Comment on page
How you can protect your clients’ data
Due to the nature of our product, Appfarm has no possibility to track what type of data you store in our platform and how you store, secure and maintain it. Also, the appropriate application design choices necessary to stay compliant with GDPR will largely depend on the actual use case and context of data collection and processing. There is no silver bullet to becoming GDPR compliant. Rather, when creating apps that process personal data with the use of Appfarm Create, it is your responsibility as a data controller to ensure the data is processed in accordance with the GDPR regulations. However, we’d like to make accomplishing this goal as easy as possible for you.
Here's an overview of aspects you need to consider to achieve GDPR compliance.
Before you start building an app, identify all the personal data your app will process. This data map will be crucial for your GDPR compliance journey.
Understand the lawful bases for processing personal data under GDPR, like user consent, contract fulfillment, and legitimate purpose. Choose the right basis for each data processing activity in your app.
Obtain explicit and informed consent from your users before collecting and processing their data. This can be done with consent forms customized to your needs, e.g., a cookie banner that explains why you're collecting data and how it will be used.
Only gather the data necessary for your app's purpose. Minimize data collection and retention to reduce risks and respect users' privacy.
A lot of the security is handled for you by the Appfarm Platform, such as using strong encryption in transit and at rest. Access controls, permissions, and roles are easily set up in Appfarm Create. Keep permissions and roles at a minimum per user, and employ a good procedure for requesting additional permissions. Keep personal information safe and regularly upgrade your app by logging in and deploying to production.
We recommend you complete our security checklist on all your projects, particularly those processing personal data.
Let your users exercise their GDPR rights, such as accessing, editing, and erasing their data. Build mechanisms in your app to handle these requests promptly. Communicate with inactive users to avoid collecting personal data unnecessarily.
In situations when you are a data processor (e.g. when you make an app from another company), you should have a DPA in place.
We retain solution data backups for a period of 3 months. It's crucial to keep in consideration that opting to revert to a previous data version may necessitate the reprocessing of all alteration and deletion requests that have been submitted and handled during the intervening time.
If your app integrates with third-party services, ensure they're GDPR compliant. Clearly disclose these services and their privacy practices to your users. This can be done on a sub-processor page on your website.
If you process personal data in your app built using our no-code platform, Appfarm should also be listed as a sub-processor of your company.
Have a plan in place to detect and report data breaches quickly. Notify both the supervisory authority and affected users if a breach occurs. In the event of a data breach in Appfarm’s systems, the affected customers of Appfarm will be notified within 72 hours of discovery, whereas you then have a further obligation to notify your affected customers.
Regularly review your app's GDPR compliance, especially if there are changes either to your data processing activities or to regulations. Regularly review users, roles, and permissions. Staying up to date is key to maintaining compliance.