The only secure and compliant platform available and that’s ready for today and tomorrow’s data privacy & personal data regulations

Push Notifications traditionally work based on the push notification token, which is considered personal data (PD) or Personally Identifiable Information (PII). OpenBack can offer guaranteed regulation compliance to GDPR, GDPR-K, COPPA, and HIPAA as sensitive data never needs to leave the user's device. What's more, customer data deletion is supported device side and from the backend, out of the box.


2018 General Data Protection Regulation 2016/679 (EU)

GDPR gives control back to citizens and residents over personal data, and to simplify the regulatory environment within the EU. Personal data is referred to as “Any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computers IP address.” At the time of writing this post, GDPR is a living document of which representatives are working on to expand key areas. Fines of up to 20M EUR or up to 4% annual worldwide turnover have been enforceable since 25th May 2018. GDPR-Kids or GDPR-K applies across Europe to childen under the age of 16, although individual EU countries have their own age requirements.


2000 Children’s Online Privacy Protection Act (US)

The act applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age. It details what a mobile app operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children’s privacy and safety online including restrictions on the marketing of those under 13. While children under 13 can legally give out personal information with their parents’ permission, many mobile apps collect personal information and so must disallow underage children from using their services or provided detailed workflows to ensure parental permissions are granted.


1996 Health Insurance Portability and Accountability Act (US)

Health care providers that transmit health care data in a way regulated by HIPAA, and covered entities that out-source some of their business processes to a third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements.

Summary of Core Compliance Requirements and OpenBack Features to Support Customer Compliance

Summary Requirement
OpenBack Platform


  • Valid consent must be explicit for fair data processing
  • Must be given by child’s parent or custodian, if under 16
  • OpenBack is a data processor on behalf of the client, who is the data controller for their users.
  • OpenBack’s device side SDK supports child/COPPA approval flows, meaning no PD/PII data leaves the device, ever unless app explicitly opts that user in.

Private User Data

  • Should only be accessible by user
  • User can move, copy or transfer freely & securely
  • Dashboard setting option which limits return of data to non PD/PII data (only if required by client/not covered in client’s terms & conditions)
  • OpenBack supports client data requests for user specific data held (if client uses OpenBack to process such data)

Right To Be Forgotten

  • Individuals have a right to have personal data erased and prevent processing is specific circumstances

Immediate deletion of all specific user data by:

  • API call or manual Helpdesk ticket
  • On device SDK call by client app which clears data on device/SDK as well as the OpenBack Processing Engine (backend), can be presented to user directly or linked to account deletion

Data Storage Control

  • The location of users data may need to remain within specific countries or regions.
  • OpenBack is a data processor on behalf of the client, who is the data controller for their users.
  • OpenBack supports the storage of data within our EU or US data centres.


Translate »