• Privacy Policy

    Last updated: May 16, 2018

    SafeGraph Inc. (“SafeGraph”) values and respects the privacy of users. This Privacy Policy describes how we collect information about users of mobile applications that provide us information (“users” or “you”), as well as visitors to our website(s), what information we collect, how that information may be used and shared, and what options users have regarding the collection and sharing of their location data.

    Information We Collect and How We Collect It

    We obtain a variety of information (collectively the “Information”) from trusted third-party data partners such as mobile application developers. We collect this Information primarily through APIs, which are interfaces through which these app developers can provide us with information about their users. We sometimes collect the Information through other delivery methods, such as software development kits (“SDKs”) that are embedded directly into mobile apps. We collect the following Information from these apps:

    • Mobile ad identifiers, primarily Apple iOS IDFAs or Google Android IDs;
    • The precise geographic location of a device at a certain time, usually expressed in latitude/longitude coordinates along with a timestamp;
    • The horizontal accuracy of the latitude/longitude coordinates.
    We sometimes also collect:
    • Phone carrier and connection type (e.g., cellular, wifi);
    • The direction in which the device is traveling as a degree coordinate and speed of device;
    • Information about a device such as device type and model and OS type and version;
    • Device language;
    • Public facing (external) IP address of device;
    • Available or connected wifi SSID and/or BSSID names;
    • Altitude and vertical accuracy;
    • Whether device is charging;
    • Bluetooth connected/available devices;
    • Beacon proximity or any beacon metadata.
    As described in the Section titled "Information Collected When You Visit Our Website,” we also collect certain Information when people visit our website(s), including the website on which this Privacy Policy resides.

    How We Use And Share The Information We Collect

    SafeGraph aggregates the Information collected from these mobile apps, i.e., our data partners, and provides the Information to our customers. Our customers – a variety of companies and organizations – in turn use the Information for a variety of commercial and research purposes, including ad targeting (for instance, building models of inferred audience preferences), traffic analysis (for instance, tracking which parts of a city or neighborhood are most busy, at what times), retail site selection (for instance, determining where to open a new restaurant) and market research (for instance, tracking consumer shopping trends based on foot traffic concentration).

    Sometimes the Information is used to build models that connect different devices. For instance, some of our customers may create “cross device” capabilities to enable marketers to target specific sets of users across various channels and devices. SafeGraph also uses the Information to develop derivative products, such as determining whether a certain device visited a certain retail store at a given time.
     

    SafeGraph may also use the Information for our internal and operational purposes, such as to consider or make internal service improvements or quality checking, or for our own sales and marketing purposes, and more generally to operate, maintain and improve the services we offer. We may also use and share the Information for legal, auditing and accounting purposes, such as (a) in good faith compliance with a request from law enforcement or a governmental agency, (b) protect or enforce our rights or those of others, (c) to evaluate or enhance the security or quality of our Information, or (d) to investigate potential wrongdoing. Likewise, in the event of any potential merger or acquisition, any Information we hold (including information collected on our website) will likely be transferred to the successor entity, and shared with others in preparation or anticipation of such an event (e.g., during due diligence).

    How to Opt Out of Information Collection and Interest-Based Advertising

    To avoid having your device’s mobile advertising identifiers (and location data associated with it) used for our services, including for interest-based advertising, you may adjust the settings on your mobile device. For iOS mobile devices, you can do so as follows: go to “Settings” from your device’s home screen; scroll down to “Privacy”; select “Advertising”; and turn on “Limit Ad Tracking.” For Android mobile devices: go to “Google Settings” on your Device; select “Ads”; and check or toggle the setting labeled “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization.” These platform providers may change these options in the future, and the instructions may be slightly different for certain, particularly older, devices. We therefore provide the above purely for informational purposes, but the settings on your device may be slightly different.


    You also can use your device settings to specifically control whether your location data is collected. However, if you do so, certain services that rely on location data to function may be affected.

    Memberships

    SafeGraph is a member of the Network Advertising Initiative (NAI) and adheres to the NAI Code of Conduct as described on the NAI website. NAI is a non-profit organization that is the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising.

  • Information Collected When You Visit Our Website

    We also may collect Information from you when you visit our corporate website (including the website on which this Privacy Policy is posted), such as to express interest in our services or sign up for our newsletters. If you submit personal information to us, such as your name, address, email address, and phone number, we may use this information to market to you – for instance, to send you information about new products and events.


