NaMo app controversy: US-based firm says it doesn’t sell or rent data

A US-based analytics company facing allegations that it received personal data from the official mobile app of Prime Minister Narendra Modi without the consent of app users has said it does not sell, rent or re-market data.

“CleverTap employees don’t have access to any of the data stored with it by a publisher,” Anand Jain, co-founder of the California-based firm, told PTI in a short e-mail statement when asked if his company has access to users’ personal information from NaMo app.

The five-year-old US-based startup founded by three Indians is facing the heat after a pseudonymous researcher alleged that Modi’s app was pumping private information such as name, email, mobile number, device information and location to servers controlled by the firm without the users’ consent.

The researcher, who goes by the pseudonym Elliot Alderson, in a series of tweets, pointed out privacy lapses in the NaMo app and alleged that mobile marketing platform CleverTap was the beneficiary of the data transfer.

“When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called http://in.wzrkt.com,” the researcher tweeted.

The BJP, however, said the permissions required are all contextual and cause-specific and that the data are being used for only analytics using third party service.

In a blog post on Monday, Jain, without making any reference of the NaMo app, said, “Given the recent discussion over privacy, security, and the role of service providers such as CleverTap, we would like to clarify our stand on security, user consent, and data privacy... CleverTap doesn’t sell, share, rent, re-market, or do anything funny with publisher data.”

He said the company works with first party data provided by the app publisher. “The data collected by the publisher and shared with a service provider is governed by the publisher’s privacy policy. We neither control how publishers frame their privacy policies nor review them,” Jain said.

“We don’t enhance or combine data from other sources at our end,” he said , and added that CleverTap is the brand name, while WizRocket is the name of the parent company.

“CleverTap offers a variety of hosting locations globally, including Indian data centres for those businesses that might have a legal or governance requirement. CleverTap hosts its servers within AWS,” wrote Jain. AWS stands for Amazon Web Services.

CleverTap said Amazon Web Services is its hosting provider. They maintain data centres that are fully compliant with a range of certifications that allow finance, healthcare and government data to be stored in their data centres. Describing his company as an app/web analytics and user marketing platform, Jain said it also provides a dashboard to its customers to view business metrics related to the use of their app/website, and communicate with their users using emails, SMS, push notifications, etc.

Founded in May 2013 by three Indians, Jain, Sunil Thomas, and Suresh Kondamudi, CleverTap is a behavioural analytics company and a mobile marketing platform that provides real-time insights to marketers.

“At CleverTap, we believe in making our customers successful. Earning their trust is what we strive for and we realise that consent, privacy, and data security are critical milestones in this journey,” Jain said.

The company argued that customer data are stored in an encoded format optimised for performance, rather than stored in a traditional file system or a database.

Data are dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering, the company said.