We’ve migrated our documentation to a new site, which means some URLs have changed.
Audience

Piano Audience, Insight and CCE Platform Privacy Policy

Piano Audience, Insight and CCE Privacy Policy

Piano and its wholly-owned subsidiaries (“Piano”) is an Amsterdam-headquartered technology company. We help our customers (“Customers”) to transform their own raw data into their most valuable resource. Piano's leading Data Management Platform (“Audience”) with Intelligent Personalization, gives companies unprecedented insight into their individual customers, and enables them to action this insight real-time, in all marketing and sales channels. Piano Conversion Engine (“CCE”) empowers Customers to monetize insight into their audience's behavior and preferences in order to increase subscription revenues.

If you are interested in learning about how we collect, use, and disclose information through the Piano technology services described above (the “Platform”), this platform privacy notice (“Privacy Notice”) should give you all the information you need.

We may update this Privacy Notice by posting an updated version on this page. If you are a Customer of Piano, then you will receive notice when this Privacy Notice is modified. We encourage you to periodically review this Privacy Notice.

What is the purpose of this document?

This document provides information about our Service and describes how we collect, use, share and otherwise process information.
Our goal is to be transparent about our business by describing our technology and services in simple terms so that you can understand our practices. We know this is complicated, so if you have any questions about this information, please contact us.

What is the Piano Audience, Insights, or CCE Platform (or the “Platform”)?

When we refer to the Piano Audience, Insights, or CCE "Platform", we are describing the technology used by our Customers’ websites and mobile apps to increase reader engagement, convert readers to new products, and to re-engage readers when their interest drops.

We provide a number of customer-facing applications to achieve this:

  • Piano Data Management Platform (“Audience”)

  • Piano Conversion Engine (“CCE”)

  • Piano Insight (“Insight”)

  • Piano Content (“Content”)

The applications listed above are used by employees of our customers, and not by our customers’ readers.

The platform also refers to our underlying infrastructure components, which includes, but is not limited to the following:

  • Databases and file storage (“Data Platform”) - not to be confused with Piano Audience

  • APIs (1st party data APIs, Real-Time APIs, Application GUI APIs)

  • Extract Transform & Load (“ETL”)

  • Edge receivers

  • Platform GUI

What do we mean by Platform Data?

The Platform is designed to use certain types of information, that all together we call Platform Data, which includes:

  • Information sent to or uploaded to our Platform by our customers which may include information about you, such as device identifiers and your device location

  • Information sent to or uploaded to our Platform by our clients and partners that ties unique device identifier(s) to perceived interests and behavior (e.g., women, ages 40-59), which may include information about you

See "What Information we collect and use" for more details on the type of information we include in Platform Data.

For EEA Internet Users, the meaning of "Personal Data" under the General Data Protection Regulation and what this means for Platform Data

"Personal Data" is defined as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address and can extend to unique identifiers, IP addresses, and other identifiers which do not tell us who an Internet user is in the "real world" but may, when combined with other information, allow the identification of a living individual.

We do not collect personal data that identifies you as an individual in the "real world." When you (an Internet user) visit a Digital Property that has integrated our technology or that uses technology that integrates with our Platform, we do not know your name or email address, or other information that directly identifies you. We take care to ensure that we do not collect any information that tells us who you are.

Instead, when you first visit a Digital Property that has integrated our technology, this triggers a request to our Platform to collect data for analytical purposes, load recommended content, or measure information about the usage of what is currently viewed. When this occurs, we assign a random unique identifier (a Digital Identifier) a "Cxense ID," to your browser or device, which allows the Platform to automatically recognize your browser or device the next time it visits another Digital Property that has integrated our technology. This type of "pseudonymous data" is defined as "Personal Data" under the GDPR.

This allows our clients and certain third-party provider to sync their own Digital Identifiers against this Cxense ID so that our clients and certain third party provider can use their own data on the Platform that they may have associated with their own Digital Identifiers.

