- Supported Countly versions: 18.04 and higher
- Supported Countly SDKs: iOS, Android, Node.js, and web
Countly has been in the forefront of security and privacy in product analytics and marketing. We give upmost importance to data and we provide on-prem solutions to make sure the data you generate is always yours.
This document outlines the most important items of the GPDR and possibly other regulations in the future (e.g., ePrivacy and HIPAA), and how Countly assesses them via our Compliance Hub plugin.
What is GDPR?
GDPR is becoming the most crucial regulation for data privacy in the EU. It ensures data privacy and protection for EU citizens, and all companies worldwide processing EU-citizens' data must obey this regulation.
Before reading this document, we suggest that you read the basics of GDPR, why it was formed, and how and why it will affect you as a data collector:
- Countly & the GDPR: How world’s leading mobile and web analytics platform can help organizations conform to the new regulation
- GDPR: The ultimate infographic for product managers
- How will GDPR affect financial companies?
- Data privacy and security in healthcare: Implications of GDPR
Note that as per GDPR, Countly will provide a timely notification in the event of any accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access to any personal data.
How does Compliance Hub work?
Countly provides a Compliance Hub plugin, available for both Countly Lite and Countly Enterprise. This plugin helps Countly administrators view and track users' consents, and manage them in one place. It is enabled by default on each Countly instance and helps you do two things:
1. Collect user consents
Every first-time user/visitor (in web or mobile) should be asked for a permission to collect analytics data. This data has several features (e.g. session, crash, view, clicks, etc.) and it should be clearly stated which data should be collected from the end user via a consent form. If a user does not give consent for data collection, no information will be sent until they clearly opt in.
2. Manage user requests
This plugin also creates a "Consents" tab for each user profile (available in the Enterprise Edition). Any user, in mobile or web, can request their information exported or deleted via a contact form or via an SDK. When a request is retrieved from an SDK, this information can be viewed from that particular user's profile page. Upon reviewing this request, the Countly admin can either export this data and send it to the corresponding user, or delete the user's information altogether.
In order to collect a consent, you can use a custom form, or use a form that we provide as examples for each SDK. When you have more than one vendor integrated in your app that collects user data, it is best to use a custom consent manager which will inform those SDKs.
Countly SDKs for mobile (iOS and Android) and web pages (Nodejs and web SDK) have the ability to get consent information from users and then send this data to Countly. The SDKs can separately send different individual metric data in case it is required (e.g., metrics, sessions, users, and crashes), send all of them, or not send them at all.
The SDKs can also send feature-based opt in/opt out requests for logging purposes for a specific device, instead of a particular user. Hence, users must send their opting choices for each device they have.
Each SDK is initialized without sending any information to a Countly server, and it is possible for each SDK to enable or disable a metric submission feature while the application is running. Hence, a user can opt-in for all metrics, but then decide to opt-out from some of them. If the user has queued data, and they choose to opt-out, this queue is not sent to Countly.
The SDKs are configured as opt-in by default due to backwards compatibility, as is the most common use case for first party data collection. It is however possible to set an SDK into opt-out mode with the initialization configuration and then it would work only when specific consents are provided.
Getting Permissions via the SDKs
In order to comply with GDPR, you need to opt-out your visitors by default, and show them a consent form popup. At your discretion, you can also opt-in your users by default and do not show this consent form. However, for GDPR you must ask explicitly for permission to track data, explaining what and why you are tracking to user. Only when the user agrees, you can start tracking your users.
When the app starts for the first time, it initializes Countly only after a permission is given explicitly by the end user. In your application, you need to give the user a way to opt-in/out in case the user changes their mind, and this method is provided by Countly SDKs.
If you want to have a feature-by-feature (e.g. metrics, users, crashes, views, etc.) selection, such as opt in to crash submissions, but opt out of views, you would need to manage the user preferences yourself, storing them persistently and starting or calling Countly features enabling methods based on those preferences upon each app start. There are examples of how to do that inside each SDK documentation where sending consent information is supported.
Using Compliance Hub
The Compliance Hub plugin is enabled by default in all Countly instances. If for some reason, you would like to disable it from the main Countly Dashboard, in to
Plugins and disabling the Data Compliance Hub toggle.
