One of TINT’s biggest priorities is privacy and data protection for our users and we are constantly aiming to provide the utmost safety and satisfaction to them. Each day, the TINT team strives to live up to our company values. Company value #2 states that we shall cultivate transparency internally and externally, and this means no less for our transparency with our customers. 
On May 25, 2018, the General Data Protection Regulation (GDPR) will be implemented. The GDPR is a new legislation in the EU concerning privacy around personal data. The law is meant to ensure that citizens are informed of and give consent to sharing the data that is collected about them to third parties. 
Since TINT does not sell data or collect any highly sensitive information such as names, IP addresses, health records, or social security data, most of the regulation in GDPR does not impact our users. Still, it important for us to be transparent about the 5 categories of data that we do collect.

Category 1 TINT Account Data

TINT account data includes information needed to log into your account. This data is compliant with GDPR because consent is covered by TINT’s privacy policy, which TINT’s users agree to when they sign up.
Examples of account data:
  • TINT account email addresses
  • TINT account passwords

Category 2 Product Usage Analytics

We track and record information, such as product usage and sessions data, to understand how our customers are using our product so we can make improvements and prevent usability issues. This again is compliant with GDPR because it is covered by TINT’s privacy policy.
Examples of the tools used to collect analytics:
  • Google Analytics
  • Mixpanel
  • FullStory

Category 3 Information About How End Users Use TINT

Information about how the end users use TINT is the most sensitive category of information we collect. This information is necessary for TINT customers to optimize their TINT, as they can then track their progress and analyze the impact  of TINT on marketing efforts over time.
To obtain this information, we set cookies that then require our customers to block their websites, unless their website visitors have granted consent. Most sites place consent interfaces on their website to get consent to use cookies. If a user does choose to deny consent to use cookies, we have a functionality to turn off cookies by adding the ?notrack=true parameter to a TINT URL. Again, this will unfortunately disable the usage of TINT’s analytics.
Examples of metrics collected:
    • Engagement Analytics on TINT embeds
      • Clicks on TINT posts
      • Clicks on TINT Calls-to-Action buttons on posts
      • TINT embed views

Category 4 Aggregated Data from Major Social Networks

TINT collects aggregated data from social networks that users have connected to our platform. The social network’s End User License Agreement (EULA) covers consent for this data and falls under the GDPR personal data regulations. When a social post is deleted or modified, we make sure that our database reflects the changes by complying with the social network.
Examples of aggregated data collected:
  • Instagram posts
  • Twitter posts
  • Facebook posts

Category 5 Aggregated Data from Non-Social Networks

TINT allows users to connect to a number of social networks, such as Twitter, Instagram, or Facebook, but also supports other integrations such as RSS feeds.
Because the content from these channels do not have the protection of an EULA, the responsibility falls on the customer to make sure they comply with GDPR. This means the user must give the proper consent for the data being aggregated prior to using these sources.
Examples of data from non-social networks:
  • RSS content
At TINT, we value and respect our customers immensely. Their safety is a priority and is extremely important to us. You can read more about TINT’s privacy policy here.