NaMo app controversy: US-based analytics firm says it doesn't 'sell, rent' data

The five-year-old US-based startup founded by three Indians is facing the heat after a pseudonymous researcher alleged that Modi's app was pumping private information to servers controlled by the firm without the users' consent.

NaMo app controversy: US-based analytics firm says it doesn't 'sell, rent' data

Washington: A US-based analytics company facing allegations that it received personal data from the official mobile app of Prime Minister Narendra Modi without the consent of app users, has said that it does not sell, rent or re-market data. "CleverTap employees don't have access to any of the data stored with it by a publisher," Anand Jain, co-founder of California-based firm, said in a short e-mail statement when asked if his company has access to users' personal information from the NaMo App.

The five-year-old US-based startup founded by three Indians is facing the heat after a pseudonymous researcher alleged that Modi's app was pumping private information like name, email, mobile number, device information and location, to servers controlled by the firm without the users' consent.

The researcher, who goes by the pseudonym Elliot Alderson, in a series of tweets, pointed the privacy lapses in the NaMO App and alleged that mobile marketing platform CleverTap was the beneficiary of the data transfer. "When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier ?) and personal data (email, photo, gender, name, ?) are sent without your consent to a third-party domain called http://in.Wzrkt.Com," the researcher tweeted.

The BJP, however, said the permissions required are all contextual and cause-specific and that the data is being used for only analytics using third party service.

In a blog post on Monday, Jain without making any reference of the NaMo App, said, "Given the recent discussion over privacy, security, and the role of service providers such as CleverTap, we'd like to clarify our stand on security, user consent, and data privacy......CleverTap doesn't sell, share, rent, re-market, or do anything funny with publisher data."

He said the company works with first-party data provided by the app publisher. "The data collected by the publisher and shared with a service provider is governed by the publisher's privacy policy. We neither control how publishers frame their privacy policies nor review them."

"We don't enhance or combine data from other sources at our end," said Jain, adding that CleverTap is the brand name, while WizRocket is the name of the parent company. "CleverTap offers a variety of hosting locations globally, including Indian data-centers for those businesses that might have a legal or governance requirement. CleverTap hosts its servers within AWS," wrote Jain. AWS stands for Amazon Web Services.

CleverTap said that Amazon Web Services is its hosting provider. They maintain data centers that are fully compliant with a range of certifications which allow finance, healthcare and government data to be stored in their data centers. Describing his company as an app/web analytics and user marketing platform, Jain said it also provides a dashboard to its customers to view business metrics related to the use of their app/website, and communicate with their users using emails, SMS, push notifications, etc.

Founded in May 2013 by three Indians, Jain, Sunil Thomas, and Suresh Kondamudi, CleverTap is a behavioral analytics company and a mobile marketing platform that provides real-time insights to marketers. "At CleverTap, we believe in making our customers successful. Earning their trust is what we strive for and we realize that consent, privacy, and data security are critical milestones in this journey," Jain said.

The company argued that the customer data is stored in an encoded format optimised for performance, rather than stored in a traditional file system or a database. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering, the company said.