Crobox tracks click behavior of individual users. This behavior is collected, processed and then encoded into a personal profile. Click behavior is interpreted as -though not limited to- tracking events and/or pageviews of a specific user to record whether he/she engages with a specific link, image and/or product.
Does Crobox store any Personal Identifiable Information (PII)?
Crobox does not store any Personal Identifiable Information (PII) other than the UUID required to identify and track the user over sessions.
Which data makes up a Crobox profile?
Crobox consists of the following:
History of page view events
History of offered personal site optimizations & modifications along with (optionally) responses
A DNA consisting of Psychological Principles (e.g. R. Cialdini)
Does Crobox offer opt-out functionality?
Any user can easily opt-out; clients don't need any custom integration for this. After opting out, the Crobox tracking cookie if available will be deleted and a new cookie will be set indicating that specific user doesn't want to be tracked over (new) sessions. After opting out, no personal data will be collected anymore and no profile will be created / updated.
However, if the client can provide us with a unique identifier (UUID) indicating a unique user, we don't need to store cookies at all.
What is stored in a Crobox cookie?
The cookie controlled by Crobox contains a randomly unique identifier (UUID) that tracks the user over multiple sessions. Its expiration date is set to 180 days.
If the client has the possibility to send us an UUID, there is no cookie setting required resulting in no Crobox cookie stored at all.
Does Crobox control the cookie parameters?
This is the responsibility of the client. Crobox only sets the expiration days to 180 days.
The client is the owner of the data, but the data is stored at external servers managed by Crobox. Partly the data can be accessed using our dashboard and/or Application Program Interface (API).
Data is stored separately from other clients and is not used for or by other clients, domains and/or used for other abstraction or reporting means.
We comply with most stringent security policies. All data is stored in the EU-based datacenter. But we do use services from US-based companies for distribution and backup. Please contact us for an overview of all security measurements taken: firstname.lastname@example.org