Solsten Data Protection

Solsten is a privacy-first company. Solsten commits itself to uphold the highest security standards to not just ensure a great service to its customers but to also ensure being a trusted and valued partner to our partners and individuals engaging with our services.

Service overview

Solsten is the human-experience SaaS platform that empowers companies to deeply understand their audience and transform products into mutually-beneficial digital ecosystems that are healthy for businesses and users. Our insights transform experience development by creating a truthful source of audience understanding that aligns research, design, development, and marketing teams on a singular path towards more engaging, livelier, and healthier digital products.

Data protection by design

At the core of the Solsten service lie artificial intelligence models based on psychological data. Solsten collects and controls the psychological data of users from the different games the company works with. The data is collected via Solsten’s proprietary psychological assessment.

This data and the resulting insights regarding how to optimize user experiences form the core intelligence and product that Solsten provides.

It is critical to note the following principles as they relate to the core business:

Solsten never releases the raw psychological data of users to any of its customers
Solsten never identifies an individual user, either internally or to its customers
Per the data collected, Solsten is not capable of identifying an individual
Solsten does not collect data from minors and children in accordance with the the law
Data, insights, and recommendations to customers are always provided on an aggregate cluster or segment level, but never for a specific individual
Solsten does not allow its customers to send any personally identifying information (PII) and only accepts fully anonymized player IDs as well as in-game behavioral data, both of which do not enable Solsten to know the identity of an individual user

• Solsten applies the same rigorous data privacy and security standards and enforces its guidelines for all of its customers and their users, regardless of location or citizenship of users
• Solsten’s role as data controller and processor
• Solsten assumes the role of data controller with respect to the following types of data:
• Psychological data of users playing a game or using an app/service
• Usage data of how customer’s employees use the Solsten service
• Solsten customers’ employee personal data (e.g. name, email, password)

This data is collected directly via the Solsten survey and service, in which users specifically agree to the Solsten Privacy Policy and Terms of Service. Solsten controls this data and never shares the raw data with customers.

Solsten assumes the role of data processor with respect to the following types of data:

• Player (user) IDs (anonymized)
• In-game behavioral data
• Key performance indicators (KPIs) and other metrics

Ability to delete, modify, view data by request

Customers are able to request Solsten to delete, modify, or view their data at any time. Generally, business records with personal information are only kept as long as strictly needed according to existing laws.

Players can request Solsten to delete any data we control on their behalf. Since Solsten does not have a way to identify an individual player, players need to send us their Solsten ID as received by taking our assessment. Players have the ability to contact Solsten via the Solsten website and are offered step-by-step assistance to properly and efficiently address their request.

Data security
Solsten’s security setup follows the ISO 27001 norm. This includes providing necessary and appropriate resources, the implementation of regular internal audits, appropriate document control, management assessment, and the application of the continuous improvement model (PDCA). Solsten Inc strives for the continuous improvement of its processes regarding information security.

Everybody who works for or with Solsten has the responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with our data protection policy and data protection principles.

At Solsten, we deploy a large set of technical and organizational measures (TOM) to keep all data protected at all times. The main TOMs are:

• Appropriate environmental and physical security measures to prevent unauthorised physical access to restricted information and the systems managing it.
• Manage and restrict access to only the resources necessary for users (application, database, network, and system administrators) to perform authorized functions via role-based access. We document all the user types and their related permissions.
• Strong authentication and encryption that meet security standards for any remote access to Customer Data.
• Secure method for securing authentication information (username and password) by acceptable security standards.
• Separation of Customer Data from any other customer or Processor’s own applications and information, including but not limited to the public internet or any system used by the Processor.
• Information is protected using appropriate tools and measures, including but not limited to access control, firewall, anti-virus applications.
• No transfer and store Customer Data on removable devices, laptops, smartphones, tablets, etc., unless agreed upon in advance with the Customer in writing. Implementation of security measures such as using encryption to protect all of • Customer Data stored on mobile devices.
• Regular installation of the most recent system and security updates to systems that used to access, process, manage, or store Customer Data.
• Risk assessment processes and surveys to regularly assess information security risks
• Appropriate measures of identification and access controls to any of the Processor’s systems and Customer Data.
• Penetration test and / or code review (“Security Check”) once a year or after any major change in the system by external organization
• All personnel, subcontractors or representatives performing work under this Agreement, are in compliance with these measures
• Appropriate level of periodical training concerning the organizational security measures and privacy issues, to the personnel who has access to Customer Data.

Questions
For any question, please do not hesitate to reach out to security@solsten.io.