Cookies​

Purchase conversion statistics is Bambuser's feature which measures how much revenue a certain show brings. It does that via setting up cookies on viewer's browser once they first initiate the show (clicking on a CTA button). The conversion statistics gives a show a measurable "score" which can, among other things, be used to constantly improve your live stream shows.

There are currently 4+1 Cookies being set once that happens in the player. Each cookie has different name, expiration date and purpose. The two first items in the table below are used for specific products respectively, but the remaining four are common.

Steps​

1. The viewer watches a show or participate in a call
2. Above cookies will be written in the viewer's browser containing the callID or showID that the viewer has watched
3. Viewer buy and completes the checkout
4. If cookies exist (means the user has watched a show or had a call in the last 30 days), some basic purchase data will be sent to us
5. Show revenue will be displayed inside the Bambuser Dashboard

You can read about how to implement Conversion Tracking here.

Sub-processors​

The following sub-processors may Process the Personal Data:

One-to-Many​

• Company name: Amazon Web Services
• Country of establishment: US
• Country of processing: US, Ireland or Japan. Other regions may be available from time to time and presented to Customer. Region is automatically selected based on geographical location of the Host unless otherwise requested by Customer.
• Type of processor: Cloud service provider

• Company name: Google Cloud Platform
• Country of establishment: US
• Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
• Type of processor: Cloud service provider

• Company name: ServiceNow Nederland B.V.
• Country of establishment: Netherlands
• Country of processing: Ireland and the Netherlands
• Type of processor: Customer support function

One-to-One​

• Company name: Amazon Web Services
• Country of establishment: US
• Country of processing: US or Ireland, at Customer’s option
• Type of processor: Cloud service provider

• Company name: Google Cloud Platform
• Country of establishment: US
• Country of processing: US or EU (Belgium or the Netherlands, at Google’s option), at Customer’s option.
• Type of processor: Cloud service provider

• Company name: ServiceNow Nederland B.V.
• Country of establishment: Netherlands
• Country of processing: Ireland and the Netherlands
• Type of processor: Customer support function

Supported browsers and operating systems:​

One-to-Many​

Dashboard Web​

• Chrome - Latest two major releases
• Firefox - Latest two major releases
• Safari - Latest two major releases
• Edge Chromium - Latest two major releases
• Opera - Latest two major releases

Broadcaster Apps​

iOS​

• iOS 14 or later (iOS 14 was released Q4 2020)

Android​

• Android 5.0 / API 21

Player​

TBD

One-to-One​

Dashboard Web​

• Chrome - Latest two major releases
• Firefox - Latest two major releases
• Safari - Latest two major releases
• Edge Chromium - Latest two major releases
• Opera - Latest two major releases

Agent mobile apps​

iOS​

• iOS 14 or later (iOS 14 was released Q4 2020)

Android​

• Android 5.0 / API 21

Call Widget​

• Chrome 65 or later (Chrome 65 was released Q1 2018)
• Microsoft Edge Chromium (any Edge after version 18)
• Firefox 62 or later (Firefox 62 was released Q4 2018)
• Safari 13 or later (iOS 13 was released Q4 2019)
• Samsung Browser (latest available major releases of Samsung browsers run on Samsung phone released in past three years)
• Opera Browser - latest two major releases.

Agent-Tool Web​

• Chrome - Latest two major releases.
• Edge Chromium - Latest two major releases.

Prohibited markets​

Bambuser will not deliver any service to the following markets (the list may be update from time to time at Bambuser's discretion)

• Belarus
• Cuba
• Central African Republic
• China
• Iran
• Iraq
• Lebanon
• Libya
• Myanmar (Burma)
• Nicaragua
• North Korea
• Russia
• Venezuela
• Somalia
• Syria
• Turkey
• Ukraine
• Yemen
• Zimbabwe

Technical and Organizational Measures​​

This section contains a list of the technical and organizational measures which are applied by Bambuser. The measures are designed to:

• Safeguard the security and confidentiality of Personal Data, by following the principles of privacy by design.
• Protect against any anticipated threats or hazards to the security and integrity of Personal Data.
• Protect against any actual unauthorized processing, loss, use, disclosure or acquisition of or access to any Personal Data.

Policies​​

The organization has comprehensive policies for information security that are approved by management, published and effectively communicated to all employees and relevant external parties.

