Skip to main content
Back to Home

Privacy Policy

Effective: January 1, 2025
Last Updated: December 27, 2024

1. Introduction

SIE Data, Inc. ("SIE Data," "we," "us," or "our") operates SIE Data, a Compliance-as-a-Service (CaaS) data marketplace. This Privacy Policy explains how we collect, use, disclose, and protect information.

What we are not: SIE Data is a signal refinery and intent intelligence platform. We are not a consumer reporting agency and do not distribute FCRA-regulated data. Signals, not scores. Intent, not eligibility. Markets, not credit files. Fields including credit score, FICO score, bankruptcy, payment history, collections, employment history, rental history, and criminal records are permanently blocked at our compliance firewall regardless of buyer certification.

This policy applies to:

  • Visitors to our websites
  • Buyers using our platform
  • Publishers deploying our VI Tag
  • Consumers whose data is collected through Publisher websites

1.1 Three Data Lines & Legal Bases

SIE Data operates three distinct data lines, each with its own legal basis:

  • Line A — B2B Intent: Company-level signals resolved from IP addresses. Legal basis: GDPR Article 6(1)(f) legitimate interest. No individual consent required.
  • Line B — Consumer Zero-Party Data (ZPD): Hashed individual identifiers with self-declared preferences. Legal basis: IAB TCF v2.2 consent (purposes 1, 3, 4, 7) collected by the publisher and signaled to our pipeline.
  • Line C — Consumer Outcomes: Fully qualified leads with contact details. Legal basis: TCPA-compliant express written consent with verifiable opt-in records retained for the consent lifecycle.

2. Information We Collect

2.1 From Buyers and Publishers (Account Holders)

When you register for an account, we collect:

  • Contact Information: Name, email, phone, company name
  • Business Information: Industry, company size, website URL
  • Payment Information: Processed by Stripe (we don't store card numbers)
  • Account Credentials: Hashed passwords, API keys
  • Usage Data: API calls, purchases, dashboard activity

2.2 From Publisher Websites (Via VI Tag)

When consumers visit Publisher websites with our VI Tag installed, we may collect:

Behavioral Data:

  • Page URLs visited
  • Time spent on pages (dwell time)
  • Scroll depth
  • Click interactions
  • Form submissions (field presence, not content)

Technical Data:

  • IP address (for B2B firmographic resolution)
  • Browser type and version
  • Device type
  • Referring URL

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Generate intent signals for Buyers
  • Comply with legal obligations (including DROP/SB 362)
  • Detect and prevent fraud or abuse
  • Communicate with you about products, services, and events

4. California Consumer Rights (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect and how it's used
  • Delete personal information we hold about them
  • Opt-out of the sale or sharing of personal information
  • Non-discrimination for exercising privacy rights

To exercise these rights, email [email protected] or use the California Delete Act DROP platform.

5. DROP Compliance (SB 362)

SIE Data is registered with the California Data Broker Registry and syncs with the DELETE Act (SB 362) DROP platform. When consumers submit deletion requests through DROP, we process them within 45 days.

6. Data Security

We implement appropriate security measures including:

  • AES-256-GCM encryption for PII at rest
  • TLS 1.3 encryption for data in transit
  • SOC 2 controls implemented infrastructure
  • Regular security audits and penetration testing
  • Access controls and audit logging

Instagram Comment Data Processing

When you connect an Instagram Business account to SIE Data, we may receive and process comment data on your IG content via Meta's Graph API webhooks. This includes: commenter usernames, profile picture URLs, comment text, and comment metadata (timestamps, like counts). We process this data on your behalf — you remain the data controller, SIE Data is the processor under GDPR Article 28.

Processing Terms

  • Legal basis: legitimate interest under GDPR Art. 6(1)(f) — moderating and analyzing comments on content you publish.
  • Retention: 90-day rolling window. Comment payloads older than 90 days are purged from hot storage automatically.
  • No sale: Instagram comment data is never sold, traded, or licensed to third parties.
  • No third-party advertising: comment content is not shared with ad networks, DSPs, or marketing-attribution vendors.
  • No model training without consent: we do not use your comment data to train AI/ML models without a separate, explicit opt-in agreement.
  • DSR rights honored: data subject requests (access, rectification, erasure, portability, objection) are honored within statutory timelines via [email protected].

For the full processor terms, sub-processor list, security measures, and breach-notification SLAs, see our Data Processing Agreement.

7. Meta Platform Data Deletion

If you connected a Meta (Facebook/Instagram) account to a Publisher integration, you may request deletion of associated data via our verified Meta endpoints:

  • Data deletion callback: https://api.siedata.dev/api/oauth/meta/data-deletion
  • OAuth deauthorization: https://api.siedata.dev/api/oauth/meta/deauth
  • Event webhook: https://api.siedata.dev/api/webhooks/meta

Deletion requests are HMAC-verified, processed asynchronously, and a confirmation code is returned per Meta's Platform Terms.

8. Data Retention & Deletion

Behavioral / intent signals: retained for up to 13 months from collection, then aggregated to cohort level. Account & billing records: retained for 7 years per US tax/SOX requirements. Suppression list entries: retained indefinitely to honor opt-outs. Audit log chain: tamper-evident, retained 7 years.

9. Contact Us

For privacy-related questions or requests:

Terms of ServiceHelp Center