skip to main content
x
x
We use cookies to ensure you get the best experience with our website and services. Read more in our Cookie Notice.
x
Delivr Logo Header
MENU

Data Policy

This data policy describes how we treat the data collected and used in campaign reports.

Location-based services.

To provide location-based services, Delivr collects, uses, and shares anonymized location data, including the approximate geographic location of devices when campaigns are accessed.

As example, with the scan of a QR code or click of a Short URL, IP-based location data is collected to determine a devices’ approximate location. Further, when activated by the campaign account owner, accepted by the device owner, and available to the device, more precise location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine a devices’ approximate location. This location data is collected anonymously in a form that does not personally identify. The location data is used by Delivr on to provide and improve location-based content and services.

The default method used by Delivr to determine location is IP Address. The IP Address is anonymized prior to database storage.

  • IP Addresses are typically accurate to the city or state/province level.
  • IP Addresses that can only be identified at the country level do not appear on the map.
  • IP Addresses for which we have no geolocation data do not appear on the map.

What happens if the "Device GPS Location" method is activated?

Campaigns can be configured at the campaign account owners discretion to display a prompt that requests permission to determine location through GPS. If permission is granted, location and location accuracy is determined by device GPS. Latitudes and Longitudes are approximate and based on a mix of commercially-licensed and open-source IP Lookup data. If permission is not granted, location is determined by the Default Location Method.

True visits.
Delivr attempts to report only those visits that originate from “real” people engaging your campaign. Visits generated by computer programs and bots are in many cases identified and removed from your report. In some cases, applications send additional server-based visits that cannot be removed. In other cases, where visits flow though the server of an intermediate service or application, activity will appear clustered around the location of that server.

 

Delivr as a data processor.

In order for Delivr to produce reports, we analyze a variety of sources of data, including data from the users who access your campaign links, none of them considered personal data under GDPR - save for IP address. In this scenario, Delivr is considered the data processor on behalf of our customers, who are individual data controllers. In order to report on location, Delivr tracks and stores the IP address of visitors to your campaigns. While an IP address can be considered personal data, we never store full IP addresses. We anonymize IP address as soon as technically feasible by replacing the last octet of your visitor’s IP address with a ‘0’. By stripping the octet from IPs, we eliminate the collection of your campaign visitors' personal data. This occurs before any data storage; the full IP address is never written to the disk.

Notice to EU Users: As no personal data whatsoever is stored in the case of using the default method to determine location, we believe Delivr reports are not subject to GDPR laws. If the optional method of Device GPS Location is activated by you, your reports/data may be subject to GDPR laws. GDPR acknowledges location data’s unique position as identifiable information by making it part of its definition of “personal data” in Article 4 (1). Under GDPR, subjects of personal data are granted extended rights, including a right to access and a right to erasure.

 

What information is being collected?

Delivr captures and securely transports the following information related to your campaigns to Delivr’s US-based data center for storage and reporting.

  • Visit Date & Time Stamp
  • Location
    • Default Method: IP Address - IP Address is anonymized before storage or reporting, IP address is not provided in reports.
    • Optional Method w/ User permission/OPT-IN: Device GPS Location: - Latitude & Longitude, Level of Accuracy
  • Device User Agent String, Type of device/OS/browser
  • Language that the device is set to
 

How is this information used?

This information allows Delivr to:

  1. Provide intelligent redirection services e.g., redirect by device OS, by country, and by device language,
  2. Generate reports with date & time stamp, geolocation, device OS and language, and
  3. Identify and remove non-human, bot and spam traffic from reports.

Delivr does not fingerprint devices, build profiles of visitors, or accumulate patterns of an individuals activity and geospatial information.

  • Delivr does not "fingerprint" devices or build a profile to identify or track visitors.
  • Delivr does not track visitors cross-domain. Delivr does not facilitate third-party advertising cookies for re-targeting.
  • Delivr does not collect User ID or other pseudonymous identifiers.

It is against our Terms of Service for customers to create or use URLs that contain any type of personal information. In the case that customers wish to pass personal data through the URL in any way (such as by including it in the domain name, the URL slug or in forwarding parameters) it's the customer's responsibility to notify us as well as their own customers.

Reports are private & secure by default, accessible only to the account owners running the campaign and Delivr under secure login. Account owners / users can, however,

  1. Choose to share their annonomized reports with others.
  2. Send select data to third party analytics platform by way of URL-based campaign parameters e.g.; Google Analytics UTM Parameters.
  3. Determine how long data remains in the Delivr system. Account owners / users can choose to delete their reports & underlying data at anytime.

Delivr does not share your reports and data with any third parties with two exceptions:

  1. We send location data to Google APIs to generate the maps used in your reports.
  2. We reserve the right to share high-level, anonymized, aggregate insights e.g.; 52.7% of all QR code scans across the Delivr platform originate from iOS devices.

Delivr does not sell your reports or data to third parties.

 

This Data Policy was last updated on 29 February 2020.


Delivr® is a privacy-first software and services company serving thousands of businesses looking to drive audiences from offline to online experiences. Established in 2008, Delivr has developed software to track and visualize consumer engagement with print and broadcast media, labels and packaging. With Super Simple Serialization℠ and TrueMrk®, Delivr is extending its martech product suite to serialize and authenticate products. Headquartered in the USA.