Required diagnostic data for BrightCarbon products

This article explains the data collection and related privacy policy for diagnostic data collected by BrightCarbon software products.

Why is data collected?

Diagnostic data is used to keep BrightCarbon products up-to-date, detect, diagnose and fix problems, and also to make product improvements. Diagnostic data does not include any user-identifiable data such as their name or email address, any content within user’s files, or information about software unrelated to BrightCarbon products.

What data is collected?

Diagnostic data includes information about the version of the operating system and Office app associated with the product, telemetry data about the functional use of the BrightCarbon software features and information to help diagnose problems in the event of a crash. Data is sent with an anonymous UID (Unique Identifier) for each user. The identity of the user cannot be traced via this UID. Users may be asked to register a product by entering their name and email address but this information may be used to create the UID by hashing the concatenation of the user’s name and/or email address and/or computer ID.

Example:

User-entered data: John Smith <john.smith@brightcarbon.com>

Resulting UID: 5c48a3d9421127e48050509e2042b494341ad040a04aebfcf04e437c83b5979c

In the above example, the user name and email address are never sent to the server database. Only the UID is sent and that cannot be decoded to reveal the user name or email address.

Where is the data stored?

BrightCarbon uses Microsoft Azure to store the diagnostic data in an SQL Server database. BrightCarbon choose the location of the data to be in Europe as this is where the strongest protection is offered for users via the EU implementation of GDPR laws. The Microsoft Azure privacy policy can be found here.

Opt-in or Opt-out?

BrightCarbon provides free and paid products. These are treated separately as follows:

Free

• Diagnostic data is always collected and cannot be disabled.
• The agreement in the installer declares this and the app has a link to this privacy policy.
• Opt-out is provided via the option to not install the app.

Example products: BrightSlide & Proof of Concepts

Paid

• Diagnostic data collection is turned on by default.
• This privacy policy is linked to from the customer-facing knowledge base.
• Opt-out is provided via an admin UX for BrandIn.

Example products: BrandIn & ShowMaker

Special BrandIn considerations

BrandIn is designed to operate entirely within a client’s SharePoint tenant. Customers may request usage data for the solution within their environment. To facilitate this request, a limited set of anonymised diagnostic data may be enabled by the BrandIn solution administrator. The diagnostic data collected is stored within the customer’s environment and accessible via the BrandIn admin UX. Examples of the usage data collected in this case include the number of Brand Assets inserted over time (slides, pictures, icons, graphics), the number of times Brand Check has been run, the number of corrections made by Brand Check, how often help resources were accessed.

How can I see what data is collected?

[to be written] – should we have a tool for users to see live data as used by the Microsoft Diagnostic Data Viewer?

Other things to consider

A parent article to explain the different data types:

• Required diagnostic data (e.g. is the product licensed?) vs. optional diagnostic data (e.g. usage data)