We collect information for a lawful purpose connected with our App or other products and services. Collection of such data and information is essential for the purpose of serving Users with the best version of our technologies and App.
CONSENT AND BASIS FOR COLLECTION OF INFORMATION
- Consent for information is collected from the Android User on a Splash Screen Pop-Up for language modelling data, through phone contacts, identifiable information, SMS, Product metrics, location, truecaller login pop-up;
- Consent for Images is collected from the Android User via an Android permission popup to access camera, images from gallery.
- Consent for information is collected from the iOS User through App launch pop-up and Bobble login;
- Consent for information is collected from a website User through the pop-up at the bottom of the website.
Bobble has a legal/lawful basis of collecting, processing and storage of personal data due to the following -
- Upon your Consent – We collect your data, personal information, and any other personally identifiable data after and only upon receiving your ‘opt-in’ consent on our App/website at various stages.
- We collect information for the purpose of providing you services and improved deliverance through our App/website.
- We will collect all requisite information for compliance with legal obligations; and
- We share information with third- parties with whom we conduct business such as merchants, co-marketers, distributors, resellers, and other companies or organizations from different industries with whom Bobble enters into agreements to support its business and operations, for the purpose of analytics, feature based services and better deliverance of services.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
I. Personally Identifiable Information
We might ask for your personal information like your name, phone number, address, email accounts, photos etc. at different screens in the app, and collect this information automatically using Android’s Identity Permission.
Our source for collecting information which is used, stored and processed by us are varied and dynamic. We use the App, background cookies and other tracking technologies, to collect your information for processing, usage, storage and servicing.
Such personal information may include but not be limited to the information you provide to us or upload, the information specific to you that may be assigned by us, your financial information, social information, device or sim-related information, location information, log information.
We also collect information regarding location data, user action logs, application API logs, user browsing history, installed apps, etc. The information collection differs as per the operating system of the User and is in consonance with the App Store (iOS) and Play Store (Android) rules and terms as laid down.
When you visit our website or App, we may receive certain information about your behaviour including user activity, page content, gender, name, details provided as ‘about me’, phone number(s), online identity, Facebook Id, Twitter Id, email, url, Company name and details, job title, addresses, country code, and addresses.
We may also, by happenstance or as may be necessary for usage of the App’s functionalities and usage and/or provision of our products and services, collect, receive, possess, store, deal or handle, directly or indirectly, the following sensitive personal data or information from its Users by virtue of their use of our App or our products and services - (i) password; (ii) financial information such as bank account or credit card or debit card or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; and (vi) biometric information (“Sensitive Data”). Keeping your best interest in mind, we retain and use such Sensitive Data only for as long as is required as per the purpose for which the Sensitive Data is collected or otherwise required to comply with our legal obligation.s
II. Language Modelling Data
We capture all keystrokes and gestures input into our keyboard. We encrypt and store all inputs in a secure zone within your device. We use this data to help you type faster by providing auto-correction and auto-suggestion to your keyboard input, and to provide you with content and serve advertisements based on your input. We encrypt this data and send it to our servers through a secure connection for programmatic analysis to improve our language dictionaries. Data sent to our servers is destroyed when no longer required by us for processing of data.
We do NOT capture or store data inputted into secure text fields containing items such as passwords, credit card number, debit card number, OTP etc. Such information might indirectly be captured or stored however; for instance, if you type your password in an SMS message, or if a website or other application does not inform Bobble that a particular field is a password field, your password may be retained as per Bobble’s language modelling.
In the event that the User stops using the App but does not delete their account or send a request to be forgotten, Bobble shall retain all their acquired/collected information till such request is made.
III. Phone Contacts
We use the first and last names, email ids and phone numbers of the contacts in your address book to help you input them faster via word suggestions, auto-correction or swipe typing. This contact information is encrypted and stored locally on your device in a secured zone which cannot be accessed by other apps generally.
We encrypt this data and send it to our servers through secure API requests to recommend content based on your personalized network, and for programmatic analysis to improve your personalized dictionary. We do not allow unauthorized publishing or disclosure of people's non-public contacts.
IV. Location Data
We do NOT collect any location data if you deny the location permission. Allowing location permission is NOT needed for using the App.
If you allow the location permission, we collect your approximate and precise location at regular intervals and send this data to our servers for our content recommendation engine to suggest location-based content.
V. Input Text Data
Our keyboard provides smart word predictions by learning the way you input text. We may learn the wording from your text messages, in order to help us provide you with faster and more precise predictions. This information helps us optimize and personalize the autocorrect and word suggestions in your language.
VI. Browsing History
We collect web browsing information such as IP addresses, URLs, etc. We also learn about the pages you visit, the time you spend, and other similar information. This log data may include information such as your browser type, browser version, and other statistics. This information helps us optimize your experience with the product and make recommendations relevant to your usage.
