(ARCHIVED) Privacy Policy

This Privacy Policy no longer applies - please see the most recent Privacy Policy.

Branch Discovery Privacy Policy
Last updated April 28th, 2020

Overview

Top

We value privacy and are committed to providing our services in a privacy-first way, including by practicing data minimization, limiting the information we disclose, and implementing measures to safeguard our data. At a high level, our Discovery Services help our Customers’ Users discover mobile apps and allow our Customers to provide their Users with more relevant results to mobile app content in response to search queries. To provide these services, we collect certain device level data (e.g., advertising identifier, IP address, and geolocation information) and query data (e.g., “best restaurant in San Francisco”) about Users. We use this information to provide and improve the Discovery Services, as well as to provide other Branch products and services, and generally to serve or communicate with our Customers. We may also de-identify or aggregate data we collect through the Discovery Services and use it for any purpose. We disclose information to our service providers and Customers and also to comply with laws, to protect ourselves and others, or as part of a business transaction. Users may opt out of certain data collection by following the instructions in the User Choices section below. Because we provide technology that powers the Discovery Services to our Customers, they may use a different name to describe their use of Branch’s Discovery Services (for example, “Place Search”). Users should review the privacy policies of the mobile devices and mobile applications they use, which may give You additional options or rights regarding how our Customers use Your data.

Introduction

Top

Branch Metrics, Inc. ("Branch", "us" or "we") offers a discovery service (the “Discovery Services”), that enables developers of mobile applications and device features using the Discovery Services (our "Customers") to provide contextual results and intent-based links in their apps, which gives their end users ("Users") simplified access to completing an action (for example, to identify nearby restaurants). Branch recognizes and believes that data privacy is important to all Internet users, and therefore we design and operate our services in a privacy-first manner.

This Branch Discovery Privacy Policy (the “Discovery Privacy Policy”) explains what information Branch uses to provide the Discovery Services, and how it shares and protects data obtained by Branch through the Discovery Services.

Please note that this Discovery Privacy Policy only applies to the Discovery Services. Branch also offers a website and other services, some of which may be accessible by Users who, through their use of the Discovery Services, click on a Branch link or interact with an app or website of a Branch customer. For the privacy policy applicable to the Branch website and other Branch services, including services accessible by Users through the Discovery Services, please review the Branch privacy policy posted here. The Discovery Services, and the Branch services described in the Branch privacy policy, are collectively the “Branch Platform”.

What are the Discovery Services?

Branch provides technology so Customers can provide their Users with content results in response to queries. We do this in two main ways. First, Branch leverages data from Users through the Discovery Services and through other Branch services to enhance and tailor results in response to queries. Second, Branch provides Customers with mobile deep linking technology to return deep links to queries. “Deep linking” means providing links to a specific, generally searchable or indexed, piece of content in an app or on a website (e.g. “https://branch.io/security/”), rather than the app’s landing page or website’s home page (e.g., “https://branch.io”). Deep links thus enable Users to be directed to specific content within an app. Branch has no direct relationship with Users. When Customers install the Branch technology on their apps (via an application programming interface and/or software development kit), the technology enables Customers to respond to Users’ queries with contextual results and intent-based deep links, which in turn helps Users by giving them results and deep links to simplify access to completing an action (for example, to identify nearby restaurants, order food for delivery, travel to a location, or find a contact on their device).

What Information Does Branch Collect from the Discovery Services?

Top

User Data

Below, we explain what information we collect from Users through the Discovery Services. We process information in a way that is relevant for the purpose for which it was collected as described below.

In addition to the information summarized in the charts below, through the Discovery Services, we collect your queries and, when you have enabled geolocation tracking, your geolocation information. We require that each Customer commit to share with Branch only information that it has lawfully obtained and that it has the right to share information with Branch. We strongly discourage Customers from sharing sensitive User information with us, as such information is not necessary for the provision of the Discovery Services.

Software development kits (“SDKs”) and application programming interfaces (“APIs”) include code that allows Customers to integrate and use the Discovery Services. The Branch Discovery Services SDKs and APIs collect the following information when Customers use the SDKs and/or APIs in their mobile apps, some of which is considered personal data under applicable law (in other words, information that itself may identify a unique individual or can be linked back to an individual). The chart below summarizes the information collected automatically by the Discovery Services and for what purposes this information is being collected.