Organizational Controls​​

• All recruitments follow a screening process.
• A security and awareness program is implemented where participitation is mandatory for all employees.
• Employees and contract workers sign confidentiality agreements prior to commencing employment.
• Bambuser’s comprehensive Staff handbook includes a discrimination policy and a equality policy.
• Bambuser’s general recommendations regarding security measurement for personal devices are shared to all employees and consultants and is a part of the onboarding process. Employees and consultants are bound to follow policies by contract.
• Regular internal security audits are conducted to verify the security practice.
• Bambuser maintains internal data processing policies and procedures, process descriptions and regulations for programming.

Physical Security​​

• Access control and visitor management systems are implemented for all visitors/guests at Bambuser’s Headquater.
• Physical access reviews are performed periodically.
• Clean desk, clear screen and follow me printing are implemented.
• Fire alarm and fire-fighting systems implemented for employee safety.
• Fire evacuation drills are conducted at specified frequencies.

Data security and confidentiaity

Bambuser have implemented security measures to protect data confidentiality, integrity, and availability throughout the data lifecycle, from creation until deletion.

Such measures is designed to implement confidentiality and integrity of processing systems and services and include requirements for the protection of data during transmission and storage. Based on a risk assessment Bambuser will undertake a level of security appropriate to the risk, including:

• Full-disc encryption enabled on mobile devices.
• Vendor-supplied updates installed automatically on mobile devices.
• E-mails automatically scanned by anti-virus and anti-spam software.
• An MDM tool installed on all Bambuser owned mobile devices.​
• All information applies encryption and protection in relation to classification.
• All connectivity is encrypted with TLS 1.2 or higher.
• Intrusion detection software is run continuously.
• Pseudonymization and encryption of Personal Data where applicable.
• Customer Data (including back-ups and archives) only be stored for as long as it serves the purposes for which the data was collected.
• Information and documents are classified according to the information classification guidelines.

Data Access Management

Bambuser have implemented measures to provide security throughout the identity and access management lifecycle by ensuring access to data and systems are provisioned to the authorised people through correct channels. Measures includes:

• Access to systems is provided on a ‘need to know’ and ‘need to access’ basis taking into account segregation of duties.
• Proper controls implemented for requesting, approving, granting, modifying, and revoking user access to systems and applications are implemented.
• All access to critical applications is reviewed at least annually.
• All access requests need to be approved by a manager or the appointed asset owner.
• All access requests are approved based on individual role-based access.
• Multi-factor authentication enabled where available.
• Passwords meet password complexity requirements as defined in a password policy.

Access Control to Personal Data.​​

Employees with access to personal data can only access the data that are necessary for the purpose of the activities under their responsibility. Access logs are in place and the responsibility for access control is assigned. Following measures are in place:

• Obligation for employees to comply with the applicable Bambuser security policies and data protection policies.
• Work instructions on handling personal data.
• Identity authentication needed for access to Personal Data.
• Only employees with a clear business need are allowed to access Personal Data located on servers, within applications or databases.

Change Management​​

• Each change must be documented and the change should not be completed until tested, reviewed, and approved according to defined change management procedures.
• Development follows the stipulated SDLC (Software development life cycle).
• All changes are tracked with a version control system.
• Automated scanning tools (SAST, DAST, and dependency scanning) are continuously used to find and resolve security problems.
• All code changes must pass automated testing and peer review before being merged to the main code repository branch.

Information security incident management​​

• Management responsibilities and procedures have been established to safeguard a quick, effective and orderly response to information security incidents, within defined timeframes in the GDPR.
• A formal reporting procedure or guideline exists for users, to report security weaknesses in, or threats to, systems or services.
• There is a procedure for assessing information security problems and issues and classifying them as information security incidents.
• There are documented procedures in place for responding to information security incidents including reporting security incidents through appropriate management channels as quickly as possible.

Business Continuity and Disaster Recovery

Bambuser protects critical business processes from the effects of major failures of information systems or disasters and ensures their timely resumption in the event of an incident. These measures must include requirements for ensuring the ongoing availability and resilience of processing systems and services and for the ability to restore availability and access to data in a timely manner in the event of an incident.

Measures include:

• Implementation of a disaster recovery program that focuses on making information systems resilient against failures and disasters.
• Performance of data backups to enable resumption of system operations in an event of failure.
• Replication of data across multiple data center regions.
• Regular disaster recovery tests and, based on the learning from these tests, work to update and improve disaster recovery processes.

