EU General Data Protection Regulation (GDPR) and TINT

The GDPR is a comprehensive regulation in the EU that governs the handling of personal data. The law is meant to ensure that citizens are informed of and give consent to giving the data that is collected about them to third parties.

Most of the regulation involved in GDPR does not impact TINT because TINT does NOT collect any highly sensitive information such as names, IP addresses, health records, or social security data. Most of the data TINT collects is classified as public, or covered by the End User License Agreements (EULAs) that are already implemented in the systems we collect data from. In addition, we do not sell data, which is another important component of GDPR.
However, it is important to understand the different categories of data that TINT collects and how that impacts GDPR compliance:

Data Categories

Category 1 - TINT Account Data

  • TINT account email addresses
  • TINT account passwords
  • This data is compliant with GDPR because consent is covered by TINT’s privacy policy which TINT’s users agree to when they sign up for TINT.

Category 2 - Information about how TINT customers use our product

  • Google Analytics - Product usage analytics
  • Mixpanel - Product usage analytics
  • FullStory - TINT records session data on how TINT users are using the TINT platform so we can find usability issues
  • This data is compliant with GDPR Covered by TINT’s privacy policy

Category 3 - Information about how the end user uses the product

    • Engagement Analytics on TINT embeds
      • Clicks on TINT posts
      • Clicks on TINT Calls-to-Action buttons on posts
      • TINT embed views
  • This is the most sensitive category of information that applies to the most customers.
  • We don’t collect the IP, which reduces the impact GDPR has on this data
  • We do set cookies, which requires our customers to block their websites unless they have gotten consent from their website visitors. Most sites will be implementing consent interfaces on their websites to get consent in order to use cookies. 
  • However, some customers will avoid the use of cookies so they do not have to get consent.
    • We do have the functionality to turn off the cookies by adding the ?notrack=true parameter to a TINT URL which allows them to use TINT without having to get consent. However, when cookies are turned off, they will not be able to take advantage of TINT’s analytics.
    • In the future, we may need to implement a blocker wall on TINT to notify the user of the use of cookies on the TINT embed. This would cover cases where our customer has not implemented a consent collection mechanism but still wants to use TINT analytics.

Category 4 - Aggregated data from major social networks

  • Instagram posts
  • Twitter posts
  • Facebook posts
  • The aggregation of social data falls under the GDPR personal data regulations.
  • The social network’s End User License Agreement (EULA) covers consent for this data.
  • We implement compliance with the social network to make sure that posts that are deleted or modified on the social network are reflected in our database. 

Category 5 - Aggregated data from non-social-networks

  • RSS content
  • Content from these channels does NOT have the protection of an EULA. The responsibility falls on the customer to make sure that they comply with GDPR when they use these sources, and that they have gotten the proper consent for the data being aggregated.
Was this article helpful?
0 out of 2 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.