    In addition, when you visit our website, we or third party platforms we work with may automatically collect other information from your desktop computer, laptop, mobile phone, tablet, or other consumer electronic device that you use to access the website. This information may include pseudonymized information, such as a unique browser identifier, technical information about your device (such as the device type, operating system, settings and system configurations, IP address, other unique device identifiers, and mobile network information) and your activity on our website, as well as data about the webpages you access, traffic to and from websites, the dates and times associated with transactions, and web log data. We refer to this as “Site Data.”


    We use this Site Data for our commercial purposes, such as marketing, analytics, research, and improving our websites and services. This Site Data may be correlated with more personal information such as name or email address.
     

    Our Use of Cookies. We (or other companies we work with) may collect or associate Site Data using “cookies.” Cookies are small data files that have unique identifiers and reside, among other places, on your Devices, in emails we send to you, and on the web pages of the SafeGraph website. Among other things, cookies help us improve and personalize your use of the SafeGraph website. We may permit certain third parties to place cookies through the SafeGraph website to provide us with better insights into the use of the SafeGraph website and user demographics and to provide relevant advertising to you. These third parties may collect information about your online activities over time and across different websites when you use the SafeGraph website. For example, we utilize Google Analytics to analyze usage patterns for the SafeGraph website. Google Analytics generates a cookie to capture information about your use of the SafeGraph website that Google uses to compile reports on website activity for us and to provide other related services. Google may use a portion of your IP address to identify its cookie and for its commercial purposes.

     

    Our Use of Web Beacons. Web beacons are electronic images that may be used on the SafeGraph website or in emails we send to you. We use web beacons to deliver cookies, count visits, understand usage and effectiveness of offers, and tell whether you open an email and act upon it.


    By accessing or using the SafeGraph website, you consent to the placement of cookies on your browsers and devices and the use of web beacons as described in this Privacy Policy. You may block, delete, or disable cookies or web beacons to the extent permitted by your browsers, applications, and Devices as described in more detail below. However, if you do so, the performance of certain features of the SafeGraph website may be limited or not to work at all.

    Children's Privacy

    Our products are not intended to collect Information from children under the age of 16. If you believe we have collected Information from a person under the age of 16, please contact us at the below contact information.

    Information Security

    SafeGraph protects Information in our possession against unauthorized access, disclosure, alteration, or destruction. We regularly review our physical security, storage, and processing to ensure compliance with industry best practices. However, as no physical or technological safeguards are 100 percent secure, we do not guarantee the security of any particular elements of data that we hold.

    Information Retention

    Information we collect is retained indefinitely provided that we will comply with the opt-out procedures described in Section 3 above, and will likewise comply with our representations in Section 10 regarding Information collected from devices located in EEA countries (and Switzerland).

    THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

    As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) will be in effect through the EEA countries. The GDPR requires Safegraph and those using our services to provide users with certain information about the processing of their “Personal Data.” “Personal Data” is a term used in Europe that means, generally, data that identifies or can identify a particular unique user or device – for instance, names, addresses, cookie identifiers, mobile device identifiers, precise location data and biometric data.
    To comply with the GDPR (and Swiss data protection laws), we provide the below representations and information, which are specific to persons located in EEA countries or Switzerland (so please don’t rely on the below, if you’re not):
     

    a. Legal grounds for processing your Personal Data
    The GDPR requires us to tell you about the legal basis we’re relying on to process any Personal Data about you. The legal basis for us processing your Personal Data for the purposes set out in Section 2 above (and Section 5 as to our corporate customer and marketing data) will typically be because:


    You provided your consent. In order to provide our services that involve use of precise location information related to or in combination with other Personal Data and the other Information described in Section 1 (and to obtain access to and store information that is kept on your device such as mobile advertising IDs), we rely on your consent. To obtain this consent, we rely on our own compliance steps and our mobile application and platform partners’ compliance steps, designed to ensure that consent is collected and passed on to partners, and to ensure that we only facilitate the collection of legally obtained data. We may choose to obtain consent in other cases as well, in which case we will adhere to applicable laws relating to such consent and its withdrawal.
     

    The processing is in our legitimate interest. In some cases, we use legitimate interest as a legal basis for processing Personal Data. For instance, we rely on legitimate interest when we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed. We also rely on legitimate interest when we use our own customers’ data to communicate with them about our services.


    Contractual Relationships. Sometimes, we process certain data as necessary under a contractual relationship we have (such as our customer records and contact information).