Although the specific cookies employed on the Piano Platform may change from time to time, this describes how and why the Piano Audience, Insight and CCE Platform uses cookies. These cookies enable Piano to create a user profile for visitors to our Customers’ sites. For a detailed description of cookies set by the Platform, see here.

  • The Platform generates unique identifiers for web browsers and stores those identifiers via cookies and/or other means, such as “local storage”

  • The Platform on mobile, OTT, and other native applications uses identification standards, when available, provided by the respective platforms, such as IDFA and AAID.

  • The Platform uses unique identifiers to distinguish between unique devices. This is used to store data for analytics, analysis of user audience segments for analytics and advertising, and content recommendations.

  • The Platform uses unique identifiers to store and manage reporting data for clients, such as, for example, the aggregated traffic details for particular URLs, unique user calculations for a given web page, tracking individual device traffic, and for giving back to the device user and a selection of content that is determined to be interesting to them.

  • The Platform can use cookies with non-unique values for server load-balancing and similar technical purposes.

  • The Platform uses non-unique identifiers (stored in cookies or other means on the client) to store users' opt-out choices.

  • Cookies can play a role in Cross-Device linking in that cookies from different browsers or devices might be associated with each other.

  • Some browsers or other software may be configured to block 3rd party cookies, domains, or content by default.

PIANO AUDIENCE, INSIGHT, AND CCE PLATFORM PRIVACY STATEMENT

This privacy statement describes how Piano collects, uses, shares or otherwise processes Platform Data. It may describe how Piano enables or allows clients and third-party providers to use Platform Data, but otherwise does not apply to our clients' or other third parties' practices.

Companies using the Platform own their own data. That's part of what makes it a Platform.

What information does Piano collect and use?

Piano stores the Personal Data it receives from Customers pursuant to a legal contract containing binding obligations on Piano, including limiting its processing of Personal Data only on the instruction of the Customer and assisting the Customer in complying with its own obligations under applicable law. We may set additional rules for our Customers regarding how data is collected and used on the Service, but such data is collected and used subject to the individual privacy notice for each Customer.

The table below lists the data stored by Piano Audience, Insight, and CCE. The way we capture and transmit this data is described here.

CATEGORY

DATA CAPTURED

EXAMPLE

Device

Browser

Chrome, Firefox, Safari

Device

Browser language

en-us, en, ja-jp, ja, en-gb, no

Device

Browser version

Chrome 76, Firefox 67, Safari 12

Device

Capability

Flash, Java

Device

Color depth

24, 32

Device

Connection speed

Broadband, Mobile, XDSL

Device

Device type

Desktop, Mobile

Device

IP address* owner

Telenor norge AS, Orange UK

Device

Mobile brand

Apple, Huawei

Device

Operating system

Macintosh, Linux, iPhone OS, Android, Windows

Device

Screen resolution

2560x1440, 375x667

Location

City

Oslo, Tokyo, Singapore, Bangkok

Location

Country

no, jp, sg, be, th

Location

Metro Code

Oslo, Kanto, Lorenskog

Location

Postal Code

1270, 150-002

Location

Province

uk-gre, no-03, jp-13

Location

Region

Greenwich, Oslo, Akershus, Bruxelles-capitale

Location

Time zone offset

-60, -120, -540

Search query

Exit link query

“cake recipes”

Search query

Query

“cake recipes”

Search query

Referrer query

"cooking dinner"

