology | No risk |
|
| $app_id | Application Unique ID | STRING | yes | no | no | analysis | No risk |
|
| $app_name | apply name | STRING | yes | no | no | analysis | No risk |
|
| $app_version | Application version | STRING | yes | no | no | analysis | Low risk |
|
| $is_first_day | First day visit or not | BOOL | yes | no | no | analysis | Low risk | Secondary correction on the server |
| $is_first_time | Whether the event is triggered for the first time | BOOL | yes | yes | no | analysis | Low risk | Secondary correction on the server |
| $timezone_offset | Time zone offset | NUMBER | yes | no | no | analysis | Low risk |
|
| $event_duration | Event duration | NUMBER | yes | yes | no | analysis | Low risk |
|
| $latitude | latitude | NUMBER | no | yes | no | analysis | high-risk |
|
| $longitude | longitude | NUMBER | no | yes | no | analysis | high-risk |
|
| $title | Page Title | STRING | yes | yes | no | analysis | Low risk |
|
| $screen_name | page name | STRING | yes | yes | no | technology | Low risk |
|
| app_crashed_reason | Cause of collapse | STRING | no | yes | no | Debug | No risk |
|
| $url | Page address | STRING | no | no | no | analysis | Low risk |
|
| $url_query | Page Parameters | STRING | yes | yes | no | analysis | Low risk |
|
| $url_path | Page Path | STRING | yes | yes | no | analysis | Low risk |
|
| $referrer | Forward address | STRING | yes | yes | no | analysis | Medium risk |
|
| $referrer_host | Forward domain name | STRING | yes | yes | no | analysis | Medium risk |
|
| $referrer_title | Forward Page Title | STRING | no | yes | no | analysis | No risk |
|
| $user_agent | UserAgent | STRING | no | yes | yes | technology | Medium risk |
|
| $scene | Launch scenario | STRING | yes | yes | no | analysis | Low risk |
|
| $share_depth | Sharing times | NUMBER | yes | yes | no | analysis | Medium risk |
|
| $share_distinct_id | Sharers | STRING | yes | yes | no | analysis | Medium risk |
|
| $share_url_path | Share Path | STRING | yes | yes | no | analysis | Low risk |
|
| $share_method | Ways to share | STRING | yes | yes | no | analysis | Low risk |
|
| $source_package_name | Source application package name | STRING | yes | yes | no | analysis | Medium risk |
|
| $bot_name | Crawler name | STRING | yes | yes | no | analysis | Low risk |
|
| $viewport_height | Viewport height | NUMBER | no | yes | no | analysis | Low risk |
|
| $viewport_position | Position of the viewport from the top | NUMBER | no | yes | no | analysis | Low risk |
|
| $viewport_width | Viewport width | NUMBER | no | yes | no | analysis | Low risk |
|
| $item_join | Item matching mode | - | no | yes | no | technology | No risk |
|
| $receive_time | $receive_time | NUMBER | yes | no | yes | technology | No risk |
|
| $lib_plugin_version | SDK plug-in version number | LIST | yes | no | yes | technology | No risk |
|
| Equipment related | $brand | Equipment brand | STRING | yes | no | no | analysis | Medium risk |
|
| $manufacturer | Equipment manufacturer | STRING | yes | no | no | analysis | Medium risk |
|
| $model | Equipment model | STRING | yes | no | no | analysis | Medium risk |
|
| $os | operating system | STRING | yes | no | no | analysis | Medium risk |
|
| $os_version | Operating system version | STRING | yes | no | no | analysis | Medium risk |
|
| $screen_height | Screen height | NUMBER | yes | no | no | analysis | Low risk |
|
| $screen_width | Screen width | NUMBER | yes | no | no | analysis | Low risk |
|
| $wifi | WIFI or not | BOOL | yes | no | no | analysis | Low risk |
|
| $carrier | Operator | STRING | yes | no | no | analysis | Medium risk | Android SDK v6.8.0 and above are not collected |
| $network_type | Network type | STRING | yes | no | no | analysis | Low risk |
|
| $device_id | Device ID | STRING | no | no | no | analysis | high-risk |
|
| $screen_orientation | Screen orientation | STRING | no | no | no | analysis | Low risk |
|
| Browser related | $browser | browser | STRING | yes | no | no | analysis | Medium risk |
|
| $browser_version | Browser version | STRING | yes | no | no | analysis | Medium risk |
|
| Click Event Related | $element_id | Element ID | STRING | yes | yes | no | technology | Low risk |
|
| $element_name | Element Name | STRING | yes | yes | no | technology | Low risk |
|
| $element_type | Element Type | STRING | yes | yes | no | technology | Low risk |
|
| $element_content | Element Content | STRING | yes | yes | no | analysis | Low risk |
|
| $element_position | Element position | STRING | yes | yes | no | technology | Low risk |
|
| $element_selector | element selector | STRING | no | yes | no | technology | Low risk |
|
| $element_target_url | Element Link Address | STRING | yes | yes | no | technology | Low risk |
|
| $element_class_name | Element Style Name | STRING | yes | yes | no | technology | Low risk |
|