Threat and Vulnerability Management

Bambuser will maintain measures meant to identify, manage, mitigate and/or remediate vulnerabilities within the Bambuser environments. Security measures include:

• Patch management
• Anti-virus / anti-malware
• Threat notification advisories
• Vulnerability scanning
• Periodic penetration testing

Network Security​​

Bambuser implemented measures to securely design, protect and manage the supporting cloud network infrastructure. Measures include:

• Cloud security groups act as firewalls between different services. This setup will only allow explicitly declared communications to take place.
• Web Application Firewalls in front of the internet-facing services.

Cloud providers​​

Bambuser uses the following cloud providers for its services:

• Amazon Web Services (https://aws.amazon.com/security/)
• Google Cloud Platform (https://cloud.google.com/security).
• Service Now (https://www.servicenow.com/company/trust/security.html)

Our sub-processors have provided adequate guarantees on the protection of personal data they process on our behalf.

Service Level Agreement​

This Service Level Agreement shall apply to the Bambuser Solution as from the first live show/video call session. Any defect or error occurring prior to this date shall be remedied by Bambuser within a commercially reasonable time. Customer further acknowledge that this Service Level Agreement only applies to the availability of the Bambuser Solution

1 Service levels

1.1 Bambuser shall use commercially reasonable efforts to make the Bambuser Solution available 24/7/365.

1.2 Upon Bambuser's failure to uphold agreed availability during a calendar month, the Customer shall, as sole and exclusive remedy, be entitled to a one-time reduction of the monthly Subscription License Fee applicable for such month in accordance with the table below:

1.3 To gain service level credits, the Customer must request such service level credit from Bambuser in writing via their designated account manager. Service level credits shall, unless otherwise agreed between the Parties, be settled against the next invoice or refunded by Bambuser, at Bambuser's discretion.

1.4 In order to receive service level credits, the Customer must notify Bambuser when the first occurrence of failure to uphold agreed availability becomes known to Customer, by immediately sending an email to support\@bambuser.com. The Customer's notification must include the date and times of alleged unavailability.

1.5 Bambuser is not liable for any deviations from the agreed availability caused by any event outside Bambuser’s reasonable control, Customer's negligence or misuse of the Service, Customer's external communication solution including deficit internet access or a Force Majeure Event. Accordingly, Customer shall not be entitled to any services credit or other compensation from Bambuser.

1.6 Incident reporting and levels of Priority

All incidents must be reported to support\@bambuser.com and include the following information where relevant:

- Org ID

- User ID

- Show ID

- Client's suspected level of Priority

- User Name

- Time when behavior was first noticed

- Website URL where the problem is occurring

- Device or Devices and their operating systems where the behavior is occurring

- Description of what is not functioning as expected and how to replicate the behavior

- Screenshots or video captures showing the problem

1.7 An incident shall be considered reported from the timestamp of the email sent to support\@bambuser.com including sufficient information (as specified in Section 1.6 above) for the Bambuser staff to begin investigating the incident. Incidents with insufficient information will not be deemed as reported until such time as relevant details are provided, at which time they shall be considered reported from the timestamp on the email containing the necessary information.

1.8 After an incident has been reported it will be reviewed by Bambuser and a decision will be made as to the level of Priority of the incident as proposed by the Customer when it was reported. The incident reported will then be responded to within the response time stipulated in table below for the level of Priority that has been decided by Bambuser. Final decision on an incident's classification regarding priority level shall always reside with Bambuser.

1.9 The Bambuser Support team will endeavor to restore service within the time period specified by each level of priority. The Bambuser Support team will endeavor to resolve the underlying problem with the service within the time period specified by each level of priority.

One-to-Many​

One-to-One​

Technical Specification One-To-Many​

General technical description of One-To-Many​

One-to-Many is a cloud-based service that enables the Customer to broadcast live video streaming shows with an integrated shopping feature. One-to-Many is an in-house developed software dependent on third-party services by AWS and Google Cloud. These third-party services are distributed by Bambuser (embedded in One-to-Many) and are not to be used on a stand-alone basis by the Customer. One-to-Many is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products.

To achieve the optimal user experience, One-to-Many requires either (i) a commitment from the Customer to implement the necessary JavaScript code on the Customer's website (often less than 100 rows), and optionally (ii) set iframe policies allowing the Customer\'s site to be embedded on itself (i.e. using X-Frame-Options and/or Content-Security-Policy headers).

