Your data in Voluum is safe not only because of passwords and encryptions. It is also safe because of the fact that Voluum operates from the safest legislative landscape in the world and because of our company’s strict internal regulations.
You don’t think about data safety until there’s some newsworthy incident of a data breach. But now we would like to tell you more about what makes your data in Voluum safer than you would think.
The following article tries to shine a light on the regulatory aspect of data security in Voluum, as well as the types of data Voluum collects.
The latter clarification is necessary from our experience. We are as transparent as we possibly can be – but people still think that we can somehow know the name of the person that clicked one of our customer’s ads.
EU Regulatory Framework
Let’s start by talking about the legal reality Voluum operates in.
Voluum is the product of CentralNic Poland, an EU registered company. This automatically means that the data collecting process falls under the GDPR legislation, the most restrictive in the world.
GDPR, since its introduction in 2018, has had a profound impact not only on EU-based companies, but on countries and institutions around the world. For example, Brazil and even China have both adopted GDPR-like laws with many countries following.
The notable exception is the United States, which has not adopted any digital privacy laws on the federal level. There are some state regulations on that matter, with the California Consumer Privacy Act as an example, but nothing on the level that would apply to all.
Take a note of that, as two popular trackers have their headquarters in Texas and Florida.
What this all means is that by going with Voluum, you get the highest level of legal security in the world.
How GDPR makes your data safe
Firstly, we are accountable for the data we keep. Avoiding data breaches or leaks is in our best interest, as fines are severe.
Thirdly, we only record the least amount of data that is required to conduct our business efficiently. We provide an opt-out option for people that don’t wish to be tracked. All others can be rest assured that we do not collect personal identifiable information. We will talk about the scope of information in the later parts of this article, but we wanted to stress this as early as possible.
Fourthly, GDPR makes us responsible for all the data we collect, not only what’s tracked in the EU. We have servers around the world, but we still follow EU guidelines on data privacy. Data tracked in the US and stored on an American server is treated in the same way as data tracked within the EU.
How the company policy makes your data safe
We at CentralNic Poland know that data is your most valuable asset. That’s why we treat it with utmost care.
Our internal regulations are aimed to inspire confidence and build trust between us and our customers because of the following reasons:
Firstly, we don’t do media buying. We would not get anything from using our customer’s data for our gains. We would, however, irreversibly damage our reputation and undermine the trust of our customers. Our business is tracking.
Secondly, if that didn’t convince you, be assured that each employee has a clause in their employment contract that specifically prohibits competitive activity with a fine of 500,000 PLN (+/- 125,000 EUR). In fact, this is the exact citation from the attachment for any employment contract in Centralnic Poland:
“For each Employee’s violation of the non-competition obligation within 6 (six) months from the termination of the employment agreement, the Employee shall pay liquidated damages to the Employer in the amount of 500,000 PLN,- (five hundred thousand PLN) within 7 (seven) days from the service of the demand for payment on the Employee at the address indicated in the employment agreement or at any other address provided by the Employee. The Employer, on the principles set out in article 471 of the Civil Code, is entitled to claim compensatory damages in excess of the amount of the liquidated damages.”
Thirdly, regarding the access to data: our support team may access your account only for the sole purpose of providing you with technical assistance. They are not allowed to change anything on your account without explicit permission nor to share data with anyone else. This is all included in Voluum’s Terms & Conditions.
The scope of data we collect
It is often said that a good advertiser needs to know who clicked their ad. This may be an oversimplification, because it suggests that advertisers need to know the personal details of the members of their audience.
This is not true.
Advertisers only need statistical data to fine-tune their campaigns. Personal details such as names or addresses are not needed. What is more, Voluum has no technical means to know this data.
Platforms such as Google and Facebook know their audience down to the most personal information because most people are always signed-in to these platforms.
We can’t get this information from them, and we don’t want to. Voluum’s strength is in statistical analysis, not in any privacy-intruding methods.
Voluum records visitor data by leveraging information that is already available to websites they are visiting anyway. This information includes:
- IP address – a string of numbers that is assigned to each device connected to the Internet but not to the user specifically
- User agent – a software that acts on behalf of a user, typically a web browser, which informs the website about some technical aspects (such as browser type and version or preferred language) to ensure the best viewing experience. Thanks to that, websites can be displayed in a proper size (fit for mobile devices, for example) and in the correct language.
- Timestamp – an exact moment of a user-generated event.
We use external services such as Digital Element (used as well by Facebook) to decode this into usable visitor characteristics, such as country of origin (pools of IP addresses are assigned to specific countries and therefore, it is easy to deduce the location based on the IP address) or device type.
We identify not the actual users in campaigns but flows. Voluum assigns a click ID not to a person, but to an event, and then follows this string of events as long as they occur on the same machine and web browser for a limited time.
A user changing device is a new flow for Voluum. With the growing number of connected devices, a typical user has, cross-device tracking becomes increasingly important. So, Voluum can be integrated with a mobile attribution tool such as AppsFlyer to be able to track user data on desktop and mobile devices. But again, not concrete users, only user-generated events.
The above-mentioned data may be the basis to form something that is often referred to as a ‘digital fingerprint’. Many companies use a probabilistic approach to use a set of characteristics (device type, IP, browser name and so on) to identify specific users.
Again, we are not interested in creating user profiles. Voluum even provides you with the IP anonymization feature that hides parts of the IP addresses. This makes IP addresses still usable for analysis but in-line with more privacy-focused legislations.
Voluum is a tool for statistical analysis of aggregated data and in the big numbers game that affiliate marketing is, it’s all you need.
Data is yours, we’re only keeping it for you
All your concerns about data you might or still may have are valid – it is good to ask questions regarding this difficult and complex manner. If you still have some doubts about the way we handle your data, please contact us and we will answer you swiftly.
Your trust is our biggest asset. We prefer to be your trustworthy choice of affiliate ad tracker rather than engaging in any shady activity. We are one of the oldest trackers on the market with 100% server uptime since 2015 and we would like to continue our winning streak.