To provide location-based services, Delivr collects, uses, and shares anonymized location data, including the approximate geographic location of devices when campaigns are accessed.
As example, with the scan of a QR code or click of a Short URL, IP-based location data is collected to determine a devices’ approximate location. Further, when activated by the campaign account owner, accepted by the device owner, and available to the device, more precise location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine a devices’ approximate location. This location data is collected anonymously in a form that does not personally identify. The location data is used by Delivr on to provide and improve location-based content and services.
The default method used by Delivr to determine location is IP Address. The IP Address is anonymized prior to database storage.
What happens if the "Device GPS Location" method is activated?
Campaigns can be configured at the campaign account owners discretion to display a prompt that requests permission to determine location through GPS. If permission is granted, location and location accuracy is determined by device GPS. Latitudes and Longitudes are approximate and based on a mix of commercially-licensed and open-source IP Lookup data. If permission is not granted, location is determined by the Default Location Method.
Delivr attempts to report only those visits that originate from “real” people engaging your campaign. Visits generated by computer programs and bots are in many cases identified and removed from your report. In some cases, applications send additional server-based visits that cannot be removed. In other cases, where visits flow though the server of an intermediate service or application, activity will appear clustered around the location of that server.
In order for Delivr to produce reports, we analyze a variety of sources of data, including data from the users who access your campaign links, none of them considered personal data under GDPR - save for IP address. In this scenario, Delivr is considered the data processor on behalf of our customers, who are individual data controllers. In order to report on location, Delivr tracks and stores the IP address of visitors to your campaigns. While an IP address can be considered personal data, we never store full IP addresses. We anonymize IP address as soon as technically feasible by replacing the last octet of your visitor’s IP address with a ‘0’. By stripping the octet from IPs, we eliminate the collection of your campaign visitors' personal data. This occurs before any data storage; the full IP address is never written to the disk.
Notice to EU Users: As no personal data whatsoever is stored in the case of using the default method to determine location, we believe Delivr reports are not subject to GDPR laws. If the optional method of Device GPS Location is activated by you, your reports/data may be subject to GDPR laws. GDPR acknowledges location data’s unique position as identifiable information by making it part of its definition of “personal data” in Article 4 (1). Under GDPR, subjects of personal data are granted extended rights, including a right to access and a right to erasure.
Delivr captures and securely transports the following information related to your campaigns to Delivr’s US-based data center for storage and reporting.
This information allows Delivr to:
Delivr does not fingerprint devices, build profiles of visitors, or accumulate patterns of an individuals activity and geospatial information.
It is against our Terms of Service for customers to create or use URLs that contain any type of personal information. In the case that customers wish to pass personal data through the URL in any way (such as by including it in the domain name, the URL slug or in forwarding parameters) it's the customer's responsibility to notify us as well as their own customers.
Reports are private & secure by default, accessible only to the account owners running the campaign and Delivr under secure login. Account owners / users can, however,
Delivr does not share your reports and data with any third parties with two exceptions:
Delivr does not sell your reports or data to third parties.
This Data Policy was last updated on 29 February 2020.