If you are a Brainybear customer, under the CCPA you’re considered the ‘business’ and Brainybear is the ‘service provider’. As such, we as Brainybear are responsible for processing the data our service captures on your site and is stored on our servers. As noted in our Privacy Policy, we will NEVER sell personal data to third parties.
Because of the many product and process enhancements we made in preparation for the 2018 General Data Protection Regulation (GDPR), when the CCPA was signed we were already well-positioned to support customers needing to comply.
The CCPA is a large piece of legislation and covers many topics that have no direct impact or tie with your use of Brainybear. However, there are areas of the CCPA where your customers might have rights that relate to your use of Brainybear. We’ve included a brief explanation of their rights and how Brainybear can be used in a manner that supports you in servicing them below.
Under the CCPA, businesses must update privacy notices to specifically state what data is collected, categorize the data collected, explain the purpose for the data’s use, identify third parties with which that data is shared, and communicate the rights available to an individual.
The lawful disclosure and consent have always been part of Brainybear’s Privacy Policy
We recommend that you perform a full review of your company’s terms of service and privacy policy to ensure you meet the CCPA’s requirements and, if necessary, disclose the use of Brainybear.
Under the CCPA, California consumers may have the right to request and receive a list of personal information and additional details a business collects (or has collected), as well as the intended business use for collecting this data.
The consumer may also be able to request that any specific personal information be deleted. With the exception of specific types of data (e.g. billing or other regulatory required information), these deletion requests must be fulfilled by you, the business.
Under CCPA, an IP address may be considered personal data if it can identify a household.
Brainybear’s default behavior is that IP addresses of visitors are always suppressed before being stored to disk on our servers using Brainybear's core feature set. We set the last octet of IPv4 addresses (all connections to Brainybear are made via IPv4) to 0 to ensure the full IP address is never written to disk. For example, if a visitor's IP address is 1.2.3.4, it will be stored as 1.2.3.0. The first three octets of the IP address are only used to determine the geographic location of the visitor.
Brainybear makes use of third party services in infrastructure, reporting, and analytics. It is our obligation to ensure that the processing of data on our behalf is also GDPR compliant. For the details of our third-party tools, please refer to the privacy page.