Data Protection - what data is used and where is it stored?

How does the Component Manager process data?

The Component Manager uses an API 2.0 JWT Token to pull component meta data (no report or individual user data) from Adobe Analytics, processes this data via various scripts hosted in a Google Cloud Platform (GCP) project in the European Union and finally writes the data to a Google Sheet. The Google Sheet can be owned by your organization if you want to.

What Adobe Analytics data does the Component Manager use?

The Component Manager never accesses Adobe Analytics report data, so the data e.g. of your website visitors is untouched.
The Component Manager accesses components meta data, i.e. data on segments, calculated metrics, date ranges, dimensions, metrics, "Virtual" and regular Report Suites as well as Workspaces. "Meta data" refers to data like the name or description of a component, when it was created or in which Workspaces it is used. If you use the Account Usage Stats feature, the Component Manager will furthermore gather usage log data from Adobe Analytics (logins, workspace views of your organization's Analytics users).

Does the Component Manager store personal data (PII)?

By default, the Component Manager does not store any personal data.
However, the Component Manager is much more useful if it can display the names and email addresses of the owners of a component (e.g. the employees of your company who own certain workspaces) so you can e.g. inform these users about any changes you are doing to their components or filter out components of people who have left your company.
As this is personal data, you can sign an additional Data Processing Agreement when you sign a premium contract. The necessity of the additional data processing agreement depends on the laws of your region and is e.g. required in GDPR regions.
You can then deactivate the no_personal_data checkbox in the "config" tab:
  • if active (default), the "owner" and "shared with" columns of all tabs will simply show "pii disabled". The account usage tab will show salted hashes instead of email addresses for the user activity visualizations
  • if inactive, the "owner" and "shared with" columns of all tabs will show their normal values, e.g. names of Adobe Analytics account users.
If this box is unchecked, ...
... instead of "pii disabled", you will see the names of your org's AA users

Where is which type of data stored?

Personal Data

If the no_personal_data checkbox mentioned above is unchecked, the Component Manager writes the names and (if Adobe IDs) email addresses into your Google Sheets. Personal data is not stored anywhere else, also not in logs or on our servers.
API 2.0 JWT Token
The private key used for the API 2.0 token is stored safely and in an encrypted way using Google Cloud Platform's Secret Manager, an industry standard for key storage security. You can furthermore simply disable the key via your Adobe Admin console at any time.
Other non-sensitive data
Some of the data in the Google Sheet, but no personal data, is stored in Google Cloud Platform's "Cloud Storage" as well as Google Cloud Platform's "Firestore" document database, both located in the European Union. This is done ...
  • to make queries faster (e.g. to only query the delta between the last and the current "component usage" run makes the second and ensuing queries up to 95% faster, saves a lot of processing power)
  • to track usage stats (e.g. how often which function is used and how long it runs) for performance and product optimization
  • to generate parts of the "update logs" in the update_log tab (e.g. a list of all deleted Workspaces) to document changes.

Data in the GoogleSheet

By default, all data in Google Sheets is stored in Google's world-class data centers in an encrypted manner, so this also applies to the Component Manager, which is basically a Google Sheets enhancement.