Email Privacy Guide
Cheetah Digital provides its marketer customers with the ability to send marketing and transactional email among other commercial electronic messages.
As a permission-based Email Service Provider, we seek to educate marketers on the permission-based standards and techniques that can help them build trust in the direct marketing channel while maintaining optimal deliverability and sender reputation.
The following Frequently Asked Questions are ment to provide you with educational information about our email services and related industry self-regulatory practices.
What is an 'Email Service Provider'?
At its core an ESP provides marketers with bulk newsletter and targeted email sending capabilities. As an ESP Cheetah Digital helps our customers orchestrate data-driven, personalized electronic communications that can be planned or triggered in real time. For example, if you visit a retail customer's website to buy jeans, but leave before making a purchase, our Customer can use our technology to send you an email reminding you about the item left in your shopping cart.
Does an ESP need more than someone's email address to deliver email?
Technically, no. An email address is all that is needed to send someone an email newsletter. But marketers will need to collect and work with more information to be able to send more relevant and timely emails, to measure the effectiveness of their markeitng efforts, and to just ensure their email lists remain clean and free of spamtraps.
The kinds of personal information that an ESP can ingest and process to provide a wider range of optimization and email deliverability services typically includes:
Identity information. That's your contact information starting with your email address, and any other information such as your full name, phone number, postal address or any other addressable information you may volunteer to a Customer such as through an online Experiences form.
Customization and personalization. This is typically demographic information and informaiton about your interests and choice preferences. It can include non-precise location information, your favorite store location, shopping and lifestyle interests, any language preferences, and the kinds of messages and communication channels you prefer. This information is commonly used for audience segmentation and content personalization.
Email behavioral and analytics data (including mobile websites). This data includes engagement signals such as email opens, clicks, opt-outs, conversions and so forth. This is technical data and is collected via pixels, tags, special tracking URLs, and through cookies and similar technologies by Cheetah Digital or an analytics provider a customer embeds in their email message or website page (e.g. a newsletter sign-up confirmation page). Marketers use this data to measure campaign performance and effectiveness in driving sales, and deliverability professionals use this data to combat email abuse (i.e. spam) and influence best practices.
Online identifiers. An email address is a unique online identifier. A dedicated IP address can be as well, and this can be collected by an email sender when you open and read their message. Other IDs commonly used for digital marketing and advertising include cookies, mobile device identifiers, and other such IDs which can be used to uniquely identify an online user or their device.
Other volunteered, linked or linkable data which helps marketers create a unified view of their customers and email recipients so as to deliver more relevant and timely messages.
What about data from other marketing channels or from mobile devices?
In order to help our customers orchestrate the most relevant campaigns possible, technology empowers marketers to collect and integrate data from outside sources through multiple points of entry, including API calls, webforms, manual uploads and secure file transfers, among others. Available data ingestion methods include batch import and HTTP posting, complemented by standard, sequential and advanced data loading capabilities. As such, Customer databases (and recipient profiles) are frequently updated with new personal and non-personal information. Cheetah Digital has no means to independently embed our forms and technologies into Customers’ digital properties without their direction.
These capabilities help marketers engage website and shopping cart abandoners with timely and relevant incentives, reactivate legacy email subscribers, and target engaged email audiences online with interest-based display, mobile or social ads. When using our Services, marketers are thus able to synchronize personal information with other unique non-personal identifiers, such as cookie, for a variety of marketing and analytics uses.
For example, if you click-through an email that Cheetah Digital helped facilitate on your smartphone, you may see a similar ad on a standard website or within a social media application, or embedded within a personalized email offer. Please see below for more information on the technologies driving these capabilities and your choices for continued tracking.
What is 'deliverability'?
Deliverability is the art and science of distributing email messages to recipient inboxes in a safe, transparent and accountable way. As with any scientific endeavor, it requires data, investigation, testing, and refinement to ensure performance success. We are committed to partnering with the client to provide the mechanisms to test identify, measure, and deliver emails to recipient inboxes.
In addition, there are email industry standards, governmental laws, and rules that we must comply with for successful deliverability. These standards are set by: the Internet Service Providers’ (ISPs) Acceptable Use Policies, Internet Engineering Task Force (IETF), Messaging Anti-Abuse Working Group (M3AAWG), the Email Service Provider Coalition (ESPC), Email Experience Council (EEC, a part of the Association of National Advertisers), and other non-profit organizations. Abiding by these practices promote and enhance our transparency for maintaining legitimate messaging so that both individual recipients and mailbox providers can easily distinguish legitimate senders from abusive senders.
We require our email customers to adhere to these requirements in addition to our Global Anti-Spam Policy to ensure optimal deliverability. And a positive sender reputation with mailbox providers and anti-spam groups.