Source & Destination

Exit link host

help.cxense.com, cxense.com

Source & Destination

Exit link URL

http://help.cxense.com/docs/contact-us

Source & Destination

Host

help.cxense.com

Source & Destination

Referrer classification

internal, direct, other, social, search

Source & Destination

Referrer host

google.com, yahoo.com, lnkd.in, linkedin.com

Source & Destination

Referrer search engine

Google

Source & Destination

Referrer social network

Linkedin, Twitter

Source & Destination

Referrer URL

http://help.cxense.com/docs/what-do-we-do

Source & Destination

Site

1135174217507879744

Source & Destination

URL

http://help.cxense.com

1st party data

Age

25-34, 35-44, 18-24, 45-54

1st party data

Gender

Male, Female

1st party data

Member

Yes, No

1st party data

Subscriber

Yes, No

1st party data

Subscription type

Weekly, Monthly, Annual

Custom parameters

Site’s own custom data

Article position, A/B test group, Load delay, IsSubscriber

Event origin

Origin

cxd-app

Event type

Type

Impression, Click, Newsletter signup, Order successful, Purchase

Performance parameters

Site’s own custom data events

Conversion type, visibility event on viewing subscription banner

Site Content

Acronym

Major League Baseball

Site Content

Author

Ellis Kube

Site Content

Category

Sports, World, Science, Entertainment

Site Content

Classification

Travel, Careers, Pets

Site Content

Company

Bloomberg, Air France

Site Content

Concept

Police, Climate change, Gun violence

Site Content

Entity

White House

Site Content

Language

en

Site Content

Location

Chine, Hong Kong, US, London

Site Content

Page classification

Article, Front page

Site Content

Person

Greta Thunberg

Site Content

Site

www.newssite.com

Site Content

Taxonomy

articles/politics, articles/sports

User interest

Categories

News, Sport, Careers/Jobs, Politics, Lifestyle, Cars, Fashion, Food

Event parameters

Consent

Anonymous

Event parameters

Subnet

External

Info
*IP addresses are collected and transmitted to Piano, but we do not store the information on our servers

Mobile Device Identifiers
Piano Audience, Insight, and CCE use mobile device identifiers such as the Android Advertising ID and Apple iOS IDFA in connection with the Service where Customers ask Piano to store this information collected via Customer Sites. Mobile device identifiers enable users to be uniquely identified, thus enabling the Service to store and provide ad targeting data to our Customers.

No Personal Data of Children
In accordance with industry standards and law, we do not knowingly collect, administer, or enable the commercial use of Personal Data relating to children less than 13 years of age (or 16 if the age of consent is higher in a particular country), or permit our Customers to provide us such data. If we become aware that a Customer has provided us with any Personal Data of children that would require compliance with applicable laws such as the Children's Online Privacy Protection Act of 1998 or Article 8 of the General Data Protection Regulation 2016/679 (“GDPR”), then we will delete this data from our databases.

No Sensitive or Special Categories of Data
We do not knowingly (or permit our Customers to use the Platform to) collect, use, or store sensitive or special categories of Personal Data, including the following:

  • Special categories of personal data as defined in Article 9 of the GDPR, including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data uniquely identifying a natural person, or data concerning a person’s sex life or sexual orientation.

  • Sensitive data including Social Security Numbers or other Government-issued identity cards, financial account numbers, information about an individual's health or medical conditions or treatments, including genetic, genomic, and family medical history

How do we collect information?

Piano collects Personal Data submitted to us directly through the Websites or mobile apps. Piano offers the Service to Customers to collect Personal Data of visitors or users of their Customer Sites or mobile apps.
Piano and its Customers use a number of different technologies to collect data and to operate the Platform, including any or all of the following:

Cookies

Piano Audience, Insight, and CCE uses cookies in connection with the Service, including on the Websites and Customer Sites. Cookies are small, often encrypted text files, located in browser directories. When you visit one of the Customer Sites, you are assigned a Cxense user ID that is placed into a cookie which is then placed on your computer or device accessing the Customer Site. There are two types of cookies: “Persistent” and “Session”.

  • Persistent cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie. The cookie expiry time is shown in the table below.

  • Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Piano Audience, Insight, and CCE cookies can be further categorized as “Performance” or “Targeting”.

  • Performance cookies collect information about how you use a Customer Site and if you experience any errors. These cookies help our Customers: (i) improve how their Customer Sites work; (ii) understand the interests of their users, and (iii) measure the effectiveness of their advertising. We use performance cookies to:

    • Carry out web analytics: Provide statistics to our Customers on how their Customer Sites are used

    • Perform affiliate tracking: Provide feedback to affiliated entities that one of our visitors also visited their site

    • Obtain data on the number of users of a Customer Site that have viewed a product or service

    • Help our Customers improve the Customer Sites by measuring any errors that occur

    • Test different designs for the Service

  • Targeting cookies are used to track your visit to a Customer Site, as well other websites, apps, and online services, including the pages you have visited and the links you have followed, which allows our Customers to display targeted ads to you on a Customer Site using the Service. We may use targeting cookies to:

    • Display targeted ads within the Customer Sites.

