Privacy

Customers (“Customer(s)”, “you,” or “your”), as app developers and/or publishers, shall ensure compliance with applicable data privacy laws and regulatory guidelines while using Contentsquare SDK for your app.

This section explains the data processing involved in the use of Contentsquare SDK and provides information to help you comply with data protection laws, including the GDPR, e-privacy directive, and the French Data Protection authority (CNIL) guidelines on mobile applications ↗. This section is for informational purposes only and is not legal advice. If you are not sure of how to comply with data protection laws that apply to you, refer to legal counsel.

To learn about Contentsquare privacy practices, see our Privacy Center ↗ and Privacy Policy ↗.

The Contentsquare SDK is designed to collect personal data from end-users interacting with your app to analyze their digital behavior, visualize their journey, and improve digital user experience and your app performance.

By default, the SDK processes the following categories of personal data:

• Online identifier: Contentsquare user ID
• Behavioral data: touch gestures (taps, swipes), user journey (pages visited), time of engagement, transactions, and so on.
• Technical data: device information (such as operating system, resolution, time zone, or language), API error messages and crashes

Additional types of personal data may be processed (such as username, email address, customer ID, account number), depending on your configuration of the SDK and the applicable order form you signed with Contentsquare.

The SDK generates a randomized hash unique user ID (UUID) that is specific to each end-user on a given device. Contentsquare cannot identify an end-user across devices with this UUID. This UUID is not persisted when the app is deleted and re-installed. The SDK generates a new UUID after install or re-install.

Contentsquare does not use App Set ID.

By default, end-users personal data are kept for 13 months. The retention of end-users personal data collected via the Session Replay is customizable by customers, from 3 to 24 months.

End-users personal data are stored in Europe or in the US, depending on your location. For more details on applicable hosting locations, refer to our subprocessors list ↗.

The Contentsquare SDK collects end-user’s personal data on your app. As a data controller, app developers, or app publishers, it is your responsibility to provide appropriate information to your end-users on how their personal data is handled when using the CSQ SDK, for example via a privacy policy or cookie banner.

Contentsquare provides a sample description of the services ↗ (including Experience Analytics and Product Analytics) to help customers meet their transparency obligations. This description is for information only and is not legal advice.

Contentsquare collects usage data on your app. By default, the SDK will consider every new user to be opted-out. To start tracking, the SDK Opt-in API must be called.

You are responsible for handling the UI asking end-users for their consent and allowing them to manage their privacy settings.

Use the following APIs to pass the user decision to the Contentsquare SDK.

Use the Opt-in API to get user consent. Calling this API will generate a user ID and initiate tracking.

import com.contentsquare.android.Contentsquare

// To opt in to CS Tracking
Contentsquare.optIn(context) // non-null Context

When this API is called, tracking stops immediately, all settings are reset (Session number, Page number, and so on) and all files and directory including personal data collected via the SDK created by Contentsquare are deleted. This means that the user ID is deleted. The SDK will never track and collect any data from the user’s phone unless the Opt-in API is called again.

import com.contentsquare.android.Contentsquare

// To opt out of CS Tracking
Contentsquare.optOut(context) // non-null Context

In case Contentsquare receives a request from an individual that identifies as an end-user of your app, Contentsquare will promptly refer such individual directly to you, as the data controller and will support you with any means available to resolve such request.

Contentsquare has launched a portal for managing data subject requests to its customers respond to data subjects within the legal deadlines. Therefore, you can forward any data subject request (such as data deletion or data access request) you receive to Contentsquare via this Data Subject Portal at https://contentsquare.com/privacy-center/data-subject-request-portal/ ↗.

Since Contentsquare SDK does not collect by default any directly identifiable personal data about your end-user, we cannot help you respond to an end-user’s data subject request without their Contentsquare User ID.

Use this API to get the Contentsquare User ID of your end-user and forward the end-user’s data subject request (such as data deletion or data access request) via Contentsquare’s portal ↗.

import com.contentsquare.android.Contentsquare

// Get CS User ID
Contentsquare.getUserId()

Use stop and resume tracking APIs to completely pause data collection of your end-users on your app.

When stop is called, the Contentsquare SDK pauses all tracking (Analytics, Session Replay, Errors) of your end-users.

When resume is called, the Contentsquare SDK resumes all tracking (Analytics, Session Replay, Errors) and starts collecting your end-users personal data again with the same Contentsquare user ID.

import com.contentsquare.android.Contentsquare

// Stop tracking
Contentsquare.stopTracking()

// Resume tracking
Contentsquare.resumeTracking()

End-users’ personal data, including behavioral data (such as taps, scrolls, swipes) are collected automatically by the Contentsquare SDK. In specific cases, you might want to stop this data collection momentarily for some Activities (as defined by Android). To do so, use our public API:

Contentsquare.doNotTrack(@NonNull Class<? extends Activity>... activitiesClasses) // filters the activities according to their classes

In addition, you can stop the collection of end-users’ personal data, including behavioral data (such as taps, scrolls, swipes) on specific UI components using the follwoing public API:

Contentsquare.doNotTrack(@NonNull View view) // filters a single view instance

In case you still need to track these Activities or Views but the automatic gesture tracking does not work, we offer the possibility to do this manually by capturing and sending end-users’ personal data via our public API method:

class MainActivity : AppCompatActivity() {

  ..........

    override fun dispatchTouchEvent(ev: MotionEvent): Boolean {
        Contentsquare.consumeEvent(ev)
        return super.dispatchTouchEvent(ev)
    }
}

Permanently breaking the link between the collected data and actual end-user.

This resets all settings and deletes all files and directories, including personal data collected via the Contentsquare SDK from the end-user’s device (that is Contentsquare User ID and all related personal data is deleted). If the end-user is opted in to be tracked by the Contentsquare SDK, next time the end-user starts the app, the SDK will re-start its collection mechanisms as if this was the first ever run for a new end-user, under a new Contentsquare User ID. Configurations will be fetched from the server and application tracking will be on.

import com.contentsquare.android.Contentsquare

Contentsquare.forgetMe()

If you don’t want to link the different sessions of an end-user to the same Contentsquare User ID, you can follow these instructions to reset the Contentsquare User ID at each app start:

1. Disable SDK auto-start

2. Implement the following:

   class MyApplication : Application() {
       override fun onCreate() {
           super.onCreate()
   
           // Start Contentsquare SDK
           Contentsquare.start(this)
           Contentsquare.optOut(this)
           Contentsquare.optIn(this)
       }
   }

   Starting the SDK manually using start() will ensure that opt-out is called right after the start of the SDK (no event tracked in between).

   Calling optOut() will delete the previous userID.

   Calling optIn() will set a new one.

As part of Session Replay, Contentsquare provides masking mechanisms to prevent unwanted end-user’s personal data from the Session Replay module from being transmitted to Contentsquare. See Session Replay Personal data masking for more information.

The Contentsquare SDK requires technical permissions to operate properly.

Some of these permissions involve read and write operations within the meaning of the e-privacy directive and article 82 of the French Data Protection Act, which may require the end-user’s specific consent.

See App permissions for more information.

As customer app developers, it is your responsibility to comply with the Play Store Privacy guidelines ↗.