Information Collected Purpose
Advertising identifier (e.g., Google Ad ID or IDFA) Used for device identification and serving personalized results and advertising.
IP Address Used to understand general location.
Country Code This is the ISO country code equivalent for the SIM provider’s country code, and is used to understand country-level location.
Device Locale (country, language) Used for customizing results and advertising to the device’s country and language settings.
Geolocation information (e.g., latitude & longitude) If available, used to provide more accurate, location-relevant results. Please see the User Choices section below for more information about opting out of geolocation tracking.
Query

Any query submitted by a User for purposes of responding to the User’s queries.

Queries may include information that identifies an individual (for example, if a User searches for a friend “John Smith” or for news about a particular celebrity) as well as information that does not identify anyone (for example, “pizza nearby” or “phone cases”).

Queries may be Internet-based or device-based (for example, to search for a contact or an app on a User’s phone). For Internet-based queries, we collect the information described in this table. For device-based queries, our SDK will collect and store information locally on a User’s device (for example, a User’s contacts or the apps stored on a User’s device), but Branch does not receive this data.

Device Model Used to serve relevant results and advertising, and for reporting.
Device Manufacturer Used to serve relevant results and advertising, and for reporting.
Operating System Used to serve relevant results and advertising, and for reporting.
Operating System Version Used to serve relevant results and advertising, and for reporting.
Mobile Network Status (Carrier) Used to serve relevant results and advertising, and for reporting.
Screen Resolution Used to serve relevant results and advertising, and for reporting.
Screen Size Used for identification and matching, and to understand general location to serve more relevant results and advertising.
Engagement Data Information relating to a user’s interactions with results and/or advertisements, such as clicks and/or impressions; used to improve the Discovery Services and for reporting.

Customer Data

Customers may provide information to us to help better direct advertising to their desired audiences delivered through the Discovery Services (“Customer Data”). Branch processes Customer Data as a service provider on behalf of its customers for the Discovery Services and will not use this Customer Data for other purposes.

How Does Branch Use Information Collected by the Discovery Services, and What Information Does Branch Use to Provide the Discovery Services?

Top

Data Branch collects through the Discovery Services is processed:

  • to provide, maintain, optimize, research, and improve the Discovery Services, including to develop the results for User queries and improve the relevance and/or usefulness of the results.
  • to better understand how and from where Users come to click on certain deep links and what types of links are popular.
  • to serve advertisements in connection with Users’ queries.
  • to fulfill Customers’ and prospective Customers’ requests for the Discovery Services including processing data at the Customer’s direction and transferring User data to them. Branch does not control how Customers use information Branch shares with Customers, and Users should read Customers’ privacy policies to understand how Customers use information they receive from Branch.
  • to use for internal and Customer business purposes, including to support both the Discovery Services and other Branch products and services, develop new products and services, market products or services, support the products and services of our Customers, and as permitted or required by applicable law.
  • to create reports based on aggregated information, which is information that cannot be linked back to any individual person or Customer, and share these reports with the public.

We may aggregate and/or de-identify the data we collect. After data has been aggregated and/or de-identified, Branch does not use it to personally identify an individual. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including business partners, Customers, and/or others.

Where permitted by law and our agreements with customers, and with your consent (to the extent required by law), Branch may also use data collected through other Branch services to enhance and tailor results of User queries. Please see the Branch privacy policy to understand our privacy practices with respect to those Branch services.

Our Customers’ Use of Information

Top

Our Customers use the information collected via the Discovery Services for the purposes set forth in their respective privacy policies, including to improve their Users’ app experiences, customize their apps and in-app content results to Users, and better understand their app marketing programs and how Users use their apps.

We require that our Customers utilize the Discovery Services responsibly and in accordance with certain terms and conditions. Branch is not responsible for the data practices of any of our Customers through the Discovery Services or otherwise. Each Customer’s practices are subject to each Customer’s individual privacy policy. Users should review the privacy policy of each Customer to understand how that Customer treats User information collected through the Discovery Services.

User Choices

Top

Users have the following choices regarding Branch’s collection of their data through the Discovery Services.

Mobile Device Identifier: To exercise the mobile device privacy settings controls, please visit the privacy settings of your Android or iOS device and select “opt-out of interest based ads” (Android) or “limit ad tracking” (Apple iOS). Branch will only be able to collect information as permitted by these settings.

Geolocation information: If You have agreed to permit a Customer’s app to collect Your location, You can change Your location tracking settings in Your device settings by following the instructions here (Android).

Application Deletion: You may be able to delete the Customer app through which You use the Discovery Services, where available.

Do Not Track

Top

The Discovery Services are designed for mobile applications and therefore do not respond to web browser “do not track” signals.

How Does Branch Share Information?