    • To improve how a Customer delivers personalized ads and content to its users, and to measure the success of ad campaigns on the Customer Sites

Browser Local Storage

Web applications can store data locally within the user's browser via what is called “local storage”.
Unlike cookies, the storage limit is far larger and information is not automatically transferred to web servers via browser connections.
Local storage is per origin (per domain and protocol). All pages, from one origin, can store and access the same data.

Information stored in cookies and local storage

This article provides detailed information on the various cookies our platform sets and their purposes, which may help clarify any concerns or questions you have regarding user tracking and data management.

Clear Gifs/Pixel Tags/Web Beacons

We also use clear gifs in connection with the Service, including on the Customer Sites. Clear gifs (also known as pixel tags or web beacons) are small strings of code that provide a method for delivering a graphic image on a web page or other document. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages or in emails and are about the size of the period at the end of this sentence. Clear gifs may be used to obtain information about the computer or device being used to view a particular web page, such as the IP address of the computer or device to which the pixel tag is sent, the time it was sent, the computer or device’s operating system and browser type, and similar information.

Mobile SDKs

Piano Audience, Insight, and CCE provides mobile and OTT SDKs for the Android and iOS operating systems, as well as Smart TVs, AppleTV, etc. These SDKs track similar events to those collected in web browsers and can provide similar services like which is available to web browsers.

Other

Similarly, our Customers may use similar technology provided by other companies on their own Customer Sites. The use of these technologies by our Customers is not covered by this Privacy Notice.

How is information sent to Piano?

Our cx.js script collects various pieces of data, builds up a URL that encodes this information, and sends this back to the Piano Audience, Insight, and CCE platform by making a standard HTTP request to the Piano servers. This HTTP API can also be invoked directly by clients. The URL encodes the following parameters:

PARAMETER

REQUIRED

SAMPLE VALUE

DESCRIPTION

ver

Yes

1

To which version of the API is this requested targeted

typ

Yes

pgv

What type of event is this? The value pgv denotes a page-view event.

acc

No

0

The Cxense account identifier.

sid

Yes

1234567890123

The Cxense site identifier.

loc

Yes

http://www.yoursite.com/news/1

The URL of the page. Must be a syntactically valid URL, or else the event will be dropped.

ref

No

http://www.yoursite.com/

The URL of the referring page.

gol

No

The Cxense goal identifier. For future funneling purposes.

pgn

No

The page name.

ltm

No

1473837694457

The local time on the client.

tzo

No

-120

The client's timezone.

res

No

1920x1080

The screen resolution. The format is "res=<width>x<height>", e.g. "res=1024x768"

wsz

No

1395x282

The initial browser window size: The format is "wsz=<width>x<height>", e.g. "wsz=544x365".

col

No

24

Device color depth. Typically read from window.screen.colorDepth in a browser.

dpr

No

1

Device pixel ratio (the ratio between physical and virtual pixels). Typically read from window.devicePixelRatio in a browser.

rnd

Yes

it2kwr95mv0uxmh3

A random number, for cache-busting purposes and to uniquely identify a page-view request.

jav

No

0

Is Java enabled?

bln

No

en-US

The client's browser language.

cks

No

it2kw3ldnxjc

The Cxense site-specific session cookie. Must be at least 16 characters long. Allowed characters: A-Z, a-z, 0-9, "_", "-", "+" and ".".

glb

No

cx:pbad80kwtao0l1qyfh5vv7q7:2vaqowu49edjp

The global id that uniquely identifies the user in relation to other ids (ckp, etc.)

chs

No

UTF-8

The document's character set.

