Privacy And Telemetry Controls
Privacy and telemetry controls determine what security context AppTego collects and how deployed apps refresh supported configuration. Use these controls deliberately and align them with your privacy notice, legal basis, retention policy, and customer support process.
Collect enough context to investigate security events, but avoid collecting data your team does not need.
Control Matrix
| Control | Platforms | Minimum plan | Execution | Use when |
|---|---|---|---|---|
| Configuration Update Frequency | Android, iOS | Enterprise | Runtime configuration | You need to tune how often protected apps check for configuration updates. |
| Store Device Information | Android, iOS | Enterprise | Telemetry storage | Device posture and metadata should be available in AppTego logs. |
| Store IP Address | Android, iOS | Enterprise | Server-side telemetry storage | IP address collection is required for security analytics or compliance. |
| Store Location Information | Android, iOS | Enterprise | Server-side telemetry enrichment | Country-level location context from IP address is required and covered by your privacy policy. |
Store Location Information depends on Store IP Address. AppTego derives country-level location server-side from request IP metadata; it does not use device GPS APIs or trigger mobile location permission prompts.
Privacy Review Checklist
| Question | Why it matters |
|---|---|
| What data is collected? | Security teams need enough context to investigate events without collecting unnecessary information. |
| Why is it collected? | Each telemetry control should map to a security, compliance, fraud, or support purpose. |
| Who can access it? | Portal roles and support processes should match your organization policy. |
| How long is it retained? | Retention should match your contract, regulation, and operational need. |
| What do users see? | Privacy notices and consent flows should match the enabled controls. |
Rollout Guidance
- Review the control with your privacy, legal, and security stakeholders.
- Confirm tenant roles and access permissions for logs that include telemetry context.
- Enable the control in Development or Staging and verify log output.
- Update privacy notices, support scripts, and data-handling records where required.
- Promote to Production only after retention and deletion workflows are understood.
Documentation To Keep Internally
| Record | Purpose |
|---|---|
| Enabled telemetry controls | Shows what data categories your protected apps can report. |
| Business purpose | Maps each data category to security, fraud, compliance, or support need. |
| Access owners | Identifies who can view or export telemetry. |
| Retention process | Confirms how long data is kept and how exports are handled. |
| Support language | Helps support teams explain privacy-sensitive behavior consistently. |