June 19, 2024
Cookies
Purchase conversion statistics is Bambuser's feature which measures how much revenue a certain video brings. It does that via setting up cookies on viewer's browser once they first initiate the video (clicking on a CTA button). The conversion statistics gives a video a measurable "score" which can, among other things, be used to constantly improve your live stream videos.
There are currently a number of Cookies being set once viewers interact with the Bambuser Widget (Player, Calls Widget or Messenger). Each cookie has a different name, expiration date and purpose and may be set for only one of the products. A full description of each cookie is described in the table below.
Name | Expiration date | Product | Description |
---|---|---|---|
_bamls_cuid | 1 year |
| Unique identifier for a workspace. Used as a common denominator for all tracking performed by Bambuser to easily enable reporting in workspaces for the Customer. |
_bamls_usid | 1 year |
| Unique identifier for a user. Used to attribute Bambuser statistics to a single site user. |
_bamls_seid | 30 min |
| Unique identifier for a session in which a Bambuser video was watched. Used in tracking to attribute statistics to a single session. |
_bamls_caid | 30 days |
| Unique identifier for the last Bambuser call that the user had on the Customer's website. Used to attribute Bambuser statistics to a specific customer interaction. |
_bamls_shid | 30 days |
| Unique identifier for a Bambuser video. Used to attribute statistics to a single video. This also - similar to source/medium in Google Analytics - enables attribution of purchases (that do not occur within the embedded stream) towards the video. |
_bamls_lits | 30 days |
| The timestamp for the last known interaction in a Bambuser video. This is used in conjunction with _bamls_shid to measure at what point in time after a user viewed a video, the actual purchase was made. |
hero-session-* (* is replaced by your application ID) | 1 year |
| Contains a unique visitor ID for anonymous users. Also contains a session ID when the user starts to actively use the product. |
hero-state-* (* is replaced by your application ID) | 1 year |
| Current messenger state to offer a consistent user experience across page loads (plugin opening state, etc) |
hero-associate-data | Usually 30 days (depends on the attribution window configuration of the retailer) |
| After an interaction with a store expert, this cookie contains the expert employee ID (or any identifier provided by the retailer) and is used to share attribution context with the website. |
hero-user-id | 1 month |
| User ID when the user starts to actively use the product. |
hero-tracking:ID (ID is replaced by the Merchant application ID) | 1 year |
| Provides the key functionality in the product of assisted shopping which allows the store expert to see the last shopping actions from the user |
hero-experiment:ID (ID is replaced by the Merchant application ID) | 1 year |
| When running an A/B, it helps keep track in which variant/bucket the user was assigned |
Notice that all the cookies are video-related/call-related and do not process any personal data
Steps
- The viewer watches a video, participate in a call, or chat with an agent
- A subset of the above cookies will be written in the consumer's browser depending on what product they interacted with
- Consumer buy and completes the checkout
- If cookies exist (means the user has watched a video, had a call or used the chat in the last 30 days), some basic purchase data will be sent to Bambuser
- Purchases and revenue will be displayed inside the Bambuser Dashboard for the relevant workspace
If cookies are not set (end user opts-out on customer side), it will not affect their live shopping experience.
You can read about how to implement Conversion Tracking here.
November 25, 2021
Sub-processors
The following sub-processors may Process the Personal Data:
Live
- Company name: Amazon Web Services
- Country of establishment: US
- Country of processing: US, Ireland or Japan. Other regions may be available from time to time and presented to Customer. Region is automatically selected based on geographical location of the Host unless otherwise requested by Customer.
- Type of processor: Cloud service provider
- Company name: Google Cloud Platform
- Country of establishment: US
- Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
- Type of processor: Cloud service provider
- Company name: ServiceNow Nederland B.V.
- Country of establishment: Netherlands
- Country of processing: Ireland and the Netherlands
- Type of processor: Customer support function
- Only for customers using the dubbing features
- Company Name: Sieve
- Country of establishment: US
- Country of processing: US
- Nature of Processing: Sieve will be engaged to alter voices in videos and change the language of the voices. This involves the Processing of voice data (audio files) for the purposes of modification and translation.
- Categories of Data Subjects: The categories of Data Subjects remain consistent with those outlined in the existing DPA, including but not limited to, individuals appearing in videos provided by the Data Controller.
- Type of Personal Data Processed: Audio files containing voice data, which may include identifiable information such as voice characteristics.
- Transfer mechanism: Standard Contractual Clauses
Video Consultation
- Company name: Amazon Web Services
- Country of establishment: US
- Country of processing: US or Ireland, at Customer’s option
- Type of processor: Cloud service provider
- Company name: Google Cloud Platform
- Country of establishment: US
- Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
- Type of processor: Cloud service provider
- Company name: ServiceNow Nederland B.V.
- Country of establishment: Netherlands
- Country of processing: Ireland and the Netherlands
- Type of processor: Customer support function
Bamchat
- Company name: Amazon Web Services
- Country of establishment: US
- Country of processing: US or Ireland, at Customer’s option
- Type of processor: Cloud service provider
- Company name: MongoDB Atlas (formerly mLabs)
- Country of establishment: Ireland
- Country of processing: Ireland.
