When using our tracking code, you may need to be aware of privacy considerations surrounding Parse.ly's data collection approach.
By default, Parse.ly collects standard web browser information about a reader, the uses of which are described below:
ip_address: IP address of the user; used for bot detection and geographic segments
user_agent: Identifier for the user's device; used for device analytics (mobile vs desktop)
first_party_uuid: Site-specific identifier (UUID) for user; used in loyalty analytics (new vs returning)
third_party_uuid: Network unique identifier (UUID) for user; used for deduped cross-domain visitor counts
To comply with Personally Identifiable Information (PII) restrictions in
certain geographic regions, as well as the privacy policies of individual
publishers, Parse.ly can selectively disable the tracking of two of these
pieces of information (individually for a specific site or API key). These are
third_party_uuid. An example implementation is here.
What does disabling ip address tracking mean?¶
When you disable
ip_address tracking for a specific site, API key, or visitor
we perform a hashing algorithm on the original ip address that removes any PII while
maintaining enough information to perform reasonably accurate geographic segmentation.
first_party_uuid a form of PII?¶
No. The way we generate the
first_party_uuid for web browsers uses server-side
crytographic randomness. It is a unique identifier that can only be used to
analyze single-domain or single-app user sessions. Parse.ly does not link
first_party_uuid with any personal information about the web visitor;
from Parse.ly's standpoint, each UUID is an anonymous content-viewing device
Customer will not: (a) provide, or cause to be provided, any PII to Parse.ly; or (b) configure or otherwise cause any cookie, pixel tag, or other code to capture or transmit any PII to Parse.ly.
Effect of disabling fields¶
ip_address tracking will prevent Parse.ly from being able to do bot
blocking and various forms of bot detection for your site, but may lead to better
compliance with strict privacy policies that consider IP addresses to be PII.
ip_address also makes our geographic segmentation feature slightly
less accurate. It is often used with our audience segmentation feature.
third_party_uuid will prevent Parse.ly from being able to do
cross-domain deduped visitor counts, especially in our Data Pipeline product
for customers who own and operate several domains.
We treat third party UUIDs as a data sample anyway, since it's powered by a
third-party cookie set at the
parsely.com domain, which are inaccurate in
many user agents, such as Apple iOS's Safari browser. Disabling
third_party_uuid does not disable our loyalty analytics, which is derived
To disable one or both of these fields, simply contact us at
firstname.lastname@example.org and one of our integration engineers can help.
How and where is visitor data securely stored?¶
Parse.ly uses a stateless distributed DNS and CDN infrastructure, which is spread across several geographic regions for redundancy and performance.
However, data is immediately capture/ingested in a distributed infrastructure located in several data centers in the United States (located in the states of Virginia and Oregon), where it is archived and stored long-term.
All data is stored on secure Linux servers, which are regularly patched and upgraded. These servers are behind a virtual private cloud networking setup. Because we rely on public cloud infrastructure, physical security of our data centers are handled by Amazon Web Services, who has public documentation on cloud security, as well as ISO 27001 compliance for their infrastructure.
Data is also backed up to a cloud distributed data store with 99.999999999% durability, and is only accessible by authorized systems using secure keys. This distributed data store is spread across several data centers clustered geographically in the state of Virginia in the United States.
How is data aggregated and anonymized?¶
Parse.ly aggregates and anonymizes customer data for the purpose of studying the web-wide attention data. For example, aggregated and anonymized data is used for our data studies which are published to inform media industry trends for customers and the press.
How does Parse.ly handle EU-US Privacy Shield?¶
How does Parse.ly handle GDPR?¶
The General Data Protection Regulation (aka GDPR) is a new data regulation designed by the EU to safeguard the rights of consumers in the European Union, increasing the requirements for data security and privacy beyond the Data Protection Directive, which is the current EU regulation governing the right of consumer privacy.
Example implementation of disabling PII tracking per visitor¶
To disable PII tracking on a per visitor basis you should define a
object with an
onload function prior to the code for the default
onload function should call
and pass it an object with the keys and values you'd like to overwrite for this
visitor. Currently, the only valid keys are
track_third_party_cookies. The only valid values are