Privacy Policy

Privacy Policy for Growth FullStack

LAST UPDATED: April 16th, 2024

 

We, Tenjin, Inc. (“Tenjin”), operate https://growthfullstack.com and collect certain data from you. In the following privacy policy, you will be informed what we do with your data, so-called personal data, and why we do this. We will also inform you how we protect your data, when this data is deleted and what rights you have within data protection.

The first section of this document describes our practices in connection with information that we collect from our customers and potential customers through the websites operated by us from which you are accessing this Privacy Policy (the “Websites”), and from users of the Websites (whether or not such users are our customers). The Websites include growthfullstack.com. The second section describes the information we collect in the course of providing services to our customers (the “Services”). If you are a Tenjin employee or contractor and want to learn how Tenjin uses your Personal Data, you can find that information in the “Tenjin Employee Data Protection Notice” posted in Confluence.

Tenjin provides tools and services to mobile app developers so that they can track and analyze certain End User actions in the context of mobile marketing. Tenjin does not collect any data directly (except from the companies and people that sign up for Tenjin or request marketing info, which is described in the Website Privacy Policy below). With regard to Tenjin’s Services, under the EU’s General Data Protection Regulation (the “GDPR”) and the UK’s Data Protection Act (the “UK DPA”), Tenjin acts as a data processor by processing data on its customers’ behalf. As a data processor, Tenjin processes, and may store, information sent by Tenjin customers from their mobile apps. Tenjin’s customers may send information about the End Users of their apps, and the users’ devices, to Tenjin for processing and storage. The mobile app developers must receive your consent in order for Tenjin to process, and perhaps store, your data. Tenjin recognizes your right of access under Section 15 of GDPR and Section 45 of UK DPA.

 

Who can I contact?

Responsible for this website is:

Tenjin, Inc.

2108 N ST, #6753, 

Sacramento, CA 95816

E-Mail: privacy@tenjin.com

Via the contact data you can reach our Data Protection Officer or another data protection relevant contact. Don’t hesitate to contact us if you have specific questions about your personal data, deletion of your personal data or similar things.

 

What are my rights?

You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:

  • Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to cancel a previously given consent to a newsletter)
  • Right to access your data in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
  • Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your email address has changed and we should replace your old email address)
  • Right to have your data deleted in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
  • Right to limit data collection in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your email address, but only to send absolutely necessary emails)
  • Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data in a zipped format, if you want to upload it to another website)
  • Right to object how your data is handled in accordance with Art. 21 GDPR (e.g. you can contact us if you do not agree with advertising or user analytics procedures as described within this privacy policy)
  • Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 f GDPR (e.g. you can contact the data protection supervisory authority directly: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

 

Deletion of data and storage periods

Unless otherwise stated, we will delete or anonymize your data as soon as it is no longer needed, e.g. your email address after you have unsubscribed from a newsletter. Your data will also be deleted or blocked automatically if the mandatory storage period expires. Such data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you. Data protection inquiries and other legal matters may also be stored for a longer period of time within the scope of the legally relevant retention and statute of limitations periods.

 

Visiting our website

If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser sends to us, e.g.:

  • IP address (e.g. 82.93.116.example or 2a02:7122:99222:1112:bdb2:723f:example)
  • Approximate location based on IP range (e.g. “Berlin city”)
  • Internet provider (e.g. “Telecom” or „AT&T”)
  • Internet connection speed (e.g. 120 Mbit)
  • Date and time of visit (e.g. 11:55 on 25.05.2023)
  • Last visited website (e.g. google.com)
  • Browser and version (e.g. Chrome or Safari)
  • Operating system (e.g. Mac OS)
  • Hardware (e.g. Intel processor)

As a protective measure in favor of your privacy, we delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimize our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, to prevent display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR.

 

Contact

You can contact us at privacy@tenjin.com.

