Service statusLog in

GDPR Compliance

Here's a practical overview of what - at Batch - is available for you to comply with GDPR.

Information systems security and privacy issues are top priorities for Batch. We carry out a permanent legal watch to ensure that our products and services remain up to date on GDPR compliance.

We provide our customers with the necessary information and actionable features for GDPR compliance (RGPD in French).

Geographical location of the data

Our customers' data is stored exclusively in France, and we do not maintain any technical infrastructure outside the European Union. Batch does not send personal data to external entities.

For more details, you can find our Data Processing Agreement (DPA) at https://dashboard.batch.com/gdpr as soon as you create an account with Batch here.

Default data collected by Batch

Hereafter is a list of the data that is collected natively by Batch for mobile and web integrations.

Mobile (iOS / Android)

  • Installation ID

  • API level of the SDK (on Android)

  • IP address (shared with Batch, but not stored on Batch side)

  • Bundle ID

  • OS version

  • App version

  • Batch SDK version

  • Push token

  • Push notifications opt-in status

  • MLVL (Mobile Landing Version)

  • Mobile carrier*: Batch collects the MNC/MCC codes and deducts the carrier name based on these IDs.

  • Locale (language and region)

  • Device time zone

This list details the data collected by default by SDK V.2. If you are using an older version, we encourage you to update the SDK to the latest version (migration guide available here: iOS / Android).

If you have any questions about the default data collected by SDK V.1, feel free to contact us via the Live Chat or [email protected].

Storage: The Batch SDK stores data in the app's local storage (SQLite).

Web

  • Installation ID

  • IP address (shared with Batch, but not stored on Batch side)

  • Push token

  • Push notifications opt-in status

  • User-agent (web browser, OS, etc.)

  • Locale (language and region)

  • Country

  • Device time zone

  • City (see above for more details)

  • Batch SDK version

Storage: The Batch SDK does not set any cookies but relies on the browser’s local storage (under “Local Storage” and “IndexedDB”).

App usage and campaigns data (App + Web)

  • First SDK start date

  • Last SDK start date

  • List of the campaigns that targeted the installation.

  • List of the campaigns that targeted the installation and clicked by the user.

  • Send date of the most recent campaign that targeted the installation.

  • Number of push sent to the install, used for frequency capping limit.

According to the GDPR, you need to obtain consent from your users for the data treatments that you implement. Your legal team can help you determine how to handle these treatments in your specific case.

In addition to the data listed above, you’re free to send custom data to Batch. In this case, ensure that you have all the necessary consent too.

You can use all the methods offered by Batch to comply with your users' choices.

Actionable features for GDPR compliance

Activate/Deactivate Batch's SDK on demand

On mobile, the SDK can be disabled by default and start collecting data only after consent. Optionally, locally collected data can be deleted when the user opts out. The SDK opt-out methods are documented here: iOS / Android.

The automatic collection of some data can be disabled (see our documentation here: iOS / Android).

For web push, you can deactivate Batch's JavaScript tag manually or using your Tag Manager. For example, you can choose to execute the JavaScript tag only after your users give their consent through your CMP.

Read more: How to integrate Batch into my CMP?

Data Access / Deletion

Automatic deletion by Batch

For some data, Batch proceeds to an automatic deletion of inactive profiles.

Read more here: GDPR & Privacy

Access / Deletion done by Batch customers

Batch provides a GDPR-dedicated API, which can be integrated into your internal processes to carry out requests for access or deletion of data linked to an identifier. This ID can be a custom user ID, an advertising ID, or an installation ID.

Our API also supports an OpenGDPR endpoint (https://opengdpr.org/).

The API features are also available in the Privacy Center on our operational dashboard via Profiles > Privacy Center.

  • The dashboard shows the list of all the requests made from the API or the dashboard on a daily basis.

  • It also shows the status of all your data access/removal requests.

It is possible to wipe local SDK data directly using the methods documented here: iOS / Android.

In all cases, any/all deleted data resulting from a manual action is permanently wiped from our databases in under 30 days max. retention period to make sure that you can comply with the 3-month max. official GDPR requirement.

PreviousPrivacy and GDPRNextHow to integrate Batch into my CMP?

Last updated

Was this helpful?