Bambuser Solution​

Technical Specification One-To-One​

General technical description of One-To-One​

One-to-One is a cloud-based service that enables the Customer to interact with consumers via a one-to-one call (video/audio and chat) with interactive features such as, compare, highlight and add-to-cart.

One-to-One can be used by a Customer to facilitate calls between a visitor on the Customer's website and an agent who can assist, educate or sell products to potential customers. One-to-One also allows the Customer's agent to schedule consultations for consumers by distributing invite links. All products discussed in a call can be highlighted, compared with other products, added to the cart and purchased during or after the one-to-one experience. The products are inserted in the native cart/check out on the Customer's website and no transactions take place within One-to-One.

One-to-One is an in-house developed software dependent on third party services by AWS and Google Cloud. These third party services are distributed by Bambuser (embedded in One-to-One) and are not to be used on a stand-alone basis by the Customer. One-to-One is built partly using open source software and the Customer acknowledges that Bambuser is using industry standard open source products. Bambuser follows the applicable licenses such as MIT and Apache.

Bambuser Solution​

Implementation Services And Onboarding For One-To-Many​

Integration and implementation

A complete integration of the Bambuser Solution requires purpose-built JavaScript for administering the communication between the Bambuser Player and the Customer's on-site cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) approving the theming design a minimum of five (5) business days prior the first live show is scheduled. (After approval Bambuser will code and upload the theme to the codebase on behalf of the Customer. The 'standard' Customer shall have 2 opportunities and the 'enterprise' Customer shall have 5 opportunities to review their theming design during the onboarding process.)

After the theming has been approved by the Customer during the onboarding process, an hourly fee of USD 165 (minimum commitment is 3 hours) applies to theming changes for 'standard' Customers (ii) the whitelisting of the Bambuser email server and Bambuser product scraper to enable the functionality of critical features of the Bambuser Solution. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to verify and test the integration.)

(iii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first live show.

Bambuser will for 'standard' and 'enterprise' customers

Provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, our integration specialists will check that the integration is correct and provide feedback to the Customer if anything needs to be adjusted before the first live show.

Onboarding

When the Subscription Order is signed by the Parties, Bambuser will support the Customer in the integration and onboarding process with staff specially trained in these areas. In general terms, Bambuser's "Customer Success Staff" will handle the onboarding of the Customer including project management, Customer contact and staff training, while Bambuser's integration team will act as technical support to assist the Customer with coaching and knowledge sharing when integrating the Bambuser Solution with the Customer's e-commerce platform.

Bambuser will assign an account manager to the Customer's account who is appropriately qualified in the fields necessary to provide the Services. The account manager will be the main point of contact and will coordinate a successful launch for the Customer's brands, referred to as the "Onboarding". The Onboarding serves as the technical alignment streamlined with the Customer's integration where the Customer receives all user necessary details in order to successfully launch the live shows. The client manager will serve as the primary Customer contact for the duration of the Subscription Order. The account manager will host recurring meetings, follow up key KPI:s, and provide the Customer with suitable 'best practice' cases as well as suggestions for improvement.

Customer Responsibilities

The Customer is responsible for creating a promotional plan driving to each live show.

The Customer is required to provide logo, font, color, wording and iconography guidelines for its live stream player User Interface ("UI"). For any additional/ new customization the delivery timeframe is forty-eight (48) hours.

The Customer is required to autonomously design and upload for welcome pause and end screens (curtains).

The Customer is required to provide legal chat terms applicable for the live show participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to approve Bambuser Player wording for all additional languages.

The Customer is required to provide feedback and final approval on its brand players, UI.

The Customer is required to manage user access to the Bambuser Dashboard.

The Customer is required to schedule tests and live broadcasts using the Bambuser Dashboard.

The Customer is required to embed the Bambuser Player on a webpage pertaining to the Customer. The Bambuser Player contains cookies available here which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from live show participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is responsible for the production of the Content for the broadcast.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) of every test and live show that require dedicated support or technical verification.

The Customer is responsible for providing Bambuser with a URL of the landing page where the Bambuser Solution is embedded on its website as well as a contact person and the contact details to that person during the live show so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

For the purpose of broadcasting a live show, the Customer may only us the operating system on their devices that is not more than one (1) generation older/behind than the current version.