Top

In addition to the ways described above, Branch may also share information with others under the following circumstances:

  • With third-party vendors, consultants and other service providers who work for us and need access to information we collect to do that work, including for cloud storage, data analysis, and project tracking. These third parties are prohibited from using the information for purposes other than performing services for us or to comply with applicable legal requirements.
  • With our Customers and their agents, as described in this Discovery Privacy Policy.
  • With customers of other Branch services, including their vendors or agents, if requested by the customer, for attribution purposes.
  • To comply with laws or to respond to lawful requests and legal process including to meet national security or law enforcement requirements, and in order to investigate, prevent, or take action regarding suspected, or actual, prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
  • To protect the rights and property of Branch, our agents, Customers, Users, and others including to enforce our agreements, policies, and any applicable terms and conditions.
  • In connection with or during negotiation of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

How We Secure the Information We Collect

Top

Securing the information provided by our Customers and collected through the Discovery Services is important to us. Branch has implemented industry-standard technical, administrative, and physical safeguards to help protect the information on our servers against unauthorized access, alteration, disclosure or destruction. You are responsible for maintaining the security of Your devices and online accounts, such as not sharing passwords to Your devices.

Links to Other Services

Top

The Discovery Services link to other websites and apps. These other domains are not controlled by Branch, and we do not endorse or make any representations about third-party websites, apps, or social media platforms. We encourage You to read the privacy policies of each and every website and application that You interact with. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at Your own risk.

Privacy Shield For EU, UK, and Swiss Personal Data Transferred into the United States

Top

Branch has taken appropriate safeguards in order to protect personal data collected from EU data subjects. Branch complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. Branch has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

Branch is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks we are obliged to inform EU, UK, and Swiss individuals whose data is being transferred into the United States that we may be required to release personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

Branch remains liable for the onward transfer of EU, UK, and Swiss personal data to agent third parties pursuant to the Privacy Shield unless we can prove we were not a party to the actions giving rise to the damages.

In compliance with the Privacy Shield Principles, Branch commits to resolve complaints about Your privacy and our collection or use of Your personal data transferred to the United States pursuant to Privacy Shield. European Union, UK, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Branch at:

Branch Metrics, Inc.
1400 Seaport Blvd
Building B, 2nd Floor
Redwood City, CA 94063
or by email at discoveryprivacy@branch.io

Branch has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If You do not receive timely acknowledgment of Your complaint, or if Your complaint is not satisfactorily addressed, please click here for more information and to file a complaint. This service is provided free of charge to You.

If Your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, You may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1, available here.

Our Data Retention Policy

Top

Personal data collected via the Discovery Services are stored in an identifiable form for no more than 7 days, after which they are removed or pseudonymized. Any and all pseudonymized logs are deleted after 12 months, unless otherwise required by applicable law or otherwise agreed between Branch and the Customer.

Branch may retain information collected by the Discovery Services beyond these periods for fraud prevention, analysis, or response, or to protect the safety of Branch, its Customers, Users or the public.

Our Policy Regarding Children

Top

The Discovery Services are not directed to children. We require that Customers agree to not knowingly send to us data relating to any children under 13 (or, in certain jurisdictions, under 16). If You believe that we might have any information from or about a child under 13 (and in certain jurisdictions under 16) in violation of this policy, please contact us at discoveryprivacy@branch.io, so that Branch can promptly investigate and delete any inappropriately obtained information.

Your Rights

Top

Under applicable law, You have the right to access, rectify, erase and restrict the processing of Your personal data. You also have the right to object to Branch’s processing of Your data, all in accordance with applicable law. Because Branch cannot associate the personal data collected via the Discovery Services with a particular individual, it is not reasonably possible for Branch to verify the identity of any particular data subject. To comply with the security requirements of certain applicable laws, in such circumstances we therefore may refuse to process the data subject request and will inform You accordingly. Branch does, however, provide mechanisms for objecting to certain types of processing of Your personal data as set forth in the User Choices section above.

You have the right to lodge complaints about our data processing activities by filing a complaint with our Data Protection Officer who can be reached by the “Contact Us” section below or with a supervisory authority.

California Consumer Privacy Act

Top

The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to natural persons who are residents of California. Our CCPA privacy notice is available here.

Contact Us, Questions, Changes to This Discovery Privacy Policy

Top

We may change this Discovery Privacy Policy at any time in our sole discretion. We will post all changes to this Policy on this page and will indicate at the top of the page the modified Policy’s effective date. If You have any questions or suggestions regarding this Policy, please contact our Data Protection Officer at:

Branch Metrics, Inc.
1400 Seaport Blvd
Building B, 2nd Floor
Redwood City, CA 94063
or by email at discoveryprivacy@branch.io