Information systems security and privacy issues are top priorities for Batch. We carry out a permanent legal watch to ensure that our products and services remain up to date on GDPR compliance.
We provide our customers with the necessary information and actionable features for GDPR compliance.
Geographical location of the data
Our customers' data is stored exclusively in France and we do not maintain any technical infrastructure outside the European Union. Batch does not send personal data to external entities.
For more details, you can find our Data Processing Agreement (DPA) on https://dashboard.batch.com/gdpr as soon as you create an account with Batch here.
Default data collected by Batch
Hereafter is a list of the data which is collected natively by Batch for mobile and web integrations.
Mobile (iOS / Android)
Batch does not set any cookies but relies on Local Storage.
App usage and campaigns data (App + Web)
According to the GDPR, you need to obtain consent from your users for the data treatments that you implement. Your legal team can help you to determine how to handle these treatments in your specific case.
In addition to the data listed above, you’re free to send custom data to Batch. In this case, ensure that you have all the necessary consent too.
You can use all the methods offered by Batch to comply with your users' choices.
Actionable features for GDPR compliance
Activate/Deactivate Batch's SDK on demand
On mobile, the SDK can be disabled by default and start collecting data only after consent. Optionally, locally collected data can be deleted when the user opt-outs.
The collection of the Advertising ID (e.g. IDFA / GAID), can be easily disabled (see our documentation here: iOS / Android).
Read more: How to integrate Batch into my CMP?
Data Access / Deletion
Batch provides a GDPR-dedicated API, which can be integrated into your internal processes to carry out requests for access or deletion of data linked to an identifier. This ID can be a custom user ID, an advertising ID, or an installation ID.
Our API also supports an OpenGDPR endpoint (https://opengdpr.org/).
The API features are also available in a Privacy Center on our operational dashboard via Settings → GDPR:
The dashboard shows the list of all the requests made from the API or the dashboard on a daily basis:
It also shows the status of all your data access/removal requests:
In all cases, any/all deleted data resulting from a manual action are permanently wiped from our databases in under 30 days max. retention period to make sure that you can comply with the 3 months max. official GDPR requirement.