Privacy

Customers (“Customer(s)”, “you,” or “your”), as app developers and/or publishers, shall ensure compliance with applicable data privacy laws and regulatory guidelines while using Contentsquare SDK for your app.

This section explains the data processing involved in the use of Contentsquare SDK and provides information to help you comply with data protection laws, including the GDPR, e-privacy directive, and the French Data Protection authority (CNIL) guidelines on mobile applications ↗. This section is for informational purposes only and is not legal advice. If you are not sure of how to comply with data protection laws that apply to you, refer to legal counsel.

To learn about Contentsquare privacy practices, see our Privacy Center ↗ and Privacy Policy ↗.

The Contentsquare SDK is designed to collect personal data from end-users interacting with your app to analyze their digital behavior, visualize their journey, and improve digital user experience and your app performance.

By default, the SDK processes the following categories of personal data:

• Online identifier: Contentsquare user ID
• Behavioral data: touch gestures (taps, swipes), user journey (pages visited), time of engagement, transactions, and so on.
• Technical data: device information (such as operating system, resolution, time zone, or language), API error messages and crashes

Additional types of personal data may be processed (such as username, email address, customer ID, account number), depending on your configuration of the SDK and the applicable order form you signed with Contentsquare.

The SDK generates a randomized hash unique user ID (UUID) that is specific to each end-user on a given device. Contentsquare cannot identify an end-user across devices with this UUID. This UUID is not persisted when the app is deleted and re-installed. The SDK generates a new UUID after install or re-install.

Contentsquare provides the ability to search for session(s) associated with a specific visitor, based on an identifier provided by the customer. See User identifier feature for more information.

Contentsquare does not use App Set ID.

By default, end-users personal data are kept for 13 months. The retention of end-users personal data collected via the Session Replay is customizable by customers, from 3 to 24 months.

End-users personal data are stored in Europe or in the US, depending on your location. For more details on applicable hosting locations, refer to our subprocessors list ↗.

The Contentsquare SDK collects end-user’s personal data on your app. As a data controller, app developers, or app publishers, it is your responsibility to provide appropriate information to your end-users on how their personal data is handled when using the CSQ SDK, for example via a privacy policy or cookie banner.

Contentsquare provides a sample description of the services ↗ (including Experience Analytics and Product Analytics) to help customers meet their transparency obligations. This description is for information only and is not legal advice.

Contentsquare collects usage data on your app. By default, the SDK will consider every new user to be opted-out. To start tracking, the SDK Opt-in API must be called.

You are responsible for handling the UI asking end-users for their consent and allowing them to manage their privacy settings.

Use the following APIs to pass the user decision to the Contentsquare SDK.

Use the Opt-in API to get user consent. Calling this API will generate a user ID and initiate tracking.

CSQ.start(context)
// ...
val optinButton: Button = ...
optinButton.setOnClickListener {
    CSQ.optIn(it.context)
    // Then finish initialization and move to the next screen...
}

CSQ.start(context);
// ...
Button optinButton = ...
optinButton.setOnClickListener(view -> {
    CSQ.optIn(view.getContext());
    // Then finish initialization and move to the next screen...
});

When this API is called, tracking stops immediately, all settings are reset (Session number, Page number, and so on) and all files and directory including personal data collected via the SDK created by Contentsquare are deleted. This means that the user ID is deleted. The SDK will never track and collect any data from the user’s phone unless the Opt-in API is called again.

import com.contentsquare.CSQ

// To opt-out of CSQ Tracking
CSQ.optOut()

import com.contentsquare.CSQ;

// To opt-out of CSQ Tracking
CSQ.optOut();

Since Contentsquare SDK does not collect by default any directly identifiable personal data about your end-user, we cannot help you respond to an end-user’s data subject request without their Contentsquare User ID.

Use this API to get the Contentsquare User ID of your end-user and forward the end-user’s data subject request (such as data deletion or data access request) via Contentsquare’s portal ↗.

import com.contentsquare.CSQ

// Get CSQ User ID
val userId = CSQ.metadata.userId

import com.contentsquare.CSQ;

// Get CSQ User ID
String userId = CSQ.metadata.getUserId();

Use pause and resume tracking APIs to completely pause data collection of your end-users on your app. When pause is called, the Contentsquare SDK pauses all tracking (Analytics, Session Replay, Errors) of your end-users. When resume is called, the Contentsquare SDK resumes all tracking (Analytics, Session Replay, Errors) and starts collecting your end-users personal data again with the same Contentsquare user ID.

import com.contentsquare.CSQ

// Pause tracking
CSQ.pauseTracking()

// Resume tracking
CSQ.resumeTracking()

import com.contentsquare.CSQ;

// Pause tracking
CSQ.pauseTracking();

// Resume tracking
CSQ.resumeTracking();

End-users’ personal data, including behavioral data (such as taps, scrolls, swipes) are collected automatically by the Contentsquare SDK. In specific cases, you might want to stop the tracking of individual Views. To do so, use the following API:

CSQ.ignoreInteractions(view)

CSQ.ignoreInteractions(view);

In case you still need to track these Activities or Views but the automatic gesture tracking does not work, we offer the possibility to do this manually by capturing and sending the gesture events via our public API method:

class MainActivity : AppCompatActivity() {

    // ...

    override fun dispatchTouchEvent(motionEvent: MotionEvent): Boolean {
        CSQ.trackMotionEvent(motionEvent)
        return super.dispatchTouchEvent(motionEvent)
    }

}

public class MainActivity extends AppCompatActivity {

     // ...

    @Override
    public boolean dispatchTouchEvent(MotionEvent motionEvent) {
        CSQ.trackMotionEvent(motionEvent);
        return super.dispatchTouchEvent(motionEvent);
    }
}

If you don’t want to link the different sessions of a user to the same userID, reset the userID at each app start:

class MyApplication : Application() {
    override fun onCreate() {
        super.onCreate()

        // Start Contentsquare SDK
        CSQ.start(this)
        CSQ.optOut()
        CSQ.optIn(this)
    }
}

public class MyApplication extends Application {
    @Override
    public void onCreate() {
        super.onCreate();

        // Start Contentsquare SDK
        CSQ.start(this);
        CSQ.optOut();
        CSQ.optIn(this);
    }
}

Starting the SDK manually using start() will ensure that opt-out is called right after the start of the SDK (no event tracked in between).

Calling optOut() will delete the previous userID.

Calling optIn() will set a new one.

As part of Session Replay, Contentsquare provides masking mechanisms to prevent unwanted end-user’s personal data from the Session Replay module from being transmitted to Contentsquare. See Session Replay Personal data masking for more information.

The Contentsquare SDK requires technical permissions to operate properly.

Some of these permissions involve read and write operations within the meaning of the e-privacy directive and article 82 of the French Data Protection Act, which may require the end-user’s specific consent.

See App permissions for more information.

As customer app developers, it is your responsibility to comply with the Play Store Privacy guidelines ↗.