Branch Metrics, Inc. ("Branch", "us" or "we") offers a linking and analytics platform enabling developers of applications (our "Clients")--whether those applications are websites or "apps," and across different types of devices--to improve their end users’ ("Users") cross-application experiences, and to derive additional insights into how their Users download and utilize those applications. Branch recognizes and believes that data privacy is important to all Internet users, and therefore we design and operate our services in a privacy-first manner.
Below, we explain what information we collect on behalf of our Clients through the Services, and how we use it. We process information in a way that is relevant for the purpose for which it was collected as described below.
Branch provides a variety of Services intended to help Clients bridge together the identity of their Users across a wide array of platforms, devices and applications. Branch helps Clients by connecting User interactions across siloed applications (email, SMS, web browsers, social platforms, native applications and others), so that Clients understand the multiple steps that a User took to ultimately complete a transaction with the business. This information is used by the Client to better inform marketing and product decisions as well as to provide improved user experiences by using their knowledge of continuity.
Branch has no direct relationship with Users. Branch’s Services are provided when Branch Clients install on their platforms “Branch Mechanisms” (including links, pixels, direct platform integrations, etc.) that capture the User action on behalf of the Client. By associating the information collected from these Mechanisms, Branch creates and stores identifiers unique to the Branch platform, and then uses a variety of techniques to connect these User actions and identifiers together. Some of these common connection techniques include a direct pass-through of identifiers from platform to platform, probabilistic matching using real time and historical parameters observed from each interaction, as well as using historical connections aggregated across the Branch platform. These techniques help Clients match Users with devices they use, including matching the same User across multiple devices.
The key use cases of Branch’s connection service are:
Branch requires that each Client commit to share with Branch only information that it has lawfully obtained (including, where necessary, by obtaining consent from Users, or from their parents for children under 13, or in certain jurisdictions, under 16), and that it has the right to share with Branch, and we strongly discourage Clients from sharing sensitive User information with us, as such information is not necessary for the provision of the Services.
In the charts below, we summarize the information collected automatically by the Services.
Branch collects the following information from web URLs created by the Client and pixels placed on Client websites. Some of this information is considered personal data under applicable law (in other words, information that itself may identify a unique individual or can be linked back to an individual) (“Personal Data”).
|Type of Information Collected||Purpose|
|IP Address||Standard web HTTP request; used for matching|
|Cookie||Standard web cookies, used for matching|
|Link Data||Metadata controlled by the Client, which may be used to interpret the data for reporting, or for analytics|
|User Agent||Standard web browser user agent metadata; used for matching|
|Referrer||Standard web browser HTTP referrer; may be used for reporting and analytics|
|Request||Standard web HTTP request|
|Phone Number||Used only to facilitate the “Text me the app” feature|
SDKs are Software Development Kits that include code that allows Clients to use the Branch Services. The Branch Mobile App SDKs and Web SDKs collect the following information when Clients use the SDKs in their mobile applications or websites, some of which is considered Personal Data under applicable law:
|Type of Information Collected||Purpose|
|iOS Identifier for Advertising (IDFA)||Used for identification and matching|
|iOS Identifier for Vendors (IDFV)||Identification and matching|
|Android Advertising ID (GAID)||Used for identification and matching|
|Android ID||Used for identification and matching|
|Branch Cookie ID||Used for identification and matching|
|IP Address||Used for matching|
|Application version||Metadata feature used for identification and matching|
|Device model||Metadata feature used for identification and matching|
|Manufacturer||Metadata feature used for identification and matching|
|Operating system||Metadata feature used for identification and matching|
|Operating system version||Metadata feature used for identification and matching|
|Screen size||Metadata feature used for identification and matching|
|Screen resolution||Metadata feature used for identification and matching|
|Session start/stop time||Metadata feature used for reporting and analytics|
|Mobile network status (WiFi, etc)||Metadata feature used for identification and matching|
|Application installed time||Metadata feature used for reporting and analytics|
|Application updated time||Metadata feature used for reporting and analytics|
|Device locale (country and language)||Metadata feature used for identification and matching|
|Local IP address||Metadata feature used for identification and matching|
|Mobile platform||Metadata feature used for identification and matching|
|Branch SDK version||Metadata feature used for identification and matching|
|Developer ID||(optional) Client-supplied unique identifier; metadata feature used for identification and matching|
Data Branch collects through the Services is processed:
Our Clients use the information collected via the Services to improve their Users’ app experiences, customize their apps to Users, and to better understand their app marketing programs and how Users discover their apps. For example, a User may want to share information about a hotel that she found in a travel app with a friend. When that User sends her friend a Branch link to that hotel, after clicking the link the friend is brought directly to the content relating to that hotel within the app, rather than landing on the app’s homepage and having to search for the hotel. The travel app would also gain insights and analytics as to how the content is being shared from its app.