fls

No

1

Is Flash enabled?

flv

No

Shockwave Flash 22.0 r0

Which version of Flash, if relevant?

new

No

0

Hint to indicate if this looks like a new user. Values: 0 or 1, e.g. "new=1" to indicate a new user.

cp_<name>

No

Set a custom parameter "name=value" by adding a URL parameter with a "cp_" prefix and the same name and value as the wanted custom parameter. E.g. if you want to set "premiumPage: true", you add the URL parameter "cp_premiumPage=true". See the documentation for for more details on setting custom parameters. The recommended practice is to use for your parameter names. E.g. your customer prefix is "xyz", then add the URL parameter "cp_xyz-premiumPage=true".

cp_u_<name>

No

Set a user profile parameter "name=value" by adding a URL parameter with a "cp_u_" prefix and the same name and value as the wanted user profile parameter. E.g. if you want to set "sportsFan: true", you add the URL parameter "cp_u_sportsFan=true". See the documentation for more details on setting custom parameters.

eid0

No

The value of the first optional external user id, used for linking external user ids to Cxense users. 64 characters max length.

eit0

No

The type of the first optional external user id, used for linking external user ids to Cxense users. 10 characters max length.

eid1

No

The value of the second optional external user id (etc..)

eit1

No

The type of the second optional external user id (etc..)

ptim

No

Position time.

plat

No

Position latitude.

plon

No

Position longitude.

pacc

No

Position accuracy.

palt

No

Position altitude.

paac

No

Position altitude accuracy.

phed

No

Position heading.

pspd

No

Position speed.

amo

No

1473634205 (for 2016-09-11T22:50:05Z)

If the web page has a <meta> tag with a property of 'article:modified_time', the 'content' is parsed and converted into seconds.

con

No

y, pv, segment

Consent. A comma-separated list with the following values: y- Required, set if this event was obtained and may only be processed with the user's consent; pv - Page view tracking, event tracking, and browsing habit collection to understand a user’s interests and profile; recs - Personalisation of content recommendations and suggested content based on user interests and browsing habits; segment - Audience segmentation, processing of browsing habits and first-party data to include users in specific audience segments; ad - Targeting advertising based on browsing habits and audience segmentation

For what purposes do we use the collected information?

Piano and its Customers use cookies or similar technologies described below to analyze user trends, administer and improve the Service, track users’ movements around the Customer Sites, and to gather demographic information about Customers’ users and visitors to the Customer Sites.

Our Customers typically use this data and our Service to improve and increase Customer Site usage and deliver targeted advertising campaigns on the Customer Sites and on other third-party sites. For example, a Customer may use the Service to find former subscribers of a Customer Site and to deliver ads or offers that encourage those users to re-subscribe to the Customer Site.
Where our systems can reasonably infer that a particular computer and/or mobile device belong to the same user or household, we store such information in a user profile for use on the Platform. The data stored in a profile on our Platform may be combined with other third-party data in order to better target advertisements, to enable Customers to better understand users across multiple computers and devices, and for ad delivery and reporting purposes.

How do we store information and how long is it kept for?

To facilitate our global operations and improve the performance of the Service, Piano stores Personal Data provided by its Customers in data centers located in the US, Japan, and Germany. As a result, Piano may transfer your Personal Data to or from data centers in these locations.

Piano employs a number of leading hosting providers to securely store Personal Data according to applicable law, including the following:

  • SoftLayer Technologies, Inc., 14001 Dallas Pkwy, Suite M100, Dallas TX 75240

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

  • Google Ireland, Ltd., Gordon House, Barrow St, Dublin 4, Ireland

  • Packet Host, Inc., 30 Vesey St, Floor 9, New York, NY 10007

Full list of Piano sub-processors is maintained and regularly updated here: https://piano.io/gdpr.