When enabled, you will find Compliance Hub in the Utilities section of your Countly Dashboard.
This plugin can see the following, organized in tabs:
- Metrics: View data compliance metrics (e.g., sessions, events, views, clicks, forms, users, etc.) per metric, in a time series graph. It shows all incoming requests about consents, e.g., both opt-ins and opt-outs.
- Users: A visitor list with a consent history. In this view you can see each visitor's consent history and also export data of corresponding user.
- Consent History: List of all opt-in and opt-out requests, based on any metrics (e.g., sessions, events, views, etc.)
- Export/purge History: List of all exports and removals in a single view.
Other than the information above, each user profile (available in Enterprise Edition) has a tab Consents, which keeps the user's consent history. If you see a user sending export or deleting consent, you can just export this user's data or remove this user's information altogether from Countly.
Viewing All Consents
In the Metrics tab you can view all consent requests in a time series graph, be them opt-ins or opt-outs for each feature as shown below. In this screen, orange lines represent opt-outs and blue lines represent opt-ins. You can also filter by metric feature type, e.g., opt-ins and opt-outs by sessions, events, crashes, etc. from the
Feature type dropdown menu on the top-left and choose custom timeframes or time buckets on the top-right.
In the Users tab, you can see all user's current consent options, broken by User ID, device, application version, consent type, and the time this consent has been sent over.
On the right end of each user row, there is a 3-dot ellipsis menu where you can:
- Go to consent history: Clicking this option will take you to the consent history of that particular user.
- Download user's export data: Downloads user's exported data, including everything that this particular user's device has sent over, e.g., crashes/errors (if any) or events. The downloaded package is in a gzip format (.gz) which includes several JSON files.
- Purge user's exported data: It completely deletes user's exported data on the server. This does not remove the user data.
- Purge user's data completely: It deletes user data completely. Use with caution!
Exporting vs Purging application user data
Neither exporting nor deleting an exported data removes the application user's data directly. In order to purge an application user, you must use
user's data completely from the list explained above. Use this menu item with extreme caution as this will completely wipe off that application user's past history from Countly.
In the Consent History tab, you will see a historic list of all past consents. You can filter by status (e.g., those who opted-in, opted-out, or all), or metric type (sessions, events, views, etc.). When you click on a row, you will see user's device ID, which metrics they have opted-in/opted-out from, device, and application version.
The Export/Purge History tab is a way to see all export and data removals a Countly admin has executed. Whenever you export or delete user data, this is shown here. You can filter them with the options shown below.
Individual user consents
When the Compliance Hub plugin is enabled, each User Profile will have a new tab, Consents. This shows the application user's consent history, alongside with several actions you can take.
When you click on the 3-dot ellipsis menu on top-right hand side of the screen, you will see 3 options by default:
- Export: Exports this app user's data and makes it available for download later. This option does not directly download app user's data.
- Purge user's data completely: This option purges this app user's data. Use it with caution!
- Create message: Opens the Push Notification pane so you can let this app user know that their app data is being wiped. This option is only shown if the user has a push notification token obtained and sent via a mobile app. You can do this only before deleting the app user data, since push tokens will be invalidated.
When you export an app user data, there will be another 4th and 5th options shown here,
Download user's exported data and
Purge user's exported data, which downloads exported user data and deletes the exported data on Countly, respectively. Note that deleting an exported data does not delete the app user's data previously collected directly, and this app user will be able to send data from the applications.
Compliance Hub APIs
Countly has several API sets that helps you be compliant with several regulations in your country or worldwide. This is useful especially if you send data to Countly not via SDKs, but via exposed Countly APIs.
Right to be forgotten: https://resources.count.ly/v1.0/reference#iapp_usersdelete
Right for retrieving user data: https://resources.count.ly/v1.0/reference#iapp_usersexport https://resources.count.ly/v1.0/reference#iapp_usersdeleteexportfilename https://resources.count.ly/v1.0/reference#oapp_usersdownloadfilename
Right for rectifying stuff (this is not in API, but in SDK): https://resources.count.ly/v1.0/reference#iapp_usersupdate