GDPR Compliance
Here's a practical overview of what - at Batch - is available for you to comply with GDPR.
Lucie avatar
Written by Lucie
Updated over a week ago

Information systems security and privacy issues are top priorities for Batch. We carry out a permanent legal watch to ensure that our products and services remain up to date on GDPR compliance.

We provide our customers with the necessary information and actionable features for GDPR compliance.

Geographical location of the data

Our customers' data is stored exclusively in France and we do not maintain any technical infrastructure outside the European Union. Batch does not send personal data to external entities.

For more details, you can find our Data Processing Agreement (DPA) on https://dashboard.batch.com/gdpr as soon as you create an account with Batch here.

Default data collected by Batch

Hereafter is a list of the data which is collected natively by Batch for mobile and web integrations.

Mobile (iOS / Android)

  • Installation ID

  • Advertising ID*

  • API level of the SDK (on Android)

  • IP address (shared with Batch, but not stored on Batch side)

  • Bundle ID

  • OS version

  • App version

  • Batch SDK version

  • Push token

  • Push notifications opt-in status

  • MLVL (Mobile Landing Version)

  • Device's brand*

  • Device's model*

  • Mobile carrier*: Batch collects the MNC/MCC codes and deducts the carrier name based on these IDs.

  • Locale (language and region)

  • Device time zone

  • Country: Batch deducts the country based on the IP address. If the IP address cannot be used, Batch will use the country set in the device settings.

  • City: Batch uses IP geolocation to find the city of your users. This feature works when the user is on a Wi-Fi network, not on a cellular network.

* The collection of this data can be deactivated: iOS / Android.

Web

  • Installation ID

  • IP address (shared with Batch, but not stored on Batch side)

  • Push token

  • Push notifications opt-in status

  • User-agent (web browser, OS, etc.)

  • Locale (language and region)

  • Country

  • Device time zone

  • City (see above for more details)

  • Batch SDK version

Batch does not set any cookies but relies on Local Storage.

App usage and campaigns data (App + Web)

  • First SDK start date

  • Last SDK start date

  • List of the campaigns that targeted the installation.

  • List of the campaigns that targeted the installation and clicked by the user.

  • Send date of the most recent campaign that targeted the installation.

  • Number of push sent to the install, used for frequency capping limit.

๐Ÿšง Note:

According to the GDPR, you need to obtain consent from your users for the data treatments that you implement. Your legal team can help you to determine how to handle these treatments in your specific case.

In addition to the data listed above, youโ€™re free to send custom data to Batch. In this case, ensure that you have all the necessary consent too.

You can use all the methods offered by Batch to comply with your users' choices.

Actionable features for GDPR compliance

Activate/Deactivate Batch's SDK on demand

On mobile, the SDK can be disabled by default and start collecting data only after consent. Optionally, locally collected data can be deleted when the user opt-outs.

The SDK opt-out methods are documented here: iOS / Android.

The collection of the Advertising ID (e.g. IDFA / GAID), can be easily disabled (see our documentation here: iOS / Android).

For web push, you can deactivate Batch's JavaScript tag manually or using your Tag Manager. For example, you can choose to execute the JavaScript tag only after your users give their consent through your CMP.

Data Access / Deletion

Batch provides a GDPR-dedicated API, which can be integrated into your internal processes to carry out requests for access or deletion of data linked to an identifier. This ID can be a custom user ID, an advertising ID, or an installation ID.

Our API also supports an OpenGDPR endpoint (https://opengdpr.org/).

The API features are also available in a Privacy Center on our operational dashboard via Settings โ†’ GDPR:

The dashboard shows the list of all the requests made from the API or the dashboard on a daily basis:

It also shows the status of all your data access/removal requests:

It is possible to wipe local SDK data directly using the methods documented here: iOS / Android.

In all cases, any/all deleted data resulting from a manual action are permanently wiped from our databases in under 30 days max. retention period to make sure that you can comply with the 3 months max. official GDPR requirement.


This article belongs to Batch's FAQ. Need more help? Find insightful articles, documentation, case & market studies, guides, and even more in our website's Resources section on batch.com and our blog.

Did this answer your question?