As outlined in our previous blog post on GDPR, we recently introduced updates to our SDKs and documentation to help our clients better control and get consent for data sent to OneSignal.

The SDK updates are optional, but may be useful for helping you implement appropriate measures to get user consent.

Here is an outline of what's new:

  • We've published updated documentation about the data that is collected by our SDKs automatically or when sent by your code, and how to prevent any particular data from being sent to OneSignal.

  • We've introduced an optional method, setRequiresUserPrivacyConsent to each of our SDKs to stop the sending of any data to OneSignal until you have had a chance to get consent from the user.

  • We've documented the process of deleting user data from OneSignal.

  • We have added a feature to our dashboard to make it easier to export user data from all of your users, or users in a specific segment.

  • We have begun discontinuing building data models or monetizing any EU user data obtained from our SDK with our business or analytics partners and this will be completed by May 21st.

Finally, we've introduced a Data Processor Agreement and Model Clauses for EU clients. These agreements are available for existing OneSignal Enterprise Clients, or those who wish to sign up for an Enterprise plan.

For guidance on any specific responsibilities, we recommend working with your legal counsel. We are happy to work alongside you and your legal team to ensure compliance while using our services.

If you have any questions or concerns about this topic, our team is happy to answer any questions you have. Please send your inquiries to support+gdpr@onesignal.com.