Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The processing of PII (Personally identifiable information) by Experify only takes place once a person signs up for the Experify service - and at that point, also agrees to Experify's TOS and Data Processing Policy. We do not track anonymous users, i.e., we do not use cookies (or other identification mechanisms) to track users recognisably. We use Google Analytics in a very restrictive mode (de facto only as an "event counter," without sending session IDs, etc.) and IP Anonymisation mode. We are migrating entirely away from Google Analytics in the following months.

Cookie use

We set (functional, non-tracking) cookies in the following instances:

  1. When you choose to enable the attention seeker to improve interactions with Experify. We do this to prevent users who have seen the attention seeker from already seeing it again (just a boolean flag in the cookie)

  2. When you choose to enable the measurement of the Experify Trust Index (ETI) Score, this measurement is privacy-preserving. It simply asserts whether, before a conversion event on your website took place, the same browser has interacted with the Experify plugin on your website beforeThis measurement is privacy-preserving, as it does not involve the user's identification. We count the number of such conversion events in an aggregated way.


Conversion Tracking via Hashed Emails


We do not exchange PII from Experify users with clients. However, we provide a privacy-preserving exchange of hashed email addresses to be able to assert how many purchase events on the client's website followed an Experify interaction. In the following, we describe the procedure. Based on our assessment, it is not necessary to detail this exchange as part of your Data Protection Policy, but this is in your control to decide.

Often clients want to be able to attribute sales to Experify interactions. One straightforward way to do this is to compare Experify user accounts that had a conversation with a Local with a brand's database of new customers. The problem arising in this scenario is that it involves an exchange of personal information between parties. We want to avoid either party getting access to the other party's customer data.

We implemented a "privacy-preserving" exchange of customer data via so-called email hashes to work around this issue. How it works is the following: at the end of each month, Experify provides an export of all emails encoded with the SHA-256 algorithm (so-called hashes). Hashes are one-way codes, i.e., they cannot be decoded. This means that the email hashes are safe – there is no way to infer the email address from these hashes. However, they are deterministic functions, which means that the SHA-256 hash of a given email will always result in the same hash. This quality can be used to make the required purchase-interaction comparison. For this, the receiver (Teufel) hashes all emails of customers who bought an item with the same SHA-256 algorithm and then compares the two lists of hashes. This way, a count of how many people had interactions and purchased can be achieved.

  • No labels