Closed Spitzbua closed 2 years ago
Yes, check both. That is correct. Our column name is data collected, I will change that and add a column for Collected.
For instance, in the documentation of RevenueCat it is only collected:
Reopening and adding more information
@Spitzbua - You are correct, data sharing has only meant to be marked when third-party SDK is processing data not on your behalf. I am going to re-review the entire list and update here.
@Spitzbua - I have reviewed and updated the list on updated documentation from different SDK providers and Google. Here is my suggestion
My general take is with ad SDKs sharing is a safe option whereas, for third parties like intercom, stripe, sharing is not needed. Will keep updating as official documentation comes.
Do let me know if you have questions.
@Spitzbua closing this. Open this if there are unanswered questions.
@Spitzbua - We have launched a free Data Safety Generator tool based on our experience so far. Would you be kind enough to test it?
Link to tool: https://github.com/Privado-Inc/privado
Thank you for the message! I am honoured and will be happy to test the Data Safety Generator in my applications.
Just give me a few days!
Thanks @Spitzbua - look forward to your feedback!
Thank you for the message! I am honoured and will be happy to test the Data Safety Generator in my applications.
Just give me a few days!
Hey @Spitzbua - Really looking forward to you using the tool and your feedback :)
Link to the tool: https://github.com/Privado-Inc/privado
Thank you for the message! I am honoured and will be happy to test the Data Safety Generator in my applications.
Just give me a few days!
@Spitzbua - Did you get chance to test the tool? Let me know if you need any help!
According to Google "What kinds of activities can "service providers" perform:
A service provider may only process user data on your behalf. For example, an analytics provider that processes user data from your app solely on your behalf, or a cloud provider hosting user data from your app for your use, will typically qualify as “service providers.” On the other hand, if an SDK provider is building advertising profiles across multiple customers based on your app data, that would not be considered “service provider” activity for purposes of the Data safety section, and would need to be disclosed as "sharing" in your Data safety form.
I believe that means Firebase or any other hosting provider are service providers. They process the data on behalf of the first party.
The example refers to Analytics - does this mean for me that it should be marked as "Collected"?
I do not share the data with Firebase Analytics, but they process the data on my behalf, or am I misunderstanding something here?
Thank you if anyone can clarify this!
Discussed in https://github.com/Privado-Inc/SDK-Privacy-Report/discussions/17