Information systems security and privacy issues are top priorities for Batch. We carry out a permanent legal watch to ensure that our products and services remain up to date on GDPR compliance.

We provide our customers with the necessary information and actionable features for GDPR compliance.

Our customers' data is stored exclusively in France, and we do not maintain any technical infrastructure outside the European Union. Batch does not send personal data to external entities.

For more details, you can find our Data Processing Agreement (DPA) on https://dashboard.batch.com/gdpr as soon as you create an account with Batch here.

Hereafter is a list of the data which is collected natively by Batch for mobile and web integrations.

* The collection of this data can be deactivated: iOS / Android.

Storage: The Batch SDK stores data in the app local storage (SQLite).

Storage: The Batch SDK does not set any cookies but relies on the browser’s local storage (under “Local Storage” and “IndexedDB”).

🚧 Note:

According to the GDPR, you need to obtain consent from your users for the data treatments that you implement. Your legal team can help you to determine how to handle these treatments in your specific case.

In addition to the data listed above, you’re free to send custom data to Batch. In this case, ensure that you have all the necessary consent too.

You can use all the methods offered by Batch to comply with your users' choices.

On mobile, the SDK can be disabled by default and start collecting data only after consent. Optionally, locally collected data can be deleted when the user opt-outs.

The SDK opt-out methods are documented here: iOS / Android.

The collection of the Advertising ID (e.g. IDFA / GAID), can be easily disabled (see our documentation here: iOS / Android).

For web push, you can deactivate Batch's JavaScript tag manually or using your Tag Manager. For example, you can choose to execute the JavaScript tag only after your users give their consent through your CMP.

Read more: How to integrate Batch into my CMP?

For some data, Batch proceeds to an automatic deletion of inactive profiles.

Read more here: Privacy & Profiles

Batch provides a GDPR-dedicated API, which can be integrated into your internal processes to carry out requests for access or deletion of data linked to an identifier. This ID can be a custom user ID, an advertising ID, or an installation ID.

Our API also supports an OpenGDPR endpoint (https://opengdpr.org/).

The API features are also available in a Privacy Center on our operational dashboard via Settings > GDPR:

The dashboard shows the list of all the requests made from the API or the dashboard on a daily basis:

It also shows the status of all your data access/removal requests:

It is possible to wipe local SDK data directly using the methods documented here: iOS / Android.

In all cases, any/all deleted data resulting from a manual action are permanently wiped from our databases in under 30 days max. retention period to make sure that you can comply with the 3 months max. official GDPR requirement.