How do you ensure email deliverability and the integrity of your deployment network?
First and foremost, byensuring the safe and optimal functionality of our messaging systems. We do so by implementing adequate information security and application controls, ensuring the soundness of its transmission mechanisms and protocols, and providing core functionality such as processing marketing opt-out requests.
Our privacy and service integrity principles can be broken down as follows:
Transmission accuracy. Cheetah must maintain accurate technical transmission information on behalf of its customers at all times to mitigate phishing and malware-related risks.
Sender transparency. Customers must provide identification information in their messages and through their acquisition touch points. Cheetah do not automatically account for this.
Content truthfulness. Customers must maintain accurate and truthful content in their message headers, subject lines and message bodies. Cheetah does not automatically account for this.
Acceptable use and accountability. Customers must comply with Cheetah acceptable user terms and applicable privacy and electronic communication laws to ensure their collection, use and sharing of personal information is legitimate and permissible.
Email privacy and marketing compliance. Customers must manage consumer rights and expectations, including providing the means for recipients to exercise choice with customer electronic messages. Cheetah often takes on the management of opt-in/opt-out/preference management functionality.
How do you ensure your mail services are authorized to send emails on a customer's behalf?
We require all email customers to delegate a subdomain from their existing domain name. We then register the IP addresses (dedicated or shared) for use with mailing the campaigns. This will allow anyone to reference this information in the public network directory services. In this respect, recipients and receiving networks can identify the authenticity of the sender and view Cheetah’s reference as the network licensee.
We also provide IPs appropriate to a customer’s volume and category of emails (promotional vs transactional). This is to help optimize deliverability and reputation. As a customer builds their list, we can upgrade the number of IPs within their private network.
OK, how would I know the emails I receive from your customers are legitimate?
When we deploy an email message on behalf of a customer, we request the customer to provide a domain. This will be associated with their account and be used in the email to communicate with you. All elements in the full email header, notably the 'from:' line will reference the customer’s information. The only exception is when a customer sends emails from our shared network. In this instance, the technical command (EHLO or HELO) used for connecting to an e-mail server will reflect our owned domains such as @chtah.com or @k.ccmp.eu.
Additionally, the origins of all emails can be found by reviewing the sender’s Internet Protocol (IP) address. The IP address (e.g. 12.34.567.890) can identify the actual computer that is sending the message and is visible within the technical header portion of the email message. The computers associated with any email address we send belong to Cheetah Digital and can be traced back to us as the designated sender. If you would like to trace any domain name or IP address of an email sender, refer to this section of Domaintools website.
To learn more about fighting spam and authenticating email, please refer to these educational resources:
How do you support customers who need to collect consent from email recipients?
A primary rule for sending marketing email to have the informed and verifiable consent of the recipient obtained and recorded. Recipients are less likely to report messages as unwanted or abusive if they willingly signed up for the messages. And it is easier to justify such messages when records of consent are contemporaneous and demostrable.
To that end, Cheetah natively supports consent attainment, revocation and choice management requirements within its platforms. Opt-in, opt-up and opt-down, opt-out and granular choice preference management are just some of the capabilities we offer. These capabilities can be further customized for a customer, and choice records can be updated in the platform via registration forms, preference centers, mobile app, JS snippets in web pages, as well as email/SMS responses where enabled. Ultimately, the status of these preferences are stored and managed as part of the email recipient's profile and all changes are auditable.
We also offer and often recommend double opt-in protocols as well as cross-channel re-engagement solutions to bolster signs of interest in marketing and to harden records of consent.
Further, we have language in our contracts requiriing customers to obtain appropriate consent from message recipients before sending them marketing. And while we strictly limit our liability in such matters we frequently work with our customers to educate them about permission-based acquisition and deliverabiilty best practices.
Do you use email-related cookies?
Yes. As part of our Services we may set cookies associated with pixel tags for (i) web pages we develop and host on behalf of Customers, or (ii) where authorized by a Customer within their email messages and on their own websites.
Cookies may be downloaded from our web servers and stored locally on an email recipient's computer. Information on the cookie is then referenced by the web browser in conjunction with specific web-enabled email or visited web pages. This cookie responds to a web server with information about how the email recipient engaged with the email or web pages (i.e., open, click-through, image download, etc). An example of this occurs when marketers track email users' visits to a website and any subsequent online sales that could be correlated with the email recipient.
Further, the cookies are configured to expire after a few days, but the expiration period are as directed by the customer. As such, Cheetah Digital cookies are re-authenticated for incremental multi-day periods, or greater, when an email recipient opens an email or clicks through an email to a URL embedded into the email. Otherwise, they expire.