| Latest related properties | $latest_referrer | Last offsite address | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_referrer_host | Last external domain name | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_search_keyword | Last search engine keyword | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_traffic_source_type | Last flow source type | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_landing_page | Last landing page | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_utm_campaign | Name of the latest advertising series | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_utm_content | Content of the latest advertising series | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_utm_medium | The latest advertising series media | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_utm_source | Source of the latest advertising series | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_utm_term | Words of the latest advertising series | STRING | yes | yes | no | analysis | Medium risk |
|
| $latest_scene | Last startup scenario | STRING | yes | yes | no | analysis | Low risk |
|
| $latest_share_method | Path of last sharing | STRING | yes | yes | no | analysis | Low risk |
|
| SDK related | $lib | SDK Type | STRING | yes | no | no | Debug | No risk |
|
| $lib_version | SDK version | STRING | yes | no | yes | Debug | No risk |
|
| $lib_method | Burial method | STRING | yes | no | yes | Debug | No risk |
|
| $lib_detail | Embedded point details | STRING | yes | yes | yes | Debug | No risk |
|
| Channel related | $ios_install_source | Device fingerprint information required for App channel matching | STRING | no | yes | / | technology | high-risk | Attribute not received The server deletes the attribute after channel matching |
| $channel_device_info | Device fingerprint information required for App channel matching (different from the above event variable name) | STRING | no | yes | / | technology | high-risk | Attribute not received The server deletes the attribute after channel matching |
| $ios_install_disable_callback | Whether to do not track and callback | BOOL | no | yes | no | technology | Low risk |
|
| $is_channel_callback_event | Whether to conduct channel matching callback | BOOL | no | yes | yes | technology | Low risk |
|
| $channel_extra_information | Channel Additional Information | STRING | no | yes | yes | technology | high-risk |
|
| $utm_matching_type | Channel tracking matching mode | STRING | no | yes | no | technology | Low risk |
|
| $utm_source | Source of advertising series | STRING | no | yes | no | analysis | Medium risk |
|
| $utm_medium | Advertising series media | STRING | no | yes | no | analysis | Medium risk |
|
| $utm_term | Advertising series words | STRING | no | yes | no | analysis | Medium risk |
|
| $utm_content | Advertising series content | STRING | no | yes | no | analysis | Medium risk |
|
| $utm_campaign | Advertising series name | STRING | no | yes | no | analysis | Medium risk |
|
| $matched_key | Channel matching keywords | STRING | no | yes | no | technology | high-risk |
|
| $matching_key_list | Channel matching keyword list | STRING | no | yes | yes | technology | high-risk |
|
| $short_url_key | Short chain key | STRING | no | yes | no | technology | Low risk |
|
| $short_url_target | Short link target address | STRING | no | yes | no | technology | Low risk |
|
| $channel_active_period_day | Effective activation window (days) | NUMBER | yes | no | no | analysis | No risk |
|
| $channel_callback_period_day | Depth return attribution window period (days) | NUMBER | yes | no | no | analysis | No risk |
|
| $channel_attribute_period_hour | Activate attribution window (hours) | NUMBER | yes | no | no | analysis | No risk |
|
| $channel_name | Channel name | STRING | yes | no | no | analysis | No risk |
|
| $channel_account_id | Channel advertiser ID | STRING | yes | no | yes | analysis | No risk |
|
| $channel_campaign_id | Channel advertising plan ID | STRING | yes | no | yes | analysis | No risk |
|
| $channel_adgroup_id | Channel advertising group ID | STRING | yes | no | yes | analysis | No risk |
|
| $channel_ad_id | Channel advertising creativity ID | STRING | yes | no | yes | analysis | No risk |
|
| $ channel_ click_id | Channel monitoring click ID | STRING | yes | no | no | analysis | No risk |
|
| $first_channel_name | First channel name | STRING | yes | no | no | analysis | No risk |
|
| $first_channel_account_id | First time channel advertiser ID | STRING | yes | no | yes | analysis | No risk |
|
| $first_channel_campaign_id | First channel advertising plan ID | STRING | yes | no | yes | analysis | No risk |
|
| $first_channel_adgroup_id | First channel advertising group ID | STRING | yes | no | yes | analysis | No risk |
|
| $first_channel_ad_id | First channel advertising creative ID | STRING | yes | no | yes | analysis | No risk |
