The California Consumer Privacy Act (CCPA) is the latest privacy law to affect the online advertising industry. We’ve had a lot of questions from our partners on the changes made to comply with this law. The goal of this article is to summarize the actions and give additional insight into the data we collect and how we process it.
To begin, we worked with our legal counsel to review our agreements and have updated our Privacy Policy and Affiliate Terms of Use, which take into account the requirements of the CCPA. If you have not already done so, please take the time to review these updates.
To provide full transparency to our clients and consumers, here is the list of tracking and attribution data that we collect for both the AvantLink platform and our affiliate campaign tracking:
AvantLink platform user tracking components:
- User device ID: Internal id for the user’s current device, used for two-factor authorization when logging in to the interface, expires after 1 year
- Session ID: Contains application information, including but not limited to storing the referring URL for a new user application, expires after 2 hours
- Authorization token to interact with the API via the interface, expires after 1 year
Affiliate campaign tracking components:
- Unique tracking id to reward affiliate for resulting sale, expires after 1-365 days depending on merchant’s settings
- Unique tracking id to track a session across a merchant’s site, used to attribute sales to affiliates, expires after 2 years
- Unique tracking id to track a session across multiple related sites for a specific merchant expires after 2 years
The IP address and device user-agent information are collected to support the following functionality:
- Ad Impression
- Paid Placement Impression
- Affiliate Link Click
- AvantMetrics Tracking Session
- Sale on the merchant’s site resulting from an affiliate link
- Arches/Classic Interface Session
The IP address and device user agent information are not shared with any of our clients. It is strictly used for the internal core functionality of our platform.
Also, all data collected in connection with a campaign is stored in an encrypted format in our databases.
Note: We do not sell any client or consumer data to any third parties as defined under the CCPA.
Since we are an affiliate marketing platform acting as a service provider under the CCPA and we do not sell consumer data as defined under the CCPA, affiliates do not need to pass us “do not sell” and “opt out” requests to comply with the CCPA law.
We do allow clients and consumers to contact us via our privacy@avantlink.com email address to exercise their rights.
Please note that we recommend both our affiliate and merchant partners consult with their own legal counsel for advice on how they should properly comply with the CCPA law.