Branch recognizes a number of consumer choice mechanisms.
Mobile Device Identifier: To exercise the mobile device privacy settings controls, please visit the privacy settings of your Android or iOS device and select “opt-out of interest based ads” (Android) or “limit ad tracking” (Apple iOS). Branch will only be able to collect information as permitted by these settings.
Branch’s Browser Cookie Opt-out: Our cookie-based opt-out can be accessed by clicking here. This will place a Branch opt-out cookie on your browser. Where Branch detects the presence of that opt-out cookie, we will no longer set cookies (beyond the opt-out cookie itself). Due to the nature of the Services, some functionality will be degraded or no longer work as a result. Cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted-out on your computer browser, that opt-out will not be effective on your mobile device.
Client App Opt-out Controls: Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.
Branch collects information from Website visitors (“you” or “Website Users”) located at www.branch.io (the “Website”), which includes the dashboard provided to our Clients located at dashboard.branch.io. The types of information we may collect and our privacy practices depend on the nature of the relationship you have with us and the requirements of applicable law. Below are the legal bases and some of the ways we collect information and how we use it. We process information in a way that is relevant for the purpose for which it was collected as described below.
Branch collects personal and non-personal data via the Website. Personal Data is information that itself may identify a unique individual or can be linked back to an individual. For example, when Clients register to use our Services, we ask them to provide us with Personal Data, including first and last name and email address.
Dashboard Information: Information we collect from visitors who register for an account on our dashboard includes the following, some of which is considered Personal Data under applicable law
|Type of Information Collected||Purpose|
|IP Address||Standard web HTTP request; may be used for limited security login controls|
|Cookie (ours)||Standard web cookie used for dashboard session management|
|Cookie (third-party)||Third-party web tracking tools used for internal business intelligence|
|First, Last Name||Used for team user identification|
|Used as the primary login identifier|
|User Agent||Standard web browser user agent metadata; may be used for limited security login controls|
|Referrer||Standard web browser HTTP referrer; may be used for general internal business analytics|
|Request||Standard web HTTP request; may be used for general internal business analytics|
|Github ID||(optional) Can be used as a login method|
We also require Clients to set up a user ID and unique password for account security purposes. Clients must not share their passwords with anyone. Clients also have the option of adding other team members to their account. This account information enables us to set up an account for Clients, to provide the Services, and to otherwise manage Client accounts. We may also use this information to notify Clients about updates to our Services and provide them with promotional emails. We offer a mechanism to opt-out from promotional emails as described in the “Opt-out from Promotional Emails” section below.
Account and Billing Information: To the extent that we charge a fee for the Services, we may also collect billing and payment information from Clients through our third-party payment processors.
Third Party Connection Information: Some features of the dashboard Services allow you to share your information through your accounts with other companies such as Facebook and Google. If you choose to connect Branch to such third-party services, we may collect information related to your use of those third-party services, such as authentication tokens that allow us to connect to your third-party service accounts. We will ask you for permission before you authorize our collection of this information. We may also collect information about how you are using the Services to interact with those connected third-party services.
Communications with Branch: Some Users may provide Personal Data to Branch by sending us an email or filling out an online form on the Website. We use this information to answer their question(s), and may store that information for our record keeping, marketing, and advertising purposes.