Can describe the kinds of use cases your URLs, pixels and cookies support in more detail?
The most common use cases include:
Open rate tracking. In order to provide ‘open’ or ‘unique open’ reporting, a pixel tag must be activated from the email message. This pixel tag is embedded by default in all Cheetah client emails, unless designated by the client specifically to restrict its use. In addition, once a pixel tag is activated and references the Cheetah web server, Cheetah will attempt to deliver a client-specific cookie to those user computers. These cookies are used to enable better client-specific reporting and functionality, and user activity associated with these cookies may be updated in conjunction with other product functionalities noted below.
Click-through tracking. If recipients click-through a link in an email message, then they are redirected through a Cheetah-specific link to the website content designated from the email. During this website redirection process, Cheetah will attempt to deliver a client-specific cookie to those users computers. These ‘click-through’ cookies are used similarly to ‘open’ cookies.
Email-web view page hosting. By default, Cheetah provides a ‘click here to view this email as a web page’ functionality that is typically provided to recipients in the ‘pre-header’ at the top of an email message. When users click-through this link or otherwise visit the Cheetah-hosted web view page, the web server will attempt to deliver a client-specific cookie similar to open or click-through tracking.
Refer-a-friend. Similar to web page hosting, Cheetah can host refer-a-friend (RAF) web pages on behalf of clients who choose to use that feature, which enables cookies by default when recipients click-through to utilize it. With this feature, the recipients who open or click-through a referred email will also receive a cookie, but Cheetah cannot associate that user with any other information because the recipient is not a subscriber.
Track-to-purchase. While the Cheetah product name references “purchase”, it should be more accurately referenced as “track-to-conversion”. Cheetah can place a pixel tag on any client web page that follows a web form completion to capture the appropriate recognition or content associated with that web form conversion. This tag works in conjunction with the original open or click-through cookie and appends information to it when the post-conversion pixel is activated. If the user deletes or disables their original open or click cookie, then a subsequent purchase (or another conversion) will disable Cheetah’s ability to attribute associated user transactional information with any previously held information. Cheetah tracks conversions by default for 30 days following email activity.
Remarketing. Also known as targeted or behavioral email. The most common example is a shopping cart abandonment email that is triggered when registered email users do not complete website purchases. There are two standard ways this service operates: (1) using a Cheetah pixel tag and cookie, or (2) using a 3rd party web analytics pixel tag and cookie. In either scenario, the pixel tag and cookie correspond to information about the email user in order to send an email that is personalized based on their website experience.
Other common uses include sensing whether an email recipient can recive HTML email or only plaintext email, web analytics and measurement, cross-channel retargeting such as to serve a display ad on Facebook, market research, anti-fraud, email content display optimization, and user validation.
Do your cookies contain personally identifiable information?
Our cookies enable marketers to provide website and email personalization services for their email subscribers, customers, or registered website visitors. This requires us to connect email and website visitor activity with previously provided information in order to offer personalization, web form pre-population and closer relevance of our customers' email marketing efforts.
However, it is important to note that the email-related cookies we attempt to set do not contain any directly identifiable personal data such as name or email address in the cookie itself. Instead, pseudonymous identifiers such as a cookie ID may be utilized so as to connect the necessary dots.
Do you host web pages and forms for your customers?
Yes. Cheetah Digital provides web page hosting for our customers’ for their convenience, including through our Cheetah Experiences solution. Hosted services facilitate email subscription, preference management, refer-a-friend, sweepstakes, quizzes, games, surverys and other on-demand content fulfillment information.
It is important to note that, when hosting forms and providing data collection tools (forms, endpoints etc) to our customer we act as a 'pipe' and underlying technology provider. We facilitate our customers' ability to ingest data directly into their Cheetah databases.
The data -- personal or otherwise -- that we ingest on behalf of our customers remains their exclusive property of the customer that is branded on the web page. As such the web pages, forms, surveys and so forth we'd host on a customer's behalf will include their branding, links, privacy notices and other relevant information.
Do you support user-initiated message forwarding?
Yes. Which means as an ESP we may also collect anonymous tracking information with email messages 'forwarded' from a recipient within their own email software or webmail service to another user. Examples of information collected may include the number of times the message was forwarded, the number of times the forwarded message was opened, and the click-through activity within those forwarded messages. No identifiable personal data concerning a natural personal is collected with email messages forwarded by a recipient through this process.
Who do I contact if I receive an unwanted or unsolicited message from your customer?
If you believe you have received an unsolicited commercial email from Cheetah Digital on behalf of any of our customers or using any part of our domain name, please send an email (preferably with the reported email violation included or attached with the ‘full sender header’) to our Abuse Desk.