As a protective measure, contact is established – just like the visit to the rest of the website – via an encrypted connection. You may also choose other means of getting into contact with us. After the successful contact and completed contact request, your data will be deleted. The sole purpose of the requested data is to contact you or communicate with you, which is why the data is only used for this purpose. The legal basis is the so-called legitimate interest, which has been examined in order to pursue the purpose and within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR.

 

Sign up/ Log-in

You also have the option of signing up on our website and then logging in at any time with a user account. To register with us, the following data is required:

  • First- / Last name
  • E-Mail-Address
  • Password

As a protective measure, data is transmitted via a secure connection like the rest of the website. After successful confirmation your data will be stored until you decide to delete individual data or the entire user account. The purpose of the data requested is the creation of a user account that provides extended functionality to the website. Sign up is voluntary and can be withdrawn or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR. In cases where the sign up is required for the mutual conclusion of the contract, the legal basis is the fulfillment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b GDPR.

 

Social Sign-In & Social Login

In addition to the manual registration, we offer you the possibility to register with us directly with your existing user account of a social network of selected providers. We use the platform “”Google Sign In”. If you want to use one of these functions, you will be redirected to the page of the respective provider and navigated through the registration.

Tenjin use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

As a protective measure, data that you enter is transmitted via a secure connection through the corresponding platform. We do not use the login to access personal information such as friend lists or contacts or to store such information for our own purposes. There is no permanent link between your account and your account on Facebook and Google. We do not know what information social networks collect during registration or how information is linked. Further details can be found in the privacy statement of Google (https://policies.google.com/privacy). The purpose of the data requested is the registration via an existing user account to use extended functionality on the website. Registration via the social networks is voluntary and can be withdrawn or the user account can be logged out at any time. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.

 

Newsletter

If you are interested in receiving updates about our company or our products, you can subscribe to our newsletter. You will then receive an email in which you must click on a link to confirm receipt of the newsletter. We will then save your e-mail address until you unsubscribe from the newsletter. For this purpose you will find a corresponding link to unsubscribe in every email of our newsletter. The delivery of the newsletter is carried out by specialized service providers: 

As a protective measure, we ask for a so-called “Double-Opt-In” to ensure that the registered email address actually belongs to you. Furthermore, we have entered into a data processing agreement with the assigned service provider. You are also able to unsubscribe from the newsletter at any time and thus delete your email address from the service provider’s database. The purpose of the data requested is to send the newsletter to your personal email address in order to fulfill your request for updates about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.

 

Job applications

Insofar as you apply to us online or otherwise respond to one of our job ads, we collect and process the personal applicant data for the purpose of handling the application process. The processing is primarily carried out electronically. This is particularly the case if corresponding application documents are submitted electronically to us, for example by e-mail or via a web form located on the website. If we conclude an employment contract, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract, the application documents will be deleted six months after notification of the rejection decision – this retention period is justified by a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). If consent was given, applications may also be retained for longer than six months.

As part of the job application process we also use a recruiting and applicant management software, which is provided by our service provider Workable Technology Limited. This software helps us to place job advertisements and manage applications centrally. For this purpose, we have concluded a data processing agreement to ensure that the personal data of our applicants is only processed in accordance with our instructions. Further information can be found in the service provider’s privacy policy: https://www.workable.com/candidate-privacy

The legal basis is the establishment and performance of the employment relationship on the basis of an employment contract in accordance with Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR with § 26 BDSG (Federal Data Protection Act of Germany, where applicable).

 

Cookies

Our website partially uses so-called cookies. Cookies are small text files that are usually stored in a folder of your browser. Cookies contain information about the current or last visit to the website:

  • Name of the website
  • Expiration date of the cookie
  • Any value

If cookies do not contain an exact expiration date, they are stored only temporarily and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date will still be stored even when you close your browser or restart your device. Such cookies will not be deleted until the specified date or if you delete them manually.