VII. Product Metrics
We collect data about how you and your device interact with our products. This includes (1) device information such as manufacturer, model, OS version, language settings, country settings, phone status, identity, network information, applications installed etc., (2) data regarding our application such as version and installation source, and (3) your interaction data such as views, duration of stay at views, transition from view to view, and how you enter and leave the view. The data collected helps us understand which functions you like and which functions to improve. This information allows us to improve our product and provide you with a better user experience.
VIII. Feedback Data
We use feedback forms inside and outside the App/website, because we appreciate that your trust and suggestions make us better. Your feedback allows our highly-trained team members to interact with you.
We collect the content of messages you send to us, such as feedback, questions or information you provide for customer support. When you contact us, phone conversations or chat sessions with our representatives might be monitored and recorded.
IX. Crash Data
We use Google Fabric to collect crash data from some Users. This helps us improve our products and services for all Users.
WHAT ABOUT CREDIT CARD NUMBERS AND PASSWORDS?
Your Bobble AI Keyboard Keyboard does not learn anything from fields marked as password fields, nor does it remember long numbers such as credit card numbers.
The warning message from Google that says Bobble AI Keyboard may be able to collect ‘all the text you type, including personal data like passwords and credit card numbers’ (pictured below) is a part of the Android operating system that appears when any third party keyboard is enabled.
Technologies such as cookies and scripts are also used by our partners, affiliates, analytics or service providers. These technologies may be used in analyzing trends, administering the App/website, tracking your movements around the App/website and to gather demographic information about our User-base as a whole. We may receive reports based on the use of these technologies by such companies on an individual as well as aggregated basis.
We also use Google Analytics, Facebook, Twitter, Truecaller and other partner/customer SDKs for collecting and/or storing your information. Some or all of these tools and platforms may be used to track information about your behavior on our website depending on your region, privacy settings and permissions. The SDKs allows our customers to collect usage data for its business purposes including, without limitation, improving the customer's technology, generating revenue by analyzing internet trends, and sharing, transferring, disposing and/or selling anonymized and aggregated versions of such information to third parties.
We collect information under the direction of and with absolute acceptance and knowledge of our customers, and have no direct relationship with the individuals whose data we may process. If you are a client of one of our current customers and would no longer like to be tracked by such customer, please contact the respective customer directly.
WHO IS COLLECTING YOUR INFORMATION?
WHY IS YOUR INFORMATION BEING COLLECTED?
We need your information to identify you uniquely, personalize your experience, and provide you customer support whenever required.
HOW DO WE STORE THE DATA WE COLLECT?
All data is stored locally before being transferred securely to our servers for analysis. Your data is stored in the CSV format in AWS, In MySQL and ELB Logs. Only authorized personnel can access the summarized data, with the original data regarding your interactions destroyed periodically. Your information is otherwise securely archived in our cloud database after processing and usage.
Personal Information such as the phone number is collected whenever Users login into the application, the e-mail and advertising ID are collected whenever a User opens the application or keyboard for the first time and is stored in AWS S3 and/or AWS RDS. For iOS User information collected is for User login with phone number, cloud sync, etc. and is stored in AWS S3 and/or AWS RDS.
For Typed Texts every key press and input is recorded locally in the User’s device and synced with server at regular intervals of 25 sentence completion or 24 hours whichever occurs first. The data for Bobble Android Users is stored in line delimited JSON formatted logs in AWS S3. It is on demand loaded in the Google Storage and BigQuery for analysis and dictionary improvements. This storage and usage of data is collected to personalise and improve your experience with us. The User SMS text is synced in the background from time to time.
The User Contact syncing happens on every contact addition and modification. They also get synced from time to time. First time, all contacts get synced while in subsequent attempts, only added/modified contacts get synced. For Bobble Android Users User Contact is stored as Line separated JSON in AWS S3 and as logs stored in the MySQL database.
The Bobble Image is the bobble-head, created by a User by inputting their photo; the pre-processed photo is sent to server to detect the face. When a Bobble Image is created and if the User is logged in, the processed Bobble Image is synced to the server. These images when processed are stored in AWS S3 for Android Users.
User Device Information such as Device ID, Network bandwidth and Device Language are collected and also synced on every application launch as well as at intervals whenever keyboard is closed. For iOS Users the device information is collected as part of maximum API calls. This information is stored in CSV format in AWS S3 as logs and in MySQL database for both iOS and Bobble Android Users.
User Installed Apps List gets synced on App launch and the logic is checked and whenever user taps on stickers and GIFs tab in keyboard. The User installed apps list is stored in CSV format in AWS S3 as logs and in MySQL database for Bobble Android Users.