CROSS BORDER TRANSFER

Notice to EEA/Switzerland Residents
Personal Data originating from the European Economic Area (“EEA”) or Switzerland that is transferred outside of the region by Piano as described above is performed according to appropriate technical and legal safeguards, including the use of: (1) hosting providers in countries subject to a binding adequacy decision by the European Commission pursuant to Article 45(3) of the General Data Protection Regulation, and (2) binding transfer agreements containing standard contractual clauses based on the Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

Piano stores Personal Data you provide us directly so long as you continue to have a business relationship with us. You may ask us to delete that information by following the instructions above.

When a Customer terminates its relationship with us, Piano removes all Personal Data provided from our systems within a reasonable time not exceeding sixty (60) days following such termination, but subject to our right to retain (i) copies of transactions between the Customer and Piano, (ii) information relating to any dispute or potential fraud, and (iii) any additional information we need to keep to protect our legal rights or the rights of others.
Our cookies and similar tracking technologies expire six (6) months from the last time our systems encounter a particular computer or device. We do not use any cookie data that is more than twelve (12) months old for user profiling or targeting. After 12 months, we remove any unique identifiers and store the data for up to 3 years for analytics purposes. Upon request from some customers, we occasionally agree to extend the long-term storage of data beyond 12 months.

Who do we share information with?

Piano does not share Personal Data provided by a Customer using the Platform with other Customers of the Platform.
From time to time, Piano engages with partners to perform services on behalf of our Customers who use the Platform.
Piano may also disclose Personal Data if such disclosure is required for Piano to comply with valid and binding legal requirements, to protect Piano's rights or property (or that of our Customers), and/or where needed to protect personal safety. For example, Piano may be required to disclose information in response to a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we are required to disclose information in response to legal process or a government request, we will attempt to notify affected users for which we have contact information and/or the Customer(s) affected to the extent we are legally permitted to do so.

Personal Data Provided by Our Customers
Please note that all Personal Data processed by us through the Service is provided to us by our Customers upon your consent or other legal basis. If you wish to exercise any of the above rights regarding your Personal Data provided to us by our Customers through the Service, please contact that Customer and/or review that Customer’s privacy notice for instructions. Piano will respond in a timely fashion to all such requests received from its Customers regarding your Personal Data processed through the Service.

All users - ability to opt-out

Browser opt-out - Piano offers the ability to opt-out of processing as described above including the web browser opt-out solution for users who wish to opt-out here. If you choose to opt-out, Piano deletes any targeting data it may have for your browser, and we will no longer enable our Customers to target that browser using our Service. You will likely still receive advertisements, but Piano technology will have no input or impact on tailoring those ads to be more relevant to your interests. Please note that if you delete, block, or otherwise restrict cookies, or if you use a different computer, device or Internet browser, you will need to renew your opt-out choice. To the extent that a particular browser and a mobile device are linked via our Service, opting out will sever the link. If you choose to disable cookies, it may limit your use of certain features or functions on the Website and/or Customer Sites.
We also partner with third parties to display advertising on our Websites or to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt-out of interest-based advertising click here, or if located in the EEA click here.

Mobile app opt-out - Piano honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest-based ads” (Android). On devices where we see that such a selection has been made, we will not target that mobile device via the Service. To the extent that a particular browser and a mobile device are linked via our Service, opting out will sever the link.

Security

While it is impossible to fully guarantee security, Piano will provide appropriate technical and organizational measures to protect Personal Data, including taking commercially reasonable efforts in accordance with industry practices to protect data we collect from loss, alteration, destruction, misuse, and unauthorized access or disclosure. We have policies to help maintain control and physical security of the facilities used to store data and only allow access to authorized personnel, restrict access to data to those employees, contractors, and agents that have a need to know the information in order to provide and support our services. All Piano employees and data subprocessors are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.

Data subject rights

You have the right to revoke any consent given to us at any time. The legality of the processing until the time of revocation remains unaffected by this withdrawal. In exceptional cases, another legal basis might apply after the withdrawal of your consent. In such a case, the data controller will provide you with appropriate information. You have the right to access, correction, deletion, or restriction of processing, the right to object to further processing, the right to data transfer, and the right to lodge a complaint with the competent data protection supervisory authority.

Last updated: