Data & Security
There are several features available through the Settings page that enable you to control data handling.
IP Truncation Options
Gamesight uses one-way hashes (SHA-256) on all information related to the IP addresses of your users before storage to ensure the privacy and security of your data, as outlined in the Data Handling Details document. If you wish to further anonymize this information, we provide the option to truncate IP addresses for certain regions by dropping last octet of the IP (commonly referred to as IP obfuscation or anonymization).
Using the below control you can choose to truncate IP addresses originating from countries with heightened personal data privacy laws (such as Germany or the EU under GDPR). Changing this setting will likely affect the attribution accuracy for your game in the selected region. Please consult with legal council to determine the best data handling policy for your company.
Data Retention Options
You may use these settings to control how long we retain raw logs for the event, click, and impression data that you send to Gamesight. Changing your data retention doesn't affect our standard reports but could prevent us from providing detailed custom reports on historical data or trends.
Reset on new activity
Enable this setting to reset the retention period for a user's data each time we receive new data for the user. Disabling this option will cause old user data to be removed even if the user is still active.
User Opt-Outs
Tailor customer experiences while ensuring GDPR and privacy compliance with Gamesight's granular Consent Management tooling. The Gamesight platform offers several methods for managing user consent to enable your company to have complete control over the data privacy of your end users.
Event Measurement
Consent management for event measurement enables you to precisely control how each event is processed in your Gamesight environment.
While we always recommend that you provide an option in your game client to allow users to enable or disable telemetry completely, this type of coarse grained consent setting doesn't necessarily cover all consent management use cases.
For example, you may want to allow partial data processing in Gamesight for a specific user or event but maybe prevent that data from being used in a postback to an ad platform. Or maybe you have multiple event sources and you simply need a single source of truth for user consent on telemetry. For these use cases you can utilize the built-in consent management tooling.
Consent Scopes
Fine grained consent settings can be managed through consent scopes. This enables you to provide detailed controls to how data is processed for each user. The supported consent scopes are:
- Processing - When disabled it indicates that the user has fully opted-out from data processing. This will prevent any events for this user from being tracked.
- Attribution - When disabled it indicates that the user has not provided consent for their data being used for attribution purposes. This will prevent their event data from being matched to any Touchpoints in the attribution process, but their event data will still be recorded. All goals this user triggers will show as "Unattributed" in reporting.
- Postbacks - When disabled it indicates that the user has not provided consent for their data to be posted back to your partner Ad Networks. This will prevent any postbacks from being sent for this user's events.
Indicating Consent
There are three way to set consent for an Event that can all be used together:
- Console UI - You can add users directly to the Do Not Track list through the console UI. Navigate to Settings > Data & Security > Do Not Track list to add the user's in-game ID to the list. This will block events from being logged for any event that is tagged with that user id.
- Do Not Track API - The Do Not Track API provides granular control of the consent scopes for a set of users. Once consent settings are configured through this API, the corresponding consent settings will be used for all events for that user by default.
- Event Payload - The /events API payload also allows you to explicitly pass the consent scopes for that individual event. This can be used to control the processing of a single event in cases where you may have an external consent management system or specific settings for a single event.
Validating Consent Settings
If you would like to lookup the consent settings for a specific user this can be done through the Do Not Track Listing endpoint. This can be useful for confirming the consent settings for a user.
Web Tracking
Users can opt-out directly from Touchpoint measurement by loading the following webpage in their browser.
https://gsght.com/optout
Ensure that the tracking domain for your installation of Gamesight matches the one above (it may be different than gsght.com). This will place an opt-out cookie on the user's device with a 10 year expiration.
Right to Access & Erasure Requests
Gamesight enables your company to comply with both Right to Access and Right to Erasure requests under GDPR. These requests can be processed programmatically via our GDPR APIs, or through your Gamesight account's dashboard. Both options function equally, so be sure to use the method that works best for you and your team.
GDPR APIs
GDPR Requests can be processed using our GDPR APIs which allows you to programmatically submit requests for data access or removal.
To get started you will need to generate a new API Key with the GDPR scope using the API Key Management system. Note that data removal requests may take several hours to take full effect across all systems.
Management Console
In addition to our GDPR APIs, you can quickly and easily request data for users or remove user data directly through your Gamesight account's dashboard on the Settings page.
Once you are on the Settings page, click "Data & Security" below the Game column to view the Data & Security options as shown below.
You can use the Data Access option to request data for a specific User ID. This can not only help you fulfill data access requests that you may receive, but you can also utilize the data request to validate your integration status. An example of a Data Access request is shown below.
You can also use the Data Removal feature to request data removal for either an individual user, or a group of users, by providing User IDs as shown below.
The Data Removal request will remove all data related to a user, which includes all events that have been logged for them. This feature can also be used for removing test data from your game while testing your integration and running attribution tests.
Updated 4 months ago