|
| $first_channel_click_id | First channel monitoring click ID | STRING | yes | no | no | analysis | No risk |
|
| $channel_active_result | Channel effective activation mark | BOOL | yes | no | no | analysis | No risk |
|
| IP related | $ip | IP | STRING | yes | no | no | technology | No risk | √ (Nginx analysis) |
| $city | city | STRING | yes | no | no | analysis | No risk | √ (Resolved according to IP) |
| $province | province | STRING | yes | no | no | analysis | No risk | √ (Resolved according to IP) |
| $country | country | STRING | yes | no | no | analysis | No risk | √ (Resolved according to IP) |
| $ip_isp | IP operator | STRING | yes | no | no | analysis | No risk | √ (Resolved according to IP) |
| User association related | $is_login_id | Login ID or not | BOOL | yes | no | yes | technology | Low risk | √ (added when the event is warehoused) |
| $track_signup_original_id | Associate Original ID | STRING | yes | no | no | technology | No risk |
|
Item related preset attributes
| $is_valid | Whether it is prohibited | BOOL |
|
|
|
|
| √ |
| $receive_time | arrival time | NUMBER |
|
|
|
|
| √ |
| $update_time | Update time | DATETIME |
|
|
|
|
| √ |
- All preset attributes involve more than 100 types. The table above lists the preset attributes of conventional acquisition. If you need to view the full number of preset attributes, please contact the support personnel of Shence.
- At the same time, Shence SDK provides a variety of interfaces for calling, to meet the customer's need to close the collection of specific attributes. If you need to avoid the risks brought by $ios_install_source, you can choose the following methods:
- Method 1: Avoid using the channel tracking function, and do not call "activation event" and "channel information event".
- Method 2: Upgrade to Android SDK v6.8.0 and above, and IMEI number, MAC address, and MEID number identifiers are no longer used;
if need More details , Please contact Shence staff.
4.4. Description of Information Privacy Risk Assessment Grading Standards
come from: National standard GB/T 35273-2020 Information Security Technology Personal Information Security Specification (hereinafter referred to as the "Specification")
As mentioned in the above specifications“ personal information ”, It refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person independently or in combination with other information, such as name, date of birth, ID card number, personal biometric information, address, communication contact information, communication records and contents, account passwords, property information, credit information Track, accommodation information, health and physiological information, transaction information, etc.
Determine whether a certain item of information belongs to personal information, The following two aspects can be referred to: The first is identification, that is, from information to individuals, specific natural persons are identified by the particularity of information itself. Personal information should help identify specific individuals. The second is association, that is, from individual to information. If a specific natural person is known, the information generated by the specific natural person in its activities (such as personal location information, personal call records, personal browsing records, etc.) is personal information. Information that meets one of the above two conditions shall be judged as personal information.
Table A.1 Examples of personal information.
Personal sensitive information refers to personal information that, once disclosed, illegally provided or abused, may endanger personal and property safety, and may easily lead to damage to personal reputation, physical and mental health or discriminatory treatment. Generally, the personal information of children under 14 years of age and information involving the privacy of natural persons are personal sensitive information. Whether it belongs to personal sensitive information can be determined from the following perspectives :
leakage : Once personal information is disclosed, it will cause the personal information subject and the organizations and institutions that collect and use personal information to lose the ability to control personal information, resulting in uncontrollable scope and use of personal information diffusion. After the disclosure of some personal information, it is directly used against the will of the personal information subject or is associated with other information for analysis, which may bring significant risks to the rights and interests of the personal information subject, and should be judged as personal sensitive information. For example, the ID copy of the personal information subject is used by others for real name registration of mobile phone number cards, bank account opening and card handling.
