Data Collection, Processing and Retention Under LGPD

Collection of Personal Data

When a user visits a Bound-enabled website, behavioral data (including IP address, a unique visitor ID, and a unique session ID) is captured by our JavaScript tag, and sent to our API over HTTPS. In cases where 3rd party data connections are enabled, this API request may also include detailed demographic data, provided by a 3rd party.

Anonymization of Data

Our API determines the geographic origin of the request using an IP address lookup via the MaxMind database. If the request originated in the state of California and is likely subject to the provisions of the Brazilian General Data Protection Law (LGPD), our application anonymizes or discards any personally identifiable data in the request before processing and logging it. This includes:

  • Anonymizing the IP address by zeroing out the last octet of IPv4 addresses, and/or zeroing out last 80 bits of IPv6 addresses
  • Anonymizing the visitor ID and session ID via a one-way hash
  • Discarding any 3rd party data that may be included in the request

This is done only to comport with the requirements of the LGPD and only processes data required to establish identification under the provisions of Article 6(1)(c) and (f) of the Regulation. At no time do we seek to collect or process any data other than to identify whether personal data may be subject to LGPD.

Consent to Store and Process

We provide a mechanism for Bound customers and their end users to override data anonymization. To do this, customers provide a flag in each API request, which indicates that the user has given consent to the storage and processing of the data contained in the request that is consistent with and complies with the LGPD. If this flag is present, we do not anonymize the request data and we rely on the Customer to ensure the proper consent is maintained for all processing of personal data.

Requests to Purge Data

In cases where the user has previously provided consent to store/process personal information, but now wishes to purge said data, we provide a form on the Bound website to facilitate this request. The form collects the visitor's unique ID from a cookie in their browser, and immediately removes any personally identifiable data stored in our our active databases. The generic behavioral data is retained, but its relationship to a specific user is severed by irreversibly anonymizing the related IP address, visitor ID, and session ID. We then similarly anonymize any relevant log files that exist in long-term storage--though this process may be performed in batches, within a reasonable timeframe from the user's request, to comply with the provisions of the LGPD.

Portability of Data

We provide a form on the Bound website that allows users to request a copy of any data that we may have collected from them. This form submits a request to Bound, including the user’s unique visitor ID, which is stored in a browser cookie. This cookie is the only link we have between an individual user, and their (otherwise anonymous) behavioral data--if the cookie has been deleted, we have no way to link the user with any data we may have stored. The user must provide an email address, to which the data (if it exists) will be delivered. Within a reasonable timeframe from the user's request, we will deliver any relevant data to the provided email address, to comply with the provisions of the LGPD.

Ready to get started?

It’s easier than ever to launch personalization and start seeing results.

Contact Us