Data Protection - what data is used and where is it stored?
The Component Manager uses an API 2.0 JWT Token to pull component meta data (no report or individual user data) from Adobe Analytics, processes this data via various scripts hosted in a Google Cloud Platform (GCP) project in the European Union and finally writes the data to a Google Sheet. The Google Sheet can be owned by your organization if you want to.
The Component Manager never accesses Adobe Analytics report data, so the data e.g. of your website visitors is untouched.
The Component Manager accesses components meta data, i.e. data on segments, calculated metrics, date ranges, dimensions, metrics, "Virtual" and regular Report Suites as well as Workspaces. "Meta data" refers to data like the name or description of a component, when it was created or in which Workspaces it is used. If you use the Account Usage Stats feature, the Component Manager will furthermore gather usage log data from Adobe Analytics (logins, workspace views of your organization's Analytics users).
By default, the Component Manager does not store any personal data.
However, the Component Manager is much more useful if it can display the names and email addresses of the owners of a component (e.g. the employees of your company who own certain workspaces) so you can e.g. inform these users about any changes you are doing to their components or filter out components of people who have left your company.
As this is personal data, you can sign an additional Data Processing Agreement when you sign a premium contract. The necessity of the additional data processing agreement depends on the laws of your region and is e.g. required in GDPR regions.
You can then deactivate the
no_personal_datacheckbox in the "config" tab:
- if active (default), the "owner" and "shared with" columns of all tabs will simply show "pii disabled". The account usage tab will show salted hashes instead of email addresses for the user activity visualizations
- if inactive, the "owner" and "shared with" columns of all tabs will show their normal values, e.g. names of Adobe Analytics account users.
If this box is unchecked, ...
... instead of "pii disabled", you will see the names of your org's AA users
no_personal_datacheckbox mentioned above is unchecked, the Component Manager writes the names and (if Adobe IDs) email addresses into your Google Sheets. Personal data is not stored anywhere else, also not in logs or on our servers.
API 2.0 JWT Token
The private key used for the API 2.0 token is stored safely and in an encrypted way using Google Cloud Platform's Secret Manager, an industry standard for key storage security. You can furthermore simply disable the key via your Adobe Admin console at any time.
Other non-sensitive data
Some of the data in the Google Sheet, but no personal data, is stored in Google Cloud Platform's "Cloud Storage" as well as Google Cloud Platform's "Firestore" document database, both located in the European Union. This is done ...
- to make queries faster (e.g. to only query the delta between the last and the current "component usage" run makes the second and ensuing queries up to 95% faster, saves a lot of processing power)
- to track usage stats (e.g. how often which function is used and how long it runs) for performance and product optimization
- to generate parts of the "update logs" in the
update_logtab (e.g. a list of all deleted Workspaces) to document changes.
By default, all data in Google Sheets is stored in Google's world-class data centers in an encrypted manner, so this also applies to the Component Manager, which is basically a Google Sheets enhancement.
If you install the Component Manager as a Google Sheets Add-on, the following applies regarding personally identifiable information from your Google account:
To use the Component Manager, you need to share your Google Sheet with "edit" access to the Google Cloud Platform Service Account e-mail address that is mentioned in the "getting started" guide. When you do this, Datacroft gets programmatic read and write access to all data in this Google Sheet. This is required because the service cannot be provided otherwise.
When you run the Component Manager Setup, we also store your Google account's e-mail address with the date when you agreed to the terms & conditions in our database in an encrypted form. This is required to prevent abuse and to have a legally binding proof of your agreement to the terms & conditions.
If you no longer wish to use the Component Manager, simply delete your Component Manager Google Sheet(s).
You can at any time request us to send you all data stored about your person by writing to component-manager[at]datacroft.de.
All account-related data is always deleted automatically after 6 months. You can at any time have all your personal and account-related data be deleted by writing to component-manager[at]datacroft.de.
Dec 29 2022