Traverse CCPA Opt-Out Spec
Under CCPA, if a business receives an opt-out it needs to do two things:
a. Stop selling data associated with the consumer.
b. Pass the opt-outs downstream to partners who bought this data.
The SLAs for CCPA opt-outs are 15 days, so it’s best practice to send us these opt-out files at a minimum of twice per month. Traverse will provide our opt-out files on a weekly cadence.
Access to privacy requests
Traverse has created an AWS S3 bucket to handle all incoming and outgoing opt-out requests. Traverse will generate AWS credentials for access and provide them on request. If you already integrate with Traverse via an S3 bucket that we manage, your current ID/Secret Key may be used to access the new opt-out process.
Your opt-out requests will not be directly visible to any other Traverse client. All opt-out requests will be passed downstream through our outgoing opt-out feed.
Passing Opt-Out Requests to Traverse
Opt-out requests will be uploaded in the form of gzipped CSV files to the following location:
s3://traverse-optout/incoming/{YOUR-CLIENT-ID}/{FILENAME.CSV.GZ}
File Formatting:
Opt-out files must be CSV files, gzipped, with unix line endings. A header row with the following entries is required. Headers are required even for optional fields.
| Parameter | Description | Required |
|---|---|---|
emailMd5Lower |
MD5 hash of a lowercased email address | Yes1 |
emailSha1Lower |
SHA1 hash of a lowercased email address | Yes1 |
emailSha256Lower |
SHA256 hash of a lowercased email address | Yes1 |
optOut |
Integer, 1 indicates opt-out of 3rd party collection | Yes2 |
timestamp |
ISO 8601 formatted datetime string | No |
1Email addresses should be converted to lowercase and stripped of all whitespace characters prior to hashing.
2Do not set the optOut column to ‘1’ if you just detect a ‘do not track’ or ‘limit ad tracking’ signal from the device or operating system. Do not send us any records for devices where you find ‘do not track’ or ‘limit ad tracking’.
File Naming:
File names must be unique for each file. Each file name must end with .csv.gz.
Traverse recommends incorporating a timestamp into the file name for
uniqueness and clarity.
Receiving Opt-Out Requests from Traverse
Opt-out requests will be made available in the form of gzipped CSV files in the following location:
s3://traverse-optout/outgoing/incremental/optout-YYYY-MM-DD.csv.gz
YYYY-MM-DD being the ISO 8601 date code for when the file was generated
Files will be generated weekly. Each file will be incremental.
File Formatting
Files will be formatted in exactly the same manner as we request incoming files.
That is; CSV files, gzipped, with unix line endings. A header row with the following entries will be provided. Row order will remain consistent, but we reserve the ability to add additional columns with proper notice.
| Parameter | Description | Always included |
|---|---|---|
emailMd5Lower |
MD5 hash of a lowercased email address | Yes1 |
emailSha1Lower |
SHA1 hash of a lowercased email address | Yes1 |
emailSha256Lower |
SHA256 hash of a lowercased email address | Yes1 |
optOut |
Integer, 1 indicates an opt-out of 3rd party data collection | Yes |
timestamp |
ISO 8601 formatted datetime string | No |
1Email addresses will be converted to lowercase and stripped of all whitespace characters prior to hashing.