Data Processing
Outlined in this document is a concise overview of how modern data protection law (namely, GDPR) relates specifically to us as your data processor (or subprocessor).
The exact details can be found in the Terms of Service.
What personal data do we process and why
Our aim is to collect as little information (personal or otherwise) through you as possible, while providing a service that is secure, reliable, fast and accurate as reasonably possible.
This means we will only collect information about you if it is required to:
- Provide you access to our services
- Secure our services from malicious activity
- Measure and improve the performance of our services (i.e. speed, reliability and accuracy)
As such, we currently only intercept the following datapoints:
- Address Queries
- Browsing Data (for client side integrations only)
1. Address Queries
We store addressing query strings both in our server logs and for your retrieval via the /keys/:key/lookups
API.
This data is required in the short term reasons to perform our role in validating and cleansing addresses. We also further analyse and process this data in the long term to improve the accuracy and capabilities of our services.
This data is available in your search archive for 28 days. It is a useful resource for clients integrating against the API or diagnosing buggy integrations.
You can disable the storage of address queries altogher by setting the retention settings on your API Key to 0 days.
2. Browsing Data
Browser Data is information included in HTTP requests sent to our APIs. This includes IP address as well as HTTP headers (language, user-agent, origin and refer(r)er being the most salient). Typically this data is stored in the form of server logs.
We only intercept this in the form of personal data if you have developed a client side integration. If you have a server or proxied integration, it is likely we capture no client Browsing Data.
Browsing data is collected short term for rate limiting and whitelisting purposes.
We also store this information for up to 28 days. We use it to analyse any suspicious activity and troubleshoot any issues. There are also a significant ad-hoc instances where being able to query over recent server logs has been immensely useful for clients with specific support requests.
Who are our subprocessors?
Some or all of the personal data we process will pass through a subprocessor based in the United Kingdom or European Union. Click here for more information.