Supported browsers and operating system can be found here.

Implementation Services And Onboarding For One-To-One​

Integration and implementation

A complete integration of One-to-One requires purpose-built JavaScript for administering the communication between the Bambuser Call Widget and the Customer's on-site cart.

Implementation services constitute a best-effort endeavor, meaning that in certain cases assistance from the Customer's technology staff may be required.

Inter alia, the Customer is responsible for

(i) approving the theming design a minimum of five (5) business days prior the first video call is scheduled. (After approval Bambuser will code and upload the theme to the codebase on behalf of the Customer. The 'standard' Customer shall have 2 opportunities and the 'enterprise' Customer shall have 5 opportunities to review their theming design during the onboarding process.)

After the theming has been approved by the Customer during the onboarding process, an hourly fee of USD 165 (minimum commitment is 3 hours) applies to theming changes for 'standard' Customers

(ii) the whitelisting of the Bambuser email server and Bambuser product scraper to enable the functionality of critical features of One-to-One. (In the event that the Bambuser Solution should be implemented on a website which is geo-protected, protected by a log in requirement or any other measure that restricts access, it shall be the responsibility of the Customer to grant access to Bambuser to verify and test the integration.)

(iii) ensuring that the integration of the Bambuser code is not modified between the sharp test and the first video call.

Bambuser will for 'standard and 'enterprise' Customers

(i) provide the Customer with a checklist and instructions for how to carry out a sharp test to ensure successful integration and use of the Bambuser Solution. After the sharp test, Bambuser's integration specialists will check that the integration is correct and provide feedback to the Customer if anything needs to be adjusted before the first video call.

(ii) monitor the first video call carried out by the Customer to ensure successful integration and use of One-to-One. (The first video call will have a duration of maximum one (1) hour.)

Onboarding

When the Agreement is signed by the Parties, Bambuser will support the Customer in the integration and onboarding process with staff specially trained in these areas. In general terms, Bambuser's "Customer Success Staff" will handle the onboarding of the Customer including project management, Customer contact and staff training, while Bambuser's integration team will act as technical support to assist the Customer with coaching and knowledge sharing when integrating One-to-One with the Customer's e-commerce platform.

Bambuser will assign an account manager to the Customer's account who is appropriately qualified in the fields necessary to provide the Services. The account manager will be the main point of contact and will coordinate a successful launch for the Customer's brands, referred to as the "Onboarding". The Onboarding serves as the technical alignment streamlined with the Customer's integration where the Customer receives all user necessary details in order to successfully launch the video calls. The account manager will serve as the primary Customer contact for the duration of the Agreement. The account manager will Agent recurring meetings, follow up key KPI:s, and provide the Customer with suitable 'best practice' cases as well as suggestions for improvement.

Customer Responsibilities

The Customer is responsible for creating a promotional plan driving to each video call.

The Customer is required to provide logo, font, color, wording and iconography guidelines for its video stream player User Interface ("UI"). For any additional/ new customization the delivery timeframe is forty-eight (48) hours.

The Customer is required to autonomously design and upload for welcome pause and end screens (curtains).

The Customer is required to provide legal chat terms applicable for the video call participant/viewer per market reflecting the restrictions detailed in the Agreement.

The Customer is required to approve player wording for all additional languages.

The Customer is required to provide feedback and final approval on its brand players, UI.

The Customer is required to manage user access to the Bambuser Dashboard.

The Customer is required to schedule tests and live broadcasts using the Bambuser Dashboard.

The Customer is required to embed the Bambuser Call Widget on a webpage pertaining to the Customer. The Bambuser Call Widget contains cookies available here, which will automatically be installed by the embedment. Whenever applicable, Customer shall obtain necessary consent from video call Participant/viewer in relation to such Cookies. Customer shall also implement the Conversion Library Script and maintain the usage of it, as further instructed by Bambuser.

The Customer is responsible for the production of the Content for the broadcast.

The Customer is required to notify Bambuser within a reasonable time frame (minimum 48h) of every test and video call that require dedicated support or technical verification.

The customer is responsible for providing Bambuser with a URL of the landing page where One-to-One is embedded on its website as well as a contact person and the contact details to that person during the video call so that Bambuser may proactively bring any issues to the Customers attention under monitoring.

Supported browsers and operating system can be found here.