Research/Survey Solicitations: From time to time, we may perform research (online and offline) via surveys. We may engage third-party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Website, various types of communications, advertising campaigns and/or promotional activities.
Cookies, Pixels and Web Beacons: We also collect other data via the Website from Website Users, including Website Users employed by or affiliated with Clients, through cookies and/or web beacons. Such information, some of which may be considered Personal Data under applicable law, may include IP address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to the Website, the referring URL, and your computer’s operating system.
Data Branch collects through the Website is processed:
Where you have consented to Branch's processing of your Personal Data in connection with your use of the Website, you may withdraw that consent at any time by following the instructions below. Additionally, before we use Personal Data for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out. Where your consent for the processing of Personal Data is otherwise required by law or contract, we will comply with the law or contract.
Also, you can choose to set your browser to remove cookies and to reject cookies. To exercise the Do Not Track settings, please visit the privacy settings of your browser. Where Branch is able to see that such a selection has been made, we will not use information collected from that device to target advertising on that browser. Dashboard users must use the “Cookie Consent” feature to revoke permission to place cookies.
Note that, even if you opt-out, we may still collect and use non-personal data regarding your activities on our Website. This also does not opt you out of being served advertising altogether; you will continue to receive generic advertisements.
The Website utilizes third-party tracking tools from third-party service providers, which may enable these third parties to analyze our Website traffic for analytics purposes. Some of these third-party service providers may collect information from this Website for retargeting and interest-based advertising purposes. For more information about these forms of ad targeting and to understand your right to opt-out from these practices, please visit http://www.aboutads.info/choices/. All of these tools are hosted by the third parties who provide them, and your interactions with these features are governed by the privacy policies of the third parties providing them. These tools include, but are not limited to, those below.
Google. We may use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on our Website, and to develop website content. This analytics data is not tied to any Personal Data. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt-out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
Mixpanel. We use a service provided by Mixpanel, Inc. (“Mixpanel”) to provide us with analytics data regarding Website Users’ interactions with our Website and Services. You may opt-out of Mixpanel’s automatic retention of data that is collected while using the Services by visiting https://mixpanel.com/optout/. To track opt-outs, Mixpanel uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may delete the Mixpanel opt-out cookie.
Intercom. We use Intercom (www.intercom.com) to facilitate communications with, maintain information about, and collect publicly available information about, our Website Users. For more information on Intercom’s services, please visit www.intercom.com.
We provide Clients with a mechanism to access, review and update information via the dashboard. If you wish to review or update your information, please visit branch.io and login using the username and password you created. Next, please select “Account Settings” which can be found in the lower left corner of the dashboard screen, then select the “User” tab near the top. If you would like to delete your account, please email firstname.lastname@example.org
Under California law, California residents who have an established business relationship with us may choose to opt-out of the disclosure of Personal Data about them to third parties for such third parties’ direct marketing purposes. Our policy is not to disclose Personal Data collected through our Website to a third party for direct marketing purposes without your approval. If you choose to opt-out at any time after granting approval, email email@example.com.
California residents who have provided us with Personal Data can also request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Data (if any) for such third parties’ direct marketing purposes in the prior calendar year, as well as the type of Personal Data disclosed to those parties.
Securing the information provided by our Clients and collected through our Website is important to us. Branch has implemented industry-standard technical, administrative, and physical safeguards to help protect the information on our servers against unauthorized access, alteration, disclosure or destruction. You are responsible for maintaining the secrecy of your own passwords. If you have reason to believe that your passwords or Personal Data are no longer secure, please promptly notify us at firstname.lastname@example.org.
For our Services: Branch stores the information collected by our Services (see the “What Information Does Branch Collect from our Services?” section above) so long as our systems continue to encounter that User. After that User has been inactive for 30 days (or 90 days for specific attribution products), identifiers collected from that User will be deleted.
Usage activity logs, which are used for the purpose of reporting and analytics, are stored in an identifiable form for no more than 7 days, after which these logs are removed or pseudonymized. Any and all pseudonymized logs are deleted after 6 months.