User Browsing History is synced in the background from time to time and is stored in CSV format in AWS S3 as logs and in MySQL database for Bobble Android Users.
User Action Logs is generated and collected locally on every action a User takes on Bobble App or Bobble Keyboard while interacting with either Android or iOS user interface. These logs are synced with server time to time and stored in CSV format in AWS as logs. Also, post-processed logs are stored in MySQL for both Bobble Android & iOS Users. For Bobble website Users the information is collected and stored using Google Analytics. Bobble uses user actions logs to do analysis around users’ experience of the Bobble products & services.
Application API Logs is generated whenever Bobble mobile apps or keyboards, both Android & iOS tries to create a network connection with the server via API calls such as when GIFs and Stickers are downloaded, language dictionaries are downloaded, user configuration is synced, and on all other API calls. This information is synced with server from time to time and finally stored in AWS S3. The old logs from AWS S3 is moved to AWS Glacier. For erroneous API calls we store request, response and error as well in AWS S3. We also send error data to Log Entries for creating alarms for iOS and Bobble Android Users. For Bobble website users the information is collected as logs for API requests to/response from the server and is stored in the same manner as above.
Location Data where location parameters are collected as part of maximum API calls are stored as log files in AWS S3 and the latest location data is stored in MySQL for Bobble Android Users. For iOS Users data collection is to get language, update dictionary and storage is the same as for Android Users.
Truecaller Intelligence data is collected whenever a User logs in using the Truecaller SDK and such information is stored as log files in AWS S3 for Bobble Android Users.
HOW LONG DO YOU STORE MY INFORMATION?
HOW WILL WE USE YOUR INFORMATION?
Some examples of the industries in which your information may be utilized include automotive, charity, education, gaming, retail, leisure, financial services (including, investment, alternative investments) market research, publishing, media, fast-moving consumer goods (toiletries, cosmetics, food, and beverages), travel, telecoms, and utilities.
We share information directly with brands and, in some cases, through agencies. In instances where it is possible, we share information in a pseudonymized, anonymous, or hashed format, ensuring that individuals cannot be directly identified by such merchants, co-marketers, distributors, resellers, partners. We rigorously vet the recipients of our data, conducting appropriate checks on their reputation. Before sharing our data, we establish written agreements with recipients that include terms to protect the data's integrity.
We allow some of our business partners to collect and use data such as:
- User’s type of browser and its settings
- User’s Information and cookie information
- Information about other identifiers assigned to the device, and the IP address from which the device accesses a User’s App/website or mobile application
- Information about the User’s activity on that device, including web pages and mobile apps visited, used or currently running apps.
- Some of our partners also support Identifier for Advertising (IDFA) for iOS devices and the Google Advertising ID (AAID) for android devices, providing Users with an ads resettable option.
Our business partners use the information collected to provide aggregate level analytics services to its clients.
The personal data we collect will also be used for the purposes of:
- User identification and profiling for advertisements;
- Suggestive intent detection system and User behavioural analysis;
- Creating a User network;
- For cloud syncing of Bobble Head, content recommendation (sticker/GIFs); and
- Application debugging and performance logs.
Subject to applicable data localisation laws, your information collected by us may be stored in India or any other country where we or our affiliates, agents, partners, and service providers maintain facilities. We may transfer the information we collect about you to other affiliate partner entities or to third party entities or to other third parties across borders to jurisdictions around the world. We store your information as described and detailed above. If you are located in the European Union or other regions with laws governing data collection and use that may differ from Indian law, your acceptance to this policy is an affirmation and confirmation of your consent for us to collect and process your information in this manner.
We ask for following permissions from you for the proper functioning of all App features. You can choose to allow or deny for all or some of these permissions as per standard Android options.
Standard permissions: INTERNET; ACCESS_NETWORK_STATE; WAKE_LOCK; SYSTEM_ALERT_WINDOW; RECEIVE_BOOT_COMPLETED; GET_TASKS; VIBRATE; READ_USER_DICTIONARY; WRITE_USER_DICTIONARY; READ_PROFILE; ACCESS_WIFI_STATE; BLUETOOTH.
Stronger permissions: WRITE_EXTERNAL_STORAGE; READ_EXTERNAL_STORAGE; READ_CONTACTS; WRITE_CONTACTS; CAMERA; ACCESS_FINE_LOCATION; GET_ACCOUNTS; READ_PHONE_STATE; ACCESS_COARSE_LOCATION;
HOW DO WE PROTECT YOUR INFORMATION?
As mentioned, we’re using technologies to secure and safeguard all information we collect, to the best of our capacity. We are concerned with protecting your data and privacy and take all requisite and reasonable steps for such protection, however, we cannot warrant the security of any information you transmit to us or guarantee that your information with may not be accessed, disclosed, altered, copied or destroyed by breach of any of our industrial standard physical, technical or managerial safeguards.
