- Supported Countly versions: 18.04 and higher
- Supported Countly SDKs: iOS, Android, Node.js and web
GDPR is becoming the most crucial regulation through EU’s data privacy legislations. It brings data privacy and protection for EU citizens, and all companies worldwide processing EU citizen data is requested to obey the rules it brings.
Countly has been in the forefront when it comes to security and privacy focusing product analytics and marketing platform. We give upmost importance to your data, and provide on-prem solutions to make sure data you generate is always yours.
This document outlines most important items of the GPDR and possibly other regulations in the future (e.g ePrivacy), and how Countly answers them via its "Compliance Hub" plugin.
Before reading this document, we suggest that you read basics of GDPR, why it was formed, and how and why it will affect you as a data collector:
- Countly & the GDPR: How world’s leading mobile and web analytics platform can help organizations conform to the new regulation
- GDPR: The ultimate infographic for product managers
- How will GDPR affect financial companies?
- Data privacy and security in healthcare: Implications of GDPR
Note that as per GDPR, we will provide timely notification in the event of any accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access to any personal data.
How does it work?
Countly provides a Compliance Hub plugin, available for both Community Edition and Enterprise Edition. This plugin, when enabled, can do the following:
- View data compliance metrics (e.g sessions, events, views, clicks, forms, users etc) per metric, in a time series graph. It shows all incoming requests about consents, e.g both opt-ins and opt-outs.
- A visitor list with a consent history. In this view you can see each visitor's consent history and also export data of corresponding user.
- Consent history tab with all opt-in and opt-out requests, based on any metrics (e.g sessions, events, views etc)
- Export/purge history, showing a list of all exports and removals in a single view.
Other than information above, each user profile (available in Enterprise Edition) has a tab "Consents", which keeps user's consent history. If you see a user sending export or delete consent, you can just export this user's data, or remove this user's information wholly from Countly. We are going to give information on the Compliance Hub plugin and other actions later.
Countly SDKs for mobile (iOS & Android) and web pages (Nodejs & web SDK) have the ability to get consent information from users, and send this data to Countly. SDKs can separately send different metric data in case it is required (e.g metrics, sessions, users, crashes), do not send them at all, or send all of those metrics.
SDKs can also send feature based opt in/opt out requests for logging purposes for a specific device, not user. Hence, users must send their opting choices for each device they have. Each SDK is initialized without sending any information to a Countly server, and it is possible for each SDK to enable/disable a metric submission feature while the application is running. Hence, a user can opt-in for all metrics, but then decide to opt-out from some of them. If the user has queued data, and she chooses for opt-out, this queue is not sent to Countly. By default, SDKs have opt-in by default, however this is configurable via SDK since all of our SDKs are open source.
In order to comply with GDPR, you need to opt-out your visitors by default, and show them a consent form popup. At your discreation, you can also opt-in your users by default and do not show this consent form. However, for GDPR, you must ask explicitly for permission to track explaining what and why you are tracking to user, and only when user agrees, you can start tracking your users.
When app starts first time, it initializes Countly only after a permission is given explicitly by the end user. In your application, you need to give user a way to opt-in/out if user changes his mind, and this method is provided by Countly SDKs.
If you want to have feature by feature (e.g metrics, users, crashes, views etc) selection, like opt in to crash submission, but opt out of views, you would need to manage user preferences yourself, storing them persistently and starting/calling Countly features enabling methods based on those preferences on each app start. There are examples of how to do that inside each SDK documentation where sending consent info is supported.
This plugin helps Countly administrators view and track users' consents, and manage them in one place. It is enabled by default on each Countly instance.
It helps do two things:
- Collect user consents:
Every first-time user/visitor (web or mobile) should be asked for a permission to collect analytics data. This data has several features (e.g session, crash, view, clicks etc) and it should be clearly stated which data should be collected from end user via a consent form. If a user doesn't give consent for data collection, no information will be sent until she clearly opts in.
- Manage user requests:
This plugin also creates a "Consents" tab for each user profile (for Enterprise Edition). Any user, be mobile or web, can request his information exported or deleted via a contact form or via SDK. When a request is retrieved from an SDK, this information can be viewed from that particular user's profile page. Upon reviewing this request, Countly admin can either export this data and send it to corresponding user, or delete user's information totally.
In order to collect a consent, you can use a custom form, or use a form that we provide as examples for each SDK. When you have more than one vendor integrated in your app that collects user data, it is best to use a custom consent manager which will inform those SDKs.
Viewing all consents
If you want to view all consent requests in a time series graph, be they opt-ins or opt-outs for each feature, you can see them under
Management > Compliance Hub > Metrics , as shown below. In this screen, orange lines represent opt-outs and blue lines represent opt-ins. You can also filter by metric feature type, e.g opt-ins and opt-outs by sessions, events, crashes etc.
Under Management > Consents > User tab, you can see all user's current consent options, broken by User ID, device, application version, consent type and the time this consent has been sent over.
At the end of each column, you can see a configuration button (3-dots), and upon clicking you have several options to choose from:
- Go to consent history: Clicking this option will take you to the consent history of that particular user.
- Download user's export data: Downloads user's exported data, including everything that this particular user's device has sent over, e.g crashes/errors (if any) or custom events. Downloaded package is in Gzip format which includes several json files.
- Purge user's exported data: It completely deletes user's exported data on the server. This doesn't remove user data.
- Purge user's data completely: It deletes user data completely. Use with caution!
Exporting vs purging application user data
Neither exporting nor deleting an exported data removes application user's data directly. In order to purge an application user, you must use "Purge user's data completely" from the list explained above. Use this menu item with extreme caution as this will completely wipe off that application user's past history from Countly.
When you click on "Consent History", you will see a history of all past consents. You can filter by status (e.g those who opted-in, opted-out or all), or metric type (sessions, events, views etc). When you click on a row, you will see user's device ID, which metrics she has opted-in/opted-out from, device and application version.
The final tab, Export/Purge history is a way to see all export and data removals a Countly admin has executed. When you export or delete user data, this is shown here. As usual, you can filter by a few options shown below.
Individual user consents
When Consent Manager plugin is deployed, each User Profile will have a new tab, "Consents". This shows application user's consent history, alongside with several actions you can take.
When you click on the 3-dot on top right hand side of the screen, you will see 3 options by default:
- Export: Exports this app user's data, and makes it available for download later. This option doesn't directly download app user's data.
- Purge user's data completely: This option purges this app user's data. Use it with caution!
- Create message: Opens push notification pane so you can let this app user know that his app data is being wiped. This is shown if user has a push notification token obtained and sent via mobile app. You can do this only before deleting app user data, since push tokens will be invalidated.
When you export an app user data, there will be another 4th and 5th options shown here, "Download user's exported data" and "Purge user's exported data ", which downloads exported user data and deletes the exported data on Countly, respectively. Note that deleting an exported data doesn't delete app user's data previously collected data directly, and this app user will be able to send data from applications.
Compliance Hub APIs
Countly has several API sets that helps you be compliant with several regulations in your country or worldwide. This is useful especially if you send data to Countly not via SDKs, but via exposed Countly APIs.
Right to be forgotten: https://resources.count.ly/v1.0/reference#iapp_usersdelete
Right for retrieving user data: https://resources.count.ly/v1.0/reference#iapp_usersexport https://resources.count.ly/v1.0/reference#iapp_usersdeleteexportfilename https://resources.count.ly/v1.0/reference#oapp_usersdownloadfilename
Right for rectifying stuff (this is not in API, but in SDK): https://resources.count.ly/v1.0/reference#iapp_usersupdate