Presto Apps

Q. What kind of information is collected from the app user?

Ans: Following types of information is being provided : 

1. User email id and phone number - Voluntarily provided by the user during registration
2. User's current location - With the approval of the user.
3. User device make & model, OS version and device token - With the approval of user. For the purposes of push notifications
4. App usage data - Anonymized and sampled analytical data using Google Analytics.
      - For the Google Analytics integration we are bound by their Terms of Service : https://www.google.com/analytics/terms/us.html
      - This data is not being shared with any 3rd party unless demographic tracking is enabled for you. Please check with your account manager or    Presto support if you want to know whether demographic tracking is enabled for your app.
5. User's IP address from where the request is made

Q. When this information gets collected?

Ans: 1. User email id and phone number - At the time of registration or placing the order
        2. User's current location - Only when the app is launched and GPS access is turned on and allowed
        3. User device make & model, OS Version and device token - Only when the app is launched
        4. App usage data - Only when the app is being used
        5. User's IP address from where the request is made - When the app is being used

Q. For how long this information is accessible to us?

Ans: 1. User email id and phone number - As long as the contract of the customer with Presto (Pallette Arts Pvt Ltd) is in force.
        2. User's current location - Never stored.
        3. User device make & model, OS version and device token - As long as the contract of the customer with Presto (Pallette Arts Pvt Ltd) is in                   force.
        4. App usage data - As per current Google Analytics policy: 2 years. This is governed by Google Analytics policy.
        5. User's IP address from where the request is made - 100 days.

Q.  Is there any malware scanning in place?

Ans: All server systems are continuously monitored for suspicious activities from network activity perspective. There is no other active malware                scanning in place for user uploaded files.

Q.  Mention the security measures (RSA etc…) in place. Is there an SSL certificate?

Ans: 1. Connection between app and the server happens over a secure line protected by an SSL certification
        2. SSL version used : TLS 1.2 with 128-bit key and SHA256 Hash
        3. Login credentials are encrypted when stored

Q. Is there any behavioural tracking or are cookies being monitored?

Ans:  1. Google Analytics is used to track usage of the app which includes things like which screens were most used, which item was most                            viewed, etc. This is all anonymized data. Google Analytics might use cookies to identify a device.
         2. User login status is maintained in a session cookie on the app. This is stored as long as the app is installed on the device.

Q. Are there any third-party services involved?

Ans:  1. Google Analytics
         2. Google Maps
         3. Google Cloud Messaging (Firebase Cloud Messaging)
         4. Apple Push Notification Service