    Legal Obligations. Finally, some processing of data may be necessary for us to comply with our legal or regulatory obligations.

     

    b. Transfers of Personal Data
    As SafeGraph works with global companies and technologies, we may need to transfer your Personal Data outside of the country from which it was originally provided. For instance, we may transfer your data to third parties we work with that may be located in jurisdictions outside the EEA or Switzerland, and that have either few data protection laws or laws that are less strict compared with those in Europe.
     

    When we transfer Personal Data outside of the EEA or Switzerland, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data. Our data transfers of our Personal Data are safeguarded by European Standard Contractual Clauses and Data Processing Agreements where this is required by European data protection laws. You may contact us at the contact information below for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.

     


    c. Personal Data Retention
    As a general matter, we retain your Personal Data for as long as necessary to provide our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. We generally retain mobile advertising IDs and Personal Data for 13 months (in EEA countries and Switzerland) from receipt of consent (including any “refreshed” or updated consent provided) for the purposes set forth in the Section titled “How We Use And Share The Information We Collect” above. We may retain this (and other) Information whenever and so long as we have a legal or significant operational need to do so, such as for auditing, corporate record-keeping, compliance accounting or security and bug-resolution purposes.
    If you are a customer of ours and thus have an account with us, and you have requested that your account be closed or if your account has been inactive for 3 months, we will retain your Personal Data only as long as we have a legitimate reason to retain it for legal, accounting, marketing or auditing purposes.

     

    d. Your Rights as a Data Subject
    The GDPR provides you with certain rights with respect to the Personal Data that data controllers hold about you, including certain rights to access Personal Data, to request correction of the Personal Data, to request to restrict or delete Personal Data, and to object to or withdraw your consent from our processing of your Personal Data (including profiling for online or mobile app-based ad targeting).
    Right to Access: If you wish to exercise your right to access Personal Data we process as a data controller, you can do so by requesting access through the e-mail address [email protected]. When we receive your request, we will provide you with current, step-by-step instructions to follow in order to obtain access. Please note that we are required under applicable European laws to use all reasonable measures to verify the identity of a requester before providing the Personal Data that we process. Because improper disclosure would likely adversely affect the privacy rights and freedoms of the data subject, we may in some cases limit the Personal Data we make available.
    Please note that we will only grant requests for access for Personal Data for which we are a data controller, as explained further in sub-section (e) below. Where we act as a processor for one of our customers, we will refer your request to that customer. Please identify the customer your request refers to (if possible), to simplify this process.


    Right to Correct: If you wish to exercise your right to correct Personal Data, you may do so by contacting us at the contact information below.


    Right to Object to Processing or to Withdraw Consent: By using the device-based “opt-out” signals described in Section 2 of this Privacy Policy, you may withdraw consent for processing on which we rely on consent. If you do so, we will cease processing your Personal Data for purposes of our services within 30 days or less. We either collect these opt-out signals ourselves or receive them from the mobile apps we work with.


    Right to Erasure: You also have the right to obtain the erasure of Personal Data concerning you that we hold as a controller. The above opt-out process satisfies this right. When a user opts-out through our partners (or through mobile device settings), and we receive this signal, we no longer use Personal Data for commercial purposes. We will also manually delete your Personal Data if you prefer that we do so; please contact us at [email protected] for further instructions if you wish to exercise this right manually. Please note, however, that we may retain copies of certain Personal Data on inactive or back-up files, for our own internal and necessary purposes, such as auditing, accounting and billing, legal or bug-detection.


    Right to Lodge Complaints: You have the right to lodge a complaint with a supervisory authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have.


    e. SafeGraph as a data controller and a data processor
    EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process Personal Data on behalf of other organisations (known as “data processors”). As noted above, we are not always a data controller of the data in our possession, but are sometimes a data processor for other companies such as our customers. In such cases, we may direct your inquiry to the relevant data controller, since data controllers are the ones with primary responsibility for your Personal Data.

    Contact Us

    If you have any questions regarding this Privacy Policy, please contact us at [email protected] or by writing to us at:

     

    Attention: Data Privacy Officer

    182 Howard Street, Suite 842

    San Francisco CA 94105

    Changes to Privacy Policy

    If we make material changes to this Privacy Policy that may impact you, we will prominently post notice of the change on our website for a period of at least 30 days prior to the change becoming effective. We recommend that you check the Privacy Policy frequently so that you are informed of any changes.