Dynamic Yield is fully compliant with data privacy regulations GDPR and CCPA as a data processor.
Dynamic Yield also provides you with tools to enable you comply with data privacy regulations in your role as data controllers. We provide ways to prevent user data collection, retrieve user data, and delete user data.
How We Track and Store General User Information
Dynamic Yield script generates and manages a unique and random ID for each user that visits our customer’s website. This script relies on Local Storage and cookies for storing this value on the user's browser. The cookie is referred to as DYID and is saved with the key _dyid.
Dynamic Yield does not track users across multiple sites. The ID is unique per customer and per website. If a user visits two different websites that have Dynamic Yield scripts, two DYIDs will be generated for that user. We will not associate the two DYIDs with each other.
The DYID tracks information such as gender, lead color, purchase category, referring domain, URL visit, # of page views, purchase info, device info, geolocation, and more.
Dynamic Yield does not store any personally identifiable information (PII) about the users as part of DYID.
How We Track and Store User Emails
User emails are used to enable triggered emails and exporting audiences. This is accomplished by uploading a data feed with user emails or using the message opt-in/out events. When we receive an email that identifies a particular user, we hash the email before storing it to protect user privacy. This means that Dynamic Yield will not be able to use the email or identify the users externally without additional steps.
The feeds are provided to us by the customer and consist of one column of identifiers. Dynamic Yield then hashes these identifies and checks for matches among identified users. When a match is found, these users are called matched users and are eligible to be included in triggered emails and audience exports. The unhashed emails are stored separately from Dynamic Yield other data in an isolated location.
How to Delete User Data
If a user makes a request to delete their data, notify Dynamic Yield by opening a ticket from the support site with the following text in the Message field:
“Personal Information Removal Request: <DYID or email of user>”
Note:
- The <email of the user> must be a registered email.
- If you do not have the user’s DYID, provide the end-user this link to retrieve it and send it to you.
What Happens When a Request to Delete Data is Received
The user is automatically opted-out of any further data collection. We delete any Personal Identifiable Information (PII) that is stored across our databases within 7 business days. The customer is responsible to delete any CRM data stored in their databases as well. You will be notified via email when the user’s data is deleted.
General information is still stored in a DYID in the user’s local storage and cookies. This information is anonymized and cannot be used to identify the user. Dynamic Yield cookies are set to expire after one year using the local browser expiration policy, but the Local Storage has no set expiration policy.
Users who want to remove this data should clear the cookie and Local Storage data in their browser. We recommend that you notify your users to do so as part of the deletion process.
How you Can Prevent User Data Collection
GDPR and other regulations require you to allow users to prevent your website from tracking them. Dynamic Yield allows you to comply with these regulations using either the assumed consent method (requires users to opt-in) or the active cookie consent method (requires users to opt-out).
If users are not tracked, they will only be eligible to receive experiences that are not personalized. Even when users actively agree to data tracking, Dynamic Yield does not collect or store IP addresses.