Data collected by Pushwoosh
To send push notifications, in-apps, emails, etc. correctly and enable the whole set of its features, Pushwoosh requires device and user data. Segmentation based on user data is also necessary to enhance various metrics and achieve business goals. That is why Pushwoosh securely accesses this data with client control.
In addition, certain types of data (such as precise geolocation data) are only accessible with an individual user’s explicit permission. This ensures transparency and prevents unauthorized third-party data collection.
What data does Pushwoosh collect?
There are three types of data Pushwoosh collects.
Device data collected by Pushwoosh SDK
Device data is generated by a user’s device and is anonymized, preventing identification of individual users. This data is then transmitted to Pushwoosh servers for further processing, in accordance with the needs of Pushwoosh customers. Pushwoosh needs this data to correctly send push notifications and enable certain features.
While device data is collected by default, app developers can manually prohibit the collection of specific data types during SDK integration. Learn more
See the full list of device data collected below.
| Data type | Description | Comment |
|---|---|---|
| Geolocation information | City and country based on the latest IP address a device was online from. | Pushwoosh uses GeoIP to determine a user’s city and country and then stores this data in the database. This does not reveal the user’s precise location and does not require the user’s permission. |
| Precise location data | Collected if location tracking is implemented and allowed by the user (Geofencing). | |
| iOS IDFV | Identifier for the vendor, used as device HWID for routing pushes between iOS apps of the same vendor. | Pushwoosh collects IDFV to distinguish devices in its database. This allows recognizing applications installed on one device and creating app groups with Pushwoosh’s (legacy) Application Groups feature. It allows you to send one push notification to several applications with one click, and those users who have two or more apps installed will receive only one message. |
| Device model | The specific model of the device. | |
| Device language | The system language of the device. | |
| OS version | The operating system version. | |
| Application version | The version of the app installed on the device. | |
| Device time zone | The time zone set on the device. | |
| iOS Bundle Identifier and Android Package Name | Used to check for correct push notification setup. | |
| Browser | Collected for device platform recognition and as default tag values for further targeting. | |
| Other data | Any additional data points collected by the SDK on behalf of the customer. |
Note: GeoIP is used for geotargeting but is not collected on Pushwoosh’s side.
User data gathered and shared by the customer
User data can include things like user demographics, preferences, etc.
Pushwoosh clients have full control over what user data is shared with Pushwoosh. Pushwoosh accesses user data only if the app developer collects it and chooses to share it, for example, using the setTags method.
User data enables greater personalization in marketing communications. For example, you can segment users by age group or preferences to tailor your messaging more effectively.
Data on triggered Events
This data includes various actions users perform in the app. Developers use the postEvent method in the Pushwoosh SDK to report these events and their attributes.
Pushwoosh uses this data to create dynamic content for push notifications, enhancing personalization and relevance, which boosts user engagement and conversions. For example, you can mention the level a game player has achieved, the exact product a customer has added to the cart, or an in-app achievement a user has unlocked.
What data does Pushwoosh not collect?
Sensitive data
Pushwoosh does not collect sensitive or personally identifiable information (PII) such as email addresses, phone numbers, names, credit card details, or financial information unless provided directly by the Pushwoosh client, at the client’s responsibility.
Pushwoosh does not share, distribute, market, or advertise to third parties or communicate with end-users directly.
Other data
Pushwoosh does not collect cookies, International Mobile Equipment Identity number (IMEI), or Media Access Control (MAC) addresses since they are not required for Pushwoosh functionalities.
How long does Pushwoosh store data?
| Metric | Storage Period | Comment |
|---|---|---|
| Device data | As long as the device has a valid push token | |
| Inactive device data | 90 days (if no app opening event occurs within this period) | Devices that have been inactive (app not opened) for more than 90 days will be automatically removed from the system, regardless of token validity. This ensures up-to-date device data for a smoother experience. |
| User data | As long as the device has a valid push token | |
| Events history | 1 year | You can extend the events storage period upon agreement. For this, please contact our support team. |
Note: You can prohibit the storage of your data after your contract with Pushwoosh ends. We can delete the data immediately on the contract expiration date or agree on a specific period after which the data will be deleted.
Where is the data stored?
Pushwoosh services are hosted in Nuremberg, Germany. Data is stored in our data center located there, with secondary backup locations in Frankfurt, Germany.
Does Pushwoosh handle data in compliance with GDPR and other regulations?
When using Pushwoosh, you can be assured that your data is handled in compliance with GDPR and other relevant regulations. Pushwoosh is committed to maintaining high standards of security and data privacy through various compliance measures.
| Compliance standard | Compliant | Details |
|---|---|---|
| ISO 27001 Certified Data Centers | Yes | Pushwoosh’s data centers meet the ISO 27001 security standard for infrastructure, operation, and customer support. |
| GDPR Compliant | Yes | Pushwoosh adheres to the European General Data Protection Regulation (GDPR) to ensure user data privacy. |
| OWASP Standards | Yes | Pushwoosh follows best practices outlined by the Open Web Application Security Project (OWASP) to design secure software. |
Is Pushwoosh compliant and does it process customer data securely?
Yes, Pushwoosh is compliant with various data protection regulations and ensures secure data processing. We only access the data required to create relevant messaging campaigns, and you have full control over what data is shared with us. For any concerns about data safety and security, you can always contact our Support team.