- Type of processor: Database service provider
- Company name: Twilio
- Country of establishment: USA
- Country of processing: USA
- Type of processor: Messaging service
- Transfer mechanism: SCC
June 19, 2024
Supported browsers and operating systems:
Live
Dashboard Web
- Chrome - Latest two major releases
- Firefox - Latest two major releases
- Safari - Latest two major releases
- Edge Chromium - Latest two major releases
- Opera - Latest two major releases
Broadcaster Apps
iOS
- Latest two major releases
Android
- Android 5.0 / API 21
Player
TBD
Video Consultation
Dashboard Web
- Chrome - Latest two major releases
- Firefox - Latest two major releases
- Safari - Latest two major releases
- Edge Chromium - Latest two major releases
- Opera - Latest two major releases
Agent mobile apps
iOS
- iOS 14 or later (iOS 14 was released Q4 2020)
Android
- Android 5.0 / API 21
Calls Widget
- Chrome 65 or later (Chrome 65 was released Q1 2018)
- Microsoft Edge Chromium (any Edge after version 18)
- Firefox 62 or later (Firefox 62 was released Q4 2018)
- Safari 13 or later (iOS 13 was released Q4 2019)
- Samsung Browser (latest available major releases of Samsung browsers run on Samsung phone released in past three years)
- Opera Browser - latest two major releases.
Agent-Tool Web
- Chrome - Latest two major releases.
- Edge Chromium - Latest two major releases.
- Safari - Latest two major releases.
Chrome on iOS only works when run on iOS 13.4 or later. The optional feature co-browsing depends on a Chrome extension and is therefore not supported in Agent-tool Safari.
October 31, 2024
Prohibited markets
Bambuser will not deliver any service to the following markets (the list may be update from time to time at Bambuser's discretion)
- Belarus
- Cuba
- Central African Republic
- Iran
- Iraq
- Lebanon
- Libya
- Myanmar (Burma)
- Nicaragua
- North Korea
- Russia
- Venezuela
- Somalia
- Syria
- Ukraine
- Yemen
- Zimbabwe
December 9, 2021
Technical and Organizational Measures
This section contains a list of the technical and organizational measures which are applied by Bambuser. The measures are designed to:
- Safeguard the security and confidentiality of Personal Data, by following the principles of privacy by design.
- Protect against any anticipated threats or hazards to the security and integrity of Personal Data.
- Protect against any actual unauthorized processing, loss, use, disclosure or acquisition of or access to any Personal Data.
Policies
The organization has comprehensive policies for information security that are approved by management, published and effectively communicated to all employees and relevant external parties.
Organizational Controls
- All recruitments follow a screening process.
- A security and awareness program is implemented where participitation is mandatory for all employees.
- Employees and contract workers sign confidentiality agreements prior to commencing employment.
- Bambuser’s comprehensive Staff handbook includes a discrimination policy and a equality policy.
- Bambuser’s general recommendations regarding security measurement for personal devices are shared to all employees and consultants and is a part of the onboarding process. Employees and consultants are bound to follow policies by contract.
- Regular internal security audits are conducted to verify the security practice.
- Bambuser maintains internal data processing policies and procedures, process descriptions and regulations for programming.
Physical Security
- Access control and visitor management systems are implemented for all visitors/guests at Bambuser’s Headquater.
- Physical access reviews are performed periodically.
- Clean desk, clear screen and follow me printing are implemented.
- Fire alarm and fire-fighting systems implemented for employee safety.
- Fire evacuation drills are conducted at specified frequencies.
Data security and confidentiaity
Bambuser have implemented security measures to protect data confidentiality, integrity, and availability throughout the data lifecycle, from creation until deletion.
Such measures is designed to implement confidentiality and integrity of processing systems and services and include requirements for the protection of data during transmission and storage. Based on a risk assessment Bambuser will undertake a level of security appropriate to the risk, including:
- Full-disc encryption enabled on mobile devices.
- Vendor-supplied updates installed automatically on mobile devices.
- E-mails automatically scanned by anti-virus and anti-spam software.
- An MDM tool installed on all Bambuser owned mobile devices.
- All information applies encryption and protection in relation to classification.
- All connectivity is encrypted with TLS 1.2 or higher.
- Intrusion detection software is run continuously.
- Pseudonymization and encryption of Personal Data where applicable.
- Customer Data (including back-ups and archives) only be stored for as long as it serves the purposes for which the data was collected.
- Information and documents are classified according to the information classification guidelines.
Data Access Management
Bambuser have implemented measures to provide security throughout the identity and access management lifecycle by ensuring access to data and systems are provisioned to the authorised people through correct channels. Measures includes:
- Access to systems is provided on a ‘need to know’ and ‘need to access’ basis taking into account segregation of duties.
- Proper controls implemented for requesting, approving, granting, modifying, and revoking user access to systems and applications are implemented.
- All access to critical applications is reviewed at least annually.
- All access requests need to be approved by a manager or the appointed asset owner.
- All access requests are approved based on individual role-based access.
- Multi-factor authentication enabled where available.
- Passwords meet password complexity requirements as defined in a password policy.
Access Control to Personal Data.
Employees with access to personal data can only access the data that are necessary for the purpose of the activities under their responsibility. Access logs are in place and the responsibility for access control is assigned. Following measures are in place:
- Obligation for employees to comply with the applicable Bambuser security policies and data protection policies.
- Work instructions on handling personal data.
- Identity authentication needed for access to Personal Data.
- Only employees with a clear business need are allowed to access Personal Data located on servers, within applications or databases.