Privacy has been a cornerstone of Sense360 from day one, and has presided over all product and roadmap decisions. We pride ourselves on our compliance efforts and have invested deeply into making privacy a core part of our foundation.
Below we outline our business model and our approach to privacy that we apply to data collected through our proprietary SDK, because we believe in having a constructive dialogue on this critical issue.
What is Sense360’s business model?
Sense360 is a market research company (focusing on aggregated, anonymous data about trends related to consumers, and de-identified survey responses). We do not sell or resell individual-level data, and when we conduct a survey on behalf of a customer, we remove identifying information before providing them with the answers. We do not target ads. We do not sell audiences. We do not do ad attribution. Our only two business models are 1) aggregated and anonymous market research and 2) licensing our technology to power core app functionality or to help customers understand their own data.
Market research means that we provide businesses with insights into aggregated, anonymized real-world consumer behavior. For example, we can help a restaurant chain understand whether, in the aggregate, business to their restaurants is decreasing due to a competitor’s new menu redesign.
The way we compile our market research is by combining multiple datasets. We have an SDK that collects anonymous, device-linked location data from a network of apps if the user consents to sharing location. We also have a survey module that allows us to ask some of these users questions related to their visits in exchange for points or rewards.
Because of the nature of our model, which is market research focused on aggregated, anonymous data about trends related to consumers, our approach to data is significantly different from other use cases. Specifically, we need less data, sell only truly aggregated, anonymous data, only work with data that was collected with user consent, and obfuscate a wide range of data (discussed in more detail below).
In some cases, we may help a customer understand its own data (such as help interpreting location data collected in the customer’s own app).
How do you protect users’ privacy?
We have instituted numerous privacy principles and safeguards to protect consumers’ privacy.
- Participating apps must get user consent to acquire location data. If the app does not get user consent for Always On Location data on iOS or Location on Android, our SDK will not collect location or sensor data.
- Our SDK does not collect any PII (Personally Identifiable Information) like names or email address nor do we use such PII anywhere in our product—it seeks only limited data and optional survey responses linkable to devices. When we provide survey responses to a company on whose behalf we conduct the survey, we remove identifiable information, including anything that would let them link the responses to the device.
- We proactively obfuscate certain data to help us avoid inadvertently collecting PII. As an example, we obfuscate a user’s likely home Wi-Fi access-point names, as they sometimes include family names.
- We proactively seek to determine a user’s home location (which is stored on the device and not on our servers) to provide additional privacy protection by obfuscating data collected near that area.
- We ignore records of visits to locations that we recognize as sensitive, such as locations we recognize as hospitals, doctors’ offices, and places of worship.
- Our SDK encrypts transmissions of sensor and location data to our servers, and we encrypt sensor and location data while at rest on our servers.
- Our current SDK sends us data only from devices located in North America.
In addition to these privacy principles, we also ensure that everyone on our team signs a privacy pledge committing to high privacy standards (and pledging never to try to use our data from our SDK to identify any person – even though that would be exceptionally hard given all the obfuscation we do).
How is POI data collected near a user’s home obfuscated?
When the Sense360 SDK collects data about a visit it checks to see if the visit is near the likely home location that our SDK stores on the device. If it is within a certain area near the home location, then the location data is obfuscated before being sent to our servers. If the visit is not within that area, then the location data is sent to our servers with no obfuscation. If the SDK does not yet have a home location, then all visit and location data are obfuscated before being sent to our servers, regardless of if near the home or not (as we do not yet know whether the locations are near home or not).
This obfuscation ensures that when looking at any obfuscated visit data on our servers, the true location is not known, but rather lies somewhere within approximately a 1,000 ft by 1,000 ft box, or approximately four blocks in Manhattan, that is placed around the true location. To reduce the likelihood that the home location can be deduced from the box, we don’t center the box on the location but rather place the box at a randomly selected area that will include the location.
In the below image the blue point represents a hypothetical true location of a user. The blue point, and any other location within the box surrounding the blue point, will obfuscate to the same location that the blue point obfuscates to, which, for example, could be near the top left of the box.
How does Sense360 obfuscate Home Wifi Access Point?
We also obfuscate WiFi access point names. On Android we obfuscate the WiFi access point names near the likely home in case someone uses their first or last name as the name of their home WiFi. On iOS, we obfuscate all WiFi access point names.
On Android, if the user’s previous visit is within the obfuscation box described above, then all wifi SSID’s and BSSID’s collected from that point on, are obfuscated until another visit is registered that is not within the obfuscation box.
On iOS, we only collect the SSID of the wifi access point that the user is connected to. We ALWAYS obfuscate this SSID using an MD5 hash.
How does Sense360 obfuscate Sensitive Locations?
We designed our systems to ignore visits to places that we recognize as sensitive We do this for hundreds of categories.
Our guiding principle was to exclude categories that relate to medical, academic, legal, religious, cemeteries and other similar types of visits. We categorized locations, flagged certain categories as sensitive, and obfuscated and grouped those categories in our system as “personal” so that a record of a visit to any location we recognize as belonging to one of these categories is flagged simply as a “personal” visit as opposed to a visit to that particular type of location. We then ignore those visits and the raw location records that reflect those visits. Below you can see a sample of the 567 different categories that we obfuscate:
- Autopsy Service
- Anger Management
- Places of Worship
What does Sense360 do with the data?
Below are examples of our market research reports and dashboards. You will notice that this reporting is in its majority trend data, highly aggregated, and never related to individual users. These reports and views make it impossible to home in on an individual user’s activities, other than de-identified individual survey responses.
Example 1: Benchmark Dashboard
Example 2: Promotions Analysis
Example 3: Business Performance Overview
Example 4: Daypart Analysis
In some cases, we provide an additional service to help a customer understand data collected through the customer’s own app about the customer’s own users. In those cases, our report to that customer may include individual data about the specific users or devices, but not any data collected about those users or devices from our other customers.
Do you pay apps for this data?
We provide discounts or payments in exchange for the data we collect. This allows our app partners to provide their service to users, often for free.
What requirements do you have of app partners?
Partners that work with us must:
- Get consent from their users for the data they collect.
- Have a clearly defined and understood location use case or get a second explicit consent to collect and share the data, apart from the iOS and Android consent.
- Not send Sense360 PII data like names or email addresses—only limited data and optional survey responses linkable to the user’s device.
Does the Sense360 service offer data about specific individuals?
No, except for de-identified survey responses that the recipient (i.e., the survey sponsor) cannot link to any particular individual. We analyze aggregated and anonymized data to create research and reports for our customers.