Aggregated reporting metrics shared with Clients are retained (in aggregate and anonymized form) for a default of 6 months, unless otherwise required by applicable law or otherwise agreed between Branch and the Client.
Phone numbers provided through the "Text me the app" feature are deleted within 7 days.
For the Website: We store Personal Data such as email address or billing details for so long as you continue to have a business relationship with Branch and for a reasonable time thereafter for record-keeping purposes. If applicable to you, you may ask us to delete that information by following the instructions above or pursuant to your right of erasure as described in the “Rights of Access, Rectification, Erasure and Restriction” section below.
The Website and/or Services may contain links to other websites and other websites may reference or link to our Website and/or Services. These other domains and websites are not controlled by Branch, and we do not endorse or make any representations about third-party websites or social media platforms. We encourage you to read the privacy policies of each and every website and application that you interact with. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
Branch is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks we are obliged to inform EU and Swiss individuals whose data is being transferred into the United States that we may be required to release personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.
Branch remains liable for the onward transfer of EU and Swiss personal data to agent third parties pursuant to the Privacy Shield unless we can prove we were not a party to the actions giving rise to the damages.
We acknowledge the right of EU and Swiss individuals to access their data pursuant to the Privacy Shield. EU and Swiss individuals wishing to exercise this right may do so by contacting email@example.com.
In compliance with the Privacy Shield Principles, Branch commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Branch at:
Branch Metrics, Inc.
1400 Seaport Blvd
Building B, 2nd Floor
Redwood City, CA 94063
or by email at firstname.lastname@example.org
Branch has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Services: Because Branch is a service provider that processes data on behalf of its Clients, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to Branch by a Client. Clients can notify Branch of these requests here.
Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.
Website: Website Users who are residents of the European Economic Area may seek confirmation regarding whether Branch is processing Personal Data about you, request access to such data, and ask that we correct, amend, or delete it where it is inaccurate or has been processed in violation of the Privacy Shield Principles. You can submit such requests starting on May 25, 2018 at https://gdpr.branch.io/hc/en-us/requests/new, which will be processed in line with applicable law. Although we make good faith efforts to provide you with access to your Personal Data, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where it is commercially proprietary. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.
European individuals have the right to file a GDPR complaint directly with the appropriate EU Data Authority. For information on who those parties are and how they can be reached please go to http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Services: The Branch Services are not directed to children. We require that Clients agree to either not send to us data relating to any children under 13 (or, in certain jurisdictions, under 16), unless they obtain all parental consents necessary under applicable law for collection of data from any such children prior to sending any data relating to such children to Branch. If you are a Client and want to learn more about Branch SDK features that you can use in your compliance with the U.S. Children’s Online Privacy Protection Act (COPPA), GDPR, or any other applicable law, please contact email@example.com. If you believe that we might have any information from or about a child under 13 (and in certain jurisdictions under 16) without the requisite parental consent, please contact us at firstname.lastname@example.org, so that Branch can promptly investigate and delete any inappropriately obtained information.
Website: The Branch Website is not directed to children. We do not knowingly collect through the Website Personal Data from anyone under the age of 13 (and in certain jurisdictions under the age of 16). If you are under 13 (and in certain jurisdictions under 16), please do not attempt to register or send any information about yourself to us, including your name, address, telephone number, or email address. No one under 13 (and in certain jurisdictions under 16) may provide any Personal Data to us. In the event that we learn that we have collected any such data from a child under 13 (and in certain jurisdictions under 16) through our Website, we will take reasonable steps to delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 (and in certain jurisdictions under 16), please contact us at email@example.com, so that Branch can promptly investigate and delete any inappropriately obtained information.
We may change this Policy at any time in our sole discretion. We will post all changes to this Policy on this page and will indicate at the top of the page the modified Policy’s effective date. If you have any questions or suggestions regarding this Policy, please contact us at:
Branch Metrics, Inc.
1400 Seaport Blvd
Building B, 2nd Floor
Redwood City, CA 94063
or by email at firstname.lastname@example.org