Illegal provision : Some personal information can bring significant risks to the rights and interests of the personal information subject only because it spreads outside the scope of authorization and consent of the personal information subject, and should be judged as personal sensitive information. For example, sexual orientation, deposit information, infectious disease history, etc.
abuse : Some personal information may bring significant risks to the rights and interests of the personal information subject when it is used beyond the reasonable limit of authorization (such as changing the purpose of processing, expanding the scope of processing, etc.), and should be judged as personal sensitive information. For example, when not authorized by the personal information subject, health information is used for insurance company marketing and determining the level of individual premium.
Table B.1 Examples of personal sensitive information.
4.5. Custom Attribute Collection Disclaimer
Information related to business or end user's own data needs customers Of Developers bury code points (manually write data collection code) To collect , SDK will not actively collect.
customer Data source shall be guaranteed Of Legal compliance, or authorization from interested parties and end users after Can collect custom attribute data through Shence software products 。
five Shence Compliance Self inspection Instructions
5.1. Shence SDK Compliance Description
Divine plan The data type collected by the SDK is only "Device ID" , Mainly used for analysis 。 Customers need to collect Other types of data , Need customers according to business demand And select the Shence SDK function to be opened:
Call login: interface: continue to select "User ID"
Open the full burial point: continue to select "product interaction"
Enable crash collection: continue to select "crash data"
- Open longitude and latitude collection: continue to select "accurate position"
In addition, customer Can be based on his Timely update the privacy policy for business adjustment.
Shence meets the data related laws and regulations of many countries
According to the self inspection, Shence software products meet the requirements of the Basic Specification for Information Security Technology Mobile Internet Application (App) Collection of Personal Information (Draft), and also comply with the EU General Data Protection Regulations( GDPR )And the California Consumer Privacy Act (CCPA). For the above standards, Shence SDK provides the following functions:
- Start data collection after initialization
- Turn off/on data collection for the current App
- Prohibit collection of specific attributes
- Prohibit the collection of specific burial points
- Prohibit the collection of specific attributes under specific burial points
- Identification ID of the current user, used to export data
- The ability to delete specific user data
- Function of deleting data based on interface/tool
5.1.1. Self inspection results based on the Network Security Law of the People's Republic of China
According to the self inspection, the Shence software products (including SDKs) provided by Shence to customers do not violate the mandatory provisions of the Network Security Law.
5.1.2. Self inspection results based on the Personal Information Protection Law of the People's Republic of China
According to the self inspection, Shence software products (including SDK) provided by Shence to customers do not violate the mandatory provisions of the Personal Information Protection Law.
5.1.3. Self inspection results based on the Data Security Law of the People's Republic of China
According to the self inspection, the Shence software products (including SDKs) provided by Shence to customers do not violate the mandatory provisions of the Data Security Law.
six Shence Qualification Certification Description
6.1. Information security management certification
Shence has passed the information security management system certification ISO 27001
Shence has passed the privacy information management system ISO 27701
Shence has passed the quality management system certification ISO 9001
Shence has passed CMMI 3 certification
Shence Analysis Cloud, Shence Marketing Cloud and Shence Advertising Cloud have passed the three-level filing and evaluation of network security level protection
6.2. Industry qualification
Shence actively practices data compliance and participates in numerous compliance activities in the industry.
In 2020 (the 6th) China Internet Rule of Law Conference, 46 enterprises/institutions and research institutions including Shence, Alibaba, Byte Beat, Huawei, Baidu and Xiaomi were approved to join the work organization related to information security protection of mobile Internet users.
On November 27, 2020, the National APP Personal Information Protection Supervision Committee organized by the Ministry of Industry and Information Technology issued 10 standards in the Evaluation Specification for the Protection of the Rights and Interests of APP Users and 8 standards in the Minimum Necessary Evaluation Specification for the Collection and Use of Personal Information by APP. As a member of the Internet Association, Sang Wenfeng, founder and CEO of Shence, read out the Commitment Letter on the Protection and Disclosure of Personal Information by APP, The letter of commitment is as follows:
6.3.
6.4. Safety audit report
Shence Android SDK Source Code Security Audit Report
Shence iOS SDK Source Code Security Audit Report
Shence JS SDK Source Code Security Audit Report
Shence WeChat applet source code security audit report
Shence Privacy Policy
Customers can contact Shence Customer Success/Project Manager to obtain the above safety audit report
seven Noun exegesis
1.SDK ( Software Development Kit, Hereinafter referred to as SDK )It refers to the software development kit. The SDK provided by Shence includes but is not limited to the Android SDK iOS SDK、Web JS SDK 、 Applet SDK, Games SDK, C SDK, C # SDK, Java SDK, etc. Preset attributes refer to attribute information collected by the SDK in general.
