SoloSegment collects information for several purposes:
- During the ordering process, we gather information about you so that we can process your order. This information is stored in our fulfillment system. If you use a credit card, we share the minimum amount of information that allows our processor partner to process the transaction. We do not share any other information about the transaction with any other organization or person. If you are a client and want us to update or cancel your subscription based upon the terms of service or your specific contract, you can contact email@example.com
- To enable our marketing programs, including email marketing, we use MailChimp (mailchimp.com) as our content marketing provider. We collect only the information required to enable our content marketing efforts and only gather personal information — things like your name and your email address — that you tell us and that you confirm via a confirmation email. This is called “double opt-in” and ensures that we only use what you decide to share with us. You can update your preferences by clicking the link in any email you receive from us or by going to our sign-up form, reentering your information, and then following the instructions. Our sign-up form is located at http://eepurl.com/c4bcMX
- In order for clients to use our dashboards, clients must log-in at https://client.solosegment.com. We utilize information provided to us by the client, including email addresses, to enable the log-in for their employees. We set cookies and collect other information that is strictly necessary for the functioning of the client dashboards. If you are a client or the employee of a client and want us to update or cancel your log-in you can contact firstname.lastname@example.org
Privacy by Design
The goal of Privacy by Design is to only process and store data that cannot be tied back to a person. To achieve this goal we anonymize any data that could be used to tie back to a person and discard the non-anonymized data. This transformation occurs at the edge of our infrastructure.
In order for the modern internet to work, there are two pieces of data that must be captured when you visit a website — your IP address and an assigned cookie value. Google can tell you why IP addresses and cookies are necessary. There are technologies available that can use one or both of those pieces of information to identify a person. That’s why it seems like advertisements for products you’re interested in seem to follow you around the internet. SoloSegment does not use those technologies. More importantly, SoloSegment does not need to be able to tie back to a person in order for our technology to deliver value for our clients. Therefore, SoloSegment’s goal is to basically “forget” that data immediately so that we don’t store and cannot use any information that could be tied back to a person. How do we do this?
We use data anonymization methods to immediately break the link between the data we originally capture — data that could be tied back to a person — and the data we process and store. Let’s look at the two pieces of information.
When you visit a client’s website and you authorize that client to set cookies, usually through an opt-in but sometimes through an opt-out selection, we set a cookie for tracking purposes during your session on that website. That allows us to “sessionize” your visit so that we know when you perform a search whether or not you’re successful. We also know what pages you look at both before and after that search as well as some information about your interaction with those pages (e.g. what links did you click on, etc.).
Now we don’t really know about “your” session. We know about a session that has a cookie value that is the same as the cookie value stored on your computer. However, that value is unique to your computer and therefore is essentially unique to you (or whoever you let use your computer). We don’t need to know that it’s you so we take measures to change that cookie value (we call that anonymization) so that there’s no way for us to track back that cookie value to the one on your computer. If you want to know more about how we do this, scroll down to The Technical Stuff.
When we receive data from our clients it includes both Cookies values and the IP address of the computer that is interacting with the client’s website. We don’t need the IP address in order to do what we do for our clients. So, we strip out IP addresses from our data before it is processed and stored.
That may seem like the end of the IP address story. However, it’s not that simple.
Because IP address identifies a computer, it is important information to know when doing forensics on a security incident. While all companies are concerned about their security posture, we do business with financial institutions and other large enterprise companies who are especially concerned about security. In order to support our internal audits and the audits of our clients, we do retain IP addresses for 30 days. When the IP address is stripped out of our data we store those IP addresses in a separate encrypted file. This data is automatically deleted on a rolling 30-day basis and our management system verifies those deletions on a regular basis.
If you want to know more about how we do this, scroll down to The Technical Stuff.
The Technical Stuff
For those of you who wish a more technical variant of the anonymization story, here you go.
The objective of this process is: 1) to immediately anonymize the cookie value so it can’t be tied back to a cookie value on the visitor’s machine and 2) replace the original IP address with a placeholder (188.8.131.52) and then store that original IP address in a separate, encrypted file that is only available for security audit purposes. An automated process deletes IP address data on a rolling, 30-day basis. The automated process is supported by periodic manual verifications.
Here’s how it works:
- Log entries (visitor data from our client’s websites) arrive at SoloSegment’s servers. This is referred to as the “Arrival Log”.
- In memory, several things happen:
- The cookie value is hashed using an industry standard cryptographic hash algorithm that creates a one-way hash of the original cookie value. The hashed cookie cannot be reversed to the original cookie value.
- The original IP address is replaced with the value 184.108.40.206
- The new log entry, with the hashed cookie value and replacement IP address, are written in the “Production Log”
- The original IP is written to an encrypted Security and Audit Log.
- A verification process runs to ensure that both log entries have been correctly created.
- All data in the “Arrival Log” and any value stored in memory are purged.