Committed to Privacy & Security
We are fully committed to providing features that help you be compliant with GDPR by taking a privacy by design approach. As well as partnering with the best in class security providers to keep all your data safe.
Enabled compliance
Lawful basis and transparency
As part of our compliance to GDPR, we enter into Data Processing Agreements (DPAs) with all our customers. The DPA, a binding agreement signed between the controller and the processor when the latter processes data from the controller, details the standard contractual terms required under the GDPR.
Accountability and Governance
Air360 has appointed a Data Protection Officer to monitor GDPR compliance, assess data protection risks, advise on data protection impact assessments, and cooperate with regulators.
Air360 Privacy Rights
Privacy by default
Air360 automatically disallows the capture of any sensitive or personal data that a user enters in an input field of your web store.
Right to erasure
GDPR requires you to be able to delete a given user and all its related data. Air360 offers a function that will allow you to delete a specific user and related sessions with just a single click.
Restrict specific data acquisition
Air360 enables you to go further by also hiding explicitly parts of your pages from being recorded during session replays.
Right of access & data portability
You can retrieve specific user details simply by going through our application or using our API.
Secure data handling & protection
Limit Access to your dataAir360 follows strict data security regulations to ensure that we secure and limit access to your data.
Air360 Security Measures
Monitoring of our Tracking pixel
Constantly conducted to detect any malicious modification and ensure its delivery, integrity and safety.
State-of-the-art encryption
Used in all Air360 products for data in transit and at rest.
Multi-Factor Authentication (MFA)
Required for all our users to access to Air360 application adding an extra layer of security and keeping your accounts safe.
Third-party security audits
Conducted regularly and before major releases, including penetration tests and vulnerability scans.
Security best practices
Reviewed by third party companies regularly when important updates are performed on our systems.
Customer data processed & stored in the EU
Air360 core systems are hosted on OVHcloud and Amazon Web Services (AWS) servers located in France and Ireland and leverage all the security and compliance provided by OVHcloud/AWS: ISO (9001, 27001, 27017, and 27018), SOC 1, 2, and 3, PCI DSS.
FAQs
Once Air360 pixel is installed on your website when a new visitor lands on it, Air360 will generate a random unique identifier and it will be stored in a cookie. All the data collected by default is considered anonymous data as there is no information that can relate to an identified user (e.g. tracks all pages users visited, all mouse movements, clicks, scrolls.
Air360 tracks a user when they land on your site and that’s when a cookie is retrieved or created. By default, Air360 will track every single interaction your users have on your site. Then the data is processed and available in Air360 application.
We automatically track every single interaction your users may have on your site.
- Clicks
- Scrolling
- Mouse over
- Pageview
There is only one exception. We will never record what the user types in any text area of your website or app. This is for a very simple reason: We can never know how this information is.
We also collect information from users’ browsers as:
- Browser language
- Platform
- Device
- Operating system
- IP address (*)
(*) IP address is only used to retrieve user’s geolocation, but it is not stored in our database.
Air360 tracks users using first-party analytics cookies, with an expiration of no more than six months.
Air360 does not collect any personal or sensitive data by default. The data that we collect by default can become personal data when you connect with our APIs to push user identifiers or user property data.
One of the questions we often get at Air360 is about how the Air360 pixel could possibly slow down your website. The short answer is no.
Long answer: The Air360 tracking pixel is loaded asynchronously and at the end of the closing </body> tag. That means that our script is technically unable to block your website from loading correctly. In addition to that, the Air360 tracking pixel is hosted on a CDN (Cache Delivery Network), which makes the loading latency extremely low. Thanks to our CDN, the JS usually loads under 30 ms. Air360 Javascript also has a very low memory footprint using less than 20KB (gzipped) of bandwidth. This is much smaller than most scripts. It is also much, much smaller than even a tiny low-resolution image. All these measures ensure that Air360 tracking pixel will never slow down user experience when your users navigate your website. In addition to all the measures mentioned above, we continue to monitor & optimize the performance of the Air360 pixel.
No
Air360 production data is hosted in OVHcloud, France. Air360 backup data is hosted in Amazon Web Services (AWS) facilities in Dublin, Ireland.