When you enter sensitive information on our registration forms, or other forms we encrypt the information in this data and send it to our servers through a secure connection for programmatic analysis to improve our language dictionaries. Data sent to our servers is archived when no longer required. No method of transmission over the Internet or method of electronic storage is 100% secure, therefore, we cannot guarantee its absolute security.
We undertake reasonable security practices and procedures, security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment.
If you have any queries about security on our website/app you can contact us at email@example.com.
RIGHTS OF USER
As per applicable data protection law, as supplemented by our internal practices, your principal rights as a User are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority;
- the right to withdraw consent; and
- the right to be forgotten.
You have the right to request access to the information you have provided to us as you may deem fit. You can do this by contacting us on firstname.lastname@example.org. We will ask you to verify your identity and provide you with requisite details. Once we receives your information and verifies the same satisfactorily and as per its procedure, we shall give you access to requisite personal information. While the Company shall make all due efforts to ensure solution of this concern, this procedure might take 72 hours or more.
If you believe that the information we have about you is incorrect, you can contact us to have the information updated and keep your data accurate.
If at any point you wish to have your information with us deleted, removed or forgotten from our database, you can contact us for the same at email@example.com. We will take the necessary actions and step within 72 hours of the request being made.
You can opt-in or out of using Bobble as per your consent to the information being collected. If you wish to opt-out from tracking by Bobble, you can do so by sending a request at firstname.lastname@example.org. We will process your request within seventy-two (72) business hours from receiving such request.
An individual who is a current or former Bobble customer who seeks access or wishes to correct, amend or delete inaccurate data should direct his query to email@example.com.
An individual who is a client of a current or former Bobble customer and who seeks access or wishes to correct, amend or delete inaccurate data should direct his/her query to the respective Bobble customer first and then, if no response is obtained or such response is not satisfactory to the individual, should contact Mr. Rajendra Engla at firstname.lastname@example.org. If we receive a request under this provision, we will acknowledge it within seventy-two (72) business hours and handle it promptly.
WHAT YOU CAN DO
You can play your part in safeguarding your personal information by not disclosing your login password or account information to anybody unless such person is duly authorized by you. We cannot be held responsible for lapses in security caused by third party access to your personal information as a result of your failure to keep your personal information private. Notwithstanding the foregoing, you must notify us immediately if there is any unauthorized use of your account by any other Internet user or any other breach of security.
Your assistance will help us protect the privacy of your personal information.
WHAT HAPPENS IF THERE’S A CHANGE OF CONTROL?
WHAT CONTROL DO I HAVE OVER MY DATA?
We take your consent at multiple stages throughout our App and website. You can discontinue use of our app or site at any point where you wish to not share further information with us.
We consider it the responsibility of parents to monitor their children’s use of our services and apps. For a minor’s safety, we don’t allow usage of our services or App or website without parental guidance.
We do not seek or intend to seek to receive any personal information from minors. Should a parent or guardian have reason to believe that a minor has provided us with personal information without their prior consent, please contact us to ensure that the personal information is removed and the minor unsubscribes from any of the applicable Bobble services.
GDPR COMPLIANCE STATEMENT
For EU users, we comply with the EU Data Protection directive framework as set forth by the EU regarding the collection, use and retention of personal data from the European Union member countries. Bobble has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement. We will take upon the personal data breach, notifying the breach to relevant supervisory authority or under some circumstances, notifying the personal data breach to the data subjects by complying with applicable laws, including your local data protection legislation.
We respect and comply with the EU General Data Protection Regulations (GDPR); some of the key ways we comply with these regulations are:
Detail of Information being collected - We have provided you with a list of information being collected from you by us.
Consent - We have explained what you’re consenting to clearly and without ‘legalese’, and ask that you explicitly consent to provide us with any of your information before doing so.
Breach Notification - In the event of a breach we will notify affected users within 72 hours of first having become aware of the breach.
Right to Access - Users can request confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, we shall provide a copy of the personal data, free of charge, in an electronic format.
Right to be Forgotten - Once we have compared your rights to "the public interest in the availability of the data", we may delete your personal data upon your written communication of such request to us on the abovementioned id within 72 hours of such request being made to us in the prescribed manner.
Data Portability - We allow you to receive the personal data concerning you, which we will provide in a 'commonly used and machine readable format' within 72 hours of such request being made to us in the prescribed manner.
Privacy by Design - We implement appropriate technical and organisational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of users from whom data is collected. We hold and process only the data absolutely necessary for the completion of our duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.
WHAT HAPPENS WHEN WE MAKE CHANGES TO THIS POLICY?
HOW CAN YOU CONTACT US?