GDPR Readiness with AppsFlyer | AppsFlyer

AppsFlyerGDPR Readiness

As the #1 Mobile Attribution and Analytics platform,
AppsFlyer is committed to providing its customers full transparency
and control over their users personal data,
empowering them in their pathway to GDPR compliance.

What it Means
What is the GDPR and how does it affect AppsFlyer customers?

On May 25, 2018, The European Union began the enforcement of a new data privacy law called the General Data Protection Regulation (GDPR) replacing the previous Data Protection Directive. A primary aim of the GDPR is to provide people in the EU greater control over their personal data and data which is collected about them.

Any company that collects (or processes on behalf of the company that collects) personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including AppsFlyer’s customers are affected.

Our Commitment to You
How does AppsFlyer prepare for the GDPR?

At AppsFlyer, data privacy and security are at our core. Our state-of-the-art real-time infrastructure, advanced security and data protection, independent certifications and global regulatory compliance have earned the trust of the world’s leading brands.

AppsFlyer is committed to and investing significant and strategic resources — implementing rigorous technical measures and working with leading third party consultants — to provide diligent GDPR compliance across our solutions and teams.

Data Security and Privacy Compliance

At AppsFlyer, we are committed to stringent data confidentiality, privacy and security.
Rated compliant by top industry regulators:

Data Transfer Practices/Transparency

AppsFlyer’s data transfer practices are certified under the EU-U.S. Privacy Shield Framework. EU and US clients can rely on the Privacy Shield Framework to transfer data lawfully between the EU and the US and vice versa.

Data Subject Request Management

To help advertisers (controllers) to adhere to the GDPR obligations towards their end-users requests, AppsFlyer has built new API’s to manage users’ (data subjects’) requests for:

  • The right to erasure (a.k.a. the right to be forgotten)
  • The right to access
  • The right to data portability
  • The right to rectification

Data Protection by Design

AppsFlyer has implemented appropriate technical and organizational measures for ensuring that, by default, only personal data which is necessary for each specific purpose of the service are processed, strictly in accordance with our customers’ instructions and configuration.

  • Personal Data is collected only when we obtain assurances of user consent
  • Anonymized and encrypted personal data options
  • No selling or re-brokering of personal data
  • SDK opt-out/opt-in options
  • Honoring do-not-measure privacy choices

Maintain a Connected and Compliant Digital Stack

OpenGDPR is a universal, secure, and common framework for compliance with GDPR mandated data subject rights. The OpenGDPR framework presents a public API specification along with a recommended set of best practices for implementing and maintaining a connected and compliant stack. By adopting OpenGDPR, brands can reliably address data subject requests across their partner ecosystems, in near real-time.

GDPR Best Practices
How AppsFlyer clients can prepare for the GDPR

Mobile app developers and advertisers utilize unique, personal identifiers to measure and understand their performance, optimize their app’s effectiveness and marketing. To ensure that you are complying with the GDPR’s personal data security requirements, here is a list of 6 key recommended measures to take towards GDPR readiness:

  1. Use established third party tools that follow the top industry standards, like AppsFlyer.
  2. Map out and document all data collection, processing and storage, as well as the data processing lifecycle. Ensure adequate security is employed at every stage.
  3. Obtain informed and unambiguous user consent for the collection and use of personal data for the specific purposes for which you are collecting this data.
  4. Does your app really need all the data it accesses? Strive to use only what is absolutely necessary for the purposes of the service provided to your end users.
  5. Manage and respond to users’ requests, including consent withdrawal.
  6. Identify potential weak links within your technology.

Clear answers to your GDPR questions

Does the GDPR apply if we are not an EU based company?
Even non-EU based companies will be subject to the GDPR if they offer goods or services in the EU or otherwise monitor the behavior of individuals in the EU.
What information does the GDPR apply to?
The GDPR applies to Personal Data.  However, Personal Data is broadly defined and includes identifiers such as IP address, cookies, and device ID’s.  Therefore, under such definition data collected by you through your use of AppsFlyer may be deemed Personal Data under the GDPR.
Does all personal data need to be stored in the EU?
No. The GDPR provides clear rules and frameworks under which personal data may be transferred and processed outside the EU.  For example data may be transferred to countries deemed by the European Commission as having adequate privacy laws.  Furthermore, data may be transferred under certain frameworks approved by the European Commission, such as the US-EU and Swiss-US Privacy Shield frameworks and Standard Model Contracts.
How does AppsFlyer handle the data it receives when customers use the AppsFlyer service?
AppsFlyer is committed to providing customers and end users with complete transparency in relation to its privacy practices and to protecting customer data.   AppsFlyer uses the data it receives to provide its services to its customers as more completely described in our Services Privacy Policy.  Furthermore, we implement stringent security and organizational measures including those described here to protect your data.
Does AppsFlyer have a Data Processing Agreement to cover GDPR requirements?
Yes, you may view our DPA here.

A word from our lawyers: Nothing stated here is legal, compliance or other advice. It is provided only for your informational and convenience purposes. You should work closely with legal and other professional advisors to determine exactly how the GDPR may or may not apply to you. As we explained above, AppsFlyer is merely a processor of data which you, as the controller of your users’ data, make available to us. So, AppsFlyer can never directly engage with your users nor address their requests. You remain in charge of meeting your data subject users’ requests and we can help you by providing tools to streamline this process.