With an increased focus on consumer privacy, a common question we get is what kind of data is collected in the Larky nudge® platform and how is it used? Our guiding principle is that Larky only requests the minimum data required to provide our service and never sells or shares this data with 3rd parties.
User Identity
The nudge® code library is initialized within a mobile banking app before the account holder has authenticated into the app. Thus, the nudge® platform does not track any specific piece of data that can be directly tied to a user’s identity.
In our guide on the Apple App Store Privacy Details Declaration, we do reference an internal User Id field used only in our back-end code which cannot be correlated to a specific account holder’s identity. Similarly, in our FAQ covering Apple's AppTrackingTransparency framework we make it clear that the nudge® platform does not implement that Apple tracking mechanism.
Coming Soon: Federation
Based on customer demand, we are currently in the process of implementing Federation between the authenticated user’s identity within the mobile banking app and our campaign and analytics engines with some partners. Partners and clients who choose to implement this capability enable enhanced message targeting, enabling FI clients to more directly engage with their account holders.
When implementing Federation, we work closely with the appropriate security and compliance professionals at both the partner and FI client to ensure the strictest controls are implemented to protect the identity of account holders. Federation data will only be used for the purpose of providing targeted messaging and enhanced analytics, and will never be sold or shared with third-parties.
Messaging Tokens
In order to deliver push notifications through the mobile banking app, the Larky nudge® platform does maintain a record of messaging tokens issued by either the Apple Push Notification service or Firebase Cloud Messaging. Those tokens are associated with the device from which the application was registered in the relevant messaging system. Messaging tokens themselves are not identifiable to an individual.
Location Data
For nudge® platform implementations that utilize Larky’s location-aware messaging segmentation, certain aspects of device location are collected for purposes of determining if a given notification should be sent. This processing takes place on Larky’s secure back-end platform, hosted in AWS. At no time does any aspect of the user’s identity get tied to device location data.
Location data is only collected with the end-user’s consent, through standard OS-level privacy controls. If access to location data is granted by the end-user, the Larky nudge® code library bundled into the mobile banking app listens for location change notifications from the OS. The two different OS platforms trigger location change events under slightly different conditions. This is especially true for different manufacturers on the Android side.
As a general rule, we receive location data only when devices are in motion, and at an accuracy that allows us to trigger notifications within about a 100 meter radius. We do not receive data that would permit tracking a device’s precise location at a specific time.
Device location data itself is used solely for triggering notifications, and is never made available to clients or partners for any reason whatsoever.
Retention of Data
Larky retains data only long enough for the proper operation of the product. This includes historical data for analytics purposes for up to 6 months.
Conclusion
If you have questions about any of this or would like to schedule time to discuss privacy-related concerns, please don't hesitate to reach out to support@larky.com, or click the Submit a request link at the top of the page.
Comments
0 comments
Article is closed for comments.