 

We use the following three types of cookies on our website:

  • required cookies (cookies that are required, e.g. to display the website correctly for you and to store certain settings temporarily)
  • functional and performance-related cookies (cookies that help us improve our website, e.g. to evaluate technical data of your visit and avoid error messages)
  • advertising and analytics cookies (cookies that provide analytics and personalized ads, e.g. advertising for shoes is displayed if you have previously searched for shoes)

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. Helpful information and instructions for the most common browsers can be found here: https://www.allaboutcookies.org/manage-cookies/stop-cookies-installed.html

 

Data Recipients

In accordance with the descriptions and purposes stated above, we share your information with the following recipients that are essential to providing our services and communicating with you:

  • Google Analytics, operated by Google Ireland Ltd. headquartered in Gordon House Barrow Street Dublin 4 Ireland. Google Analytics is used to analyze user behavior and to serve personalized advertising. The data will be processed within the European Union. For more information, please refer to the privacy policy for Google Analytics at: https://policies.google.com/privacy
  • Hubspot, operated by HubSpot Inc, headquartered in 2 Canal Park Cambridge, United States. HubSpot is used for CRM purposes in the company. For more information, please refer to the privacy policy for HubSpot at https://legal.hubspot.com/privacy-policy
  • Mailchimp, operated by Intuit, headquartered in the USA. Mailchimp is used for sending out newsletters. For more information please refer to the privacy policy for Mailchimp at https://mailchimp.com/de/legal/
  • Workable, operated by Workable Inc., headquartered in the USA. Workable used for recruitment process. For more information please refer to the privacy policy for Workable at https://www.workable.com/privacy 
  • AWS, operated by Amazon Inc., headquartered in the USA. AWS is primarily used for cloud services. For more information please refer to the privacy policy for AWS at https://aws.amazon.com/privacy/
  • GCP operated Google Inc., headquartered in the US. GCP is used for cloud service purposes. For more information please refer to the privacy policy for GCP at https://cloud.google.com/terms/cloud-privacy-notice
  • Intercom is operated by Intercom, headquartered in the USA. Intercom is used for live chat service. For more information please refer to the privacy policy for Intercom at https://www.intercom.com/legal/privacy

 

We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our newsletter or cookie banner. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the services and to communicate with each other.

We have also entered into data processing agreements with all external recipients to comply with European legal requirements. Depending on your location, some of the above service providers – if specified – will also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have an equivalent level of data protection to the EU and authorities may be able to access data without due process. Additional safeguards are therefore required to ensure a sufficient level of data protection. To meet this requirement, we have concluded additional data processing agreements called Standard Contractual Clauses. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of data.

 

Security

We take reasonable administrative, physical and electronic measures designed to protect Personal Data and Other Information from unauthorized access, use or disclosure. Data collected from your device is encrypted using SSL or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.

 

SECTION 2: Services Privacy Policy

 

Customer Data

Our customers are advertisers. On behalf of a customer, we receive data about its advertising campaign on a particular advertising network directly from that network. “Customer Data” means advertising campaign data or information made available to Tenjin or the Tenjin Platform by or on behalf of a customer or any Authorized User, or via a customer’s use of the Tenjin Platform. We format and otherwise process the Customer Data, to help our customer understand and analyze the effectiveness of and costs associated with its advertising campaigns across various advertising networks.

Customer Data may include the following Personal Data:

-name and surname of customer and/or any customer staff that interacts with us;

-e-mail address(es) used to communicate with us;

-company name and address, invoicing address, payment details;

-IP addresses, advertising unique identifiers;

-credentials to customer’s sources, storage, destinations.

 

How we collect customer data

We collect Customer Data through Tenjin’s software development kit (“Tenjin SDK”) that customers have a license to use. We may also collect Customer Data from our customers’ third-party mobile marketing partners, to the extent that the customer has authorized us to do so.

 

How we use customer data

We use Customer Data to provide the Services to the relevant customer. We may also use it to improve the Services and develop new products and services.

We do not share Customer Data with any customer other than the customer to which it relates unless we have received the prior express written consent of the customer to do otherwise. Without consent, we may disclose Customer Data:

To the external service providers and consultants who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, network and system safety and security services, customer service, email delivery, auditing and other similar services.

