How do I make my project compliant with GDPR and CCPA?
In order to ensure that your pre-launch campaign or referral program is compliant with privacy laws such as GDPR, CCPA, and others, please review the following checklist:
- When importing users into Prefinery, make sure that you have their prior consent.
- Enable the Double Opt-in feature for your project, which can be done on the Settings > Project Settings page. When Double Opt-in, also called Confirmed Opt-in, is enabled a confirmation email will be sent with a link the user must click to validate their e-mail address.
- Add an "Agreement (Consent)" question to your Signup Form.
When adding an "Agreement (Consent)" question to your Signup Form, you can link to your terms of service and/or privacy policy so that your users meet the consent requirements of GDPR and similar privacy laws. Additionally, you should ensure that the default state of the checkbox is unchecked and that acceptance is required in order to submit the form.
Shared Responsibility
In the context of the Prefinery application and our related services, in the majority of circumstances, as one of our customers, you are acting as the data controller. You decide what information from your end-users is uploaded or transferred into your Prefinery account and direct Prefinery, through our application or API, to send emails to certain end-users. Prefinery is acting as a processor by performing these and other services for you.
As a data controller, you retain primary responsibility for data protection (including, for example, the obligation to report data breaches to data protection authorities). Additionally, you are required to only work with compliant data processors, like Prefinery.