 

In all such cases Personal Data shall be processed by the mentioned Processors solely on our behalf and shall not be processed for the Processors’ or any other third party’s own purposes. To the extent required by law, Tenjin and/or Tenjin Inc. have closed agreements pursuant to art. 28 GDPR with such Processors.

In all above-mentioned cases, the processing of Customer Data – in as far as Personal Data is concerned – is necessary in order to provide the Services according to the contract or agreement customers have entered into with us. The legal basis of processing is therefore art. 6 par. 1 lit. b) GDPR.

In addition, we may use or disclose Customer Data as we believe necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, customers or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

 

In the above cases (a) to (c) the legal basis for processing is art. 6 par. 1 lit. c) GDPR.

In the above cases (d) – (g) it is our legitimate interest to process Personal Data to protect our legal rights and enforce our claims, as well as to ensure the safety, security and stability of our networks and systems. The legal basis for processing is art. 6 par. 1 lit. f) GDPR.

In principle and unless otherwise stated, personal data will only be stored until the purpose of the collection and storage is achieved. If the storage is based on your consent, personal data can be stored as long as you do not revoke such consent; if it’s based on a contract we have closed with you, as long as such contract is effective.

Furthermore, data may be stored if it is required by European or national legal provisions, laws or regulations which we are subject to. Personal data will be blocked or deleted if the retention period set forth by any such regulations expires, unless further storage is necessary for the conclusion or fulfillment of a contract.

Unless prohibited by applicable law or advertising network terms, we may aggregate Customer Data such that it is not reasonably identifiable with or to the customer to which it relates, or the customer’s end users (“Aggregate Data”). We may share Aggregate Data with third parties for industry research and analysis, demographic profiling and other similar purposes.

 

How we collect and process end user data for customers

Customers may send information about individuals using their app (“End Users”) to Tenjin for processing and storage. This information may include Vendor ID (if available), IP address, Apple Search attribution (if enabled), Device ID, Bundle ID, SDK Version, App Version, OS Version, Device Type, Device Model, Device Locale, Device Country, OS Platform, Limit Ad Tracking setting, and Advertising ID. Advertising IDs are user-specific, unique character strings that can be reset by the user and are used to track an End User’s device for advertising purposes. Examples include Google Ad ID and IDFA.

We process such data from the source and write it directly to client storage.

We use a non-persistent buffer on our side (ram/tempfile) on non-persistent compute nodes. In other words, we process the data only when our code helps to transfer the data from sources to destinations. It is only in ‘memory’ as the process runs and it never enters any of our servers.

We process End User data only in an aggregated, anonymized manner in order to provide our services, such as market analytics, to our Customers. We do not process End User data in order to track single users or to enrich data referring to single users. We do not create user profiles.

Tenjin customers must abide by all applicable laws. In particular, Tenjin customers acknowledge and accept that they are acting as controllers (as of art. 4 no. 7) GDPR) in the relationship to End Users, whose Personal Data they disclose to Tenjin. Therefore, customers commit to inform End Users as required by law (including but not limited to art. 13, 14 GDPR) and obtain all applicable consents (if any) before sending End User data to Tenjin.

When processing Personal Data referring to End Users Tenjin therefore acts as processor within the meaning of art. 4 no. 8) GDPR pursuant to the data processing agreement (“DPA”) we enter into with customers.

 

How we process and secure data

Tenjin is a SaaS company whose solutions are built on the AWS platform. Data is processed by Tenjin in secure locations operated by Amazon (AWS) and Google Cloud Platform (GCP) in the United States.

Tenjin uses appropriate and reasonable measures to protect data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, while taking into account any inherent risks and the nature of the data. 

 

Questions

Please contact us at privacy@tenjin.io if you have any questions about our Privacy Policy or Tenjin’s compliance with GDPR or CCPA. Please email privacy@tenjin.io if you would like to contact Tenjin’s Data Protection Officer (DPO), or EU representative under GDPR Article 27.