I think the second option may still violate the GDPR law. GDPR is really tricky
Where are you from @d_honig ? Are you considering serving EU citizens?
possibly. but then in a way, its not traceable to a user, nor identifiable.
It kinda is under GDPR law. Even if you hash the personal data it is pseudo personal information and that itself is not allowed to be saved
"If the user ID is unique, then the hashed user ID will be unique as well. Thus, the hashed ID will enable “singling out”, and would still count as identifying in the sense of the GDPR."
Yes, the app has to be GDPR compliant. However, we do have the participant's agreement to save their identifiable data for the length of the experiment, about 5 years, at which point we will delete all the phone numbers.
If we can identify the user this way then it is still a breach lmao
The hashing is an interesting option, I think it makes a difference if we can access their actual phone number or not, I will check
You are allowed to save their phone number?
Why do you not try to track the user via that way?
I think best option is still to prevent users based on their payment details
It's not like they can open back accounts or so
Uber EATS does it that way
Then I can block users instead, that is a great idea. I don't know if Apple has specific criteria for "delete account", and I doubt that they care that much if it's a blocked account or a deleted account, as long as the data is deleted at some point
You can delete the personal data yes, but do not delete the account
The reason is that the permissions in documents and files and whatever are still intact
A new user with the same userId can potentially abuse that
Just override all personal data and block the account
As you asked before, what does "account deletion" mean? I assumed it meant to remove the phone number, but this seems to be unfeasible. We don't have payment details, this is done via go gift, they send an email with gift card options according to their country of residence. I can ask them regarding the actual payment details, that is also a great idea. However, they are paid at the end of the experiment (10 days). If they participate for 10 days and only then we will know if they already participated, that makes things complicated
lmao even better
The account is based on the phone number. How to delete personal data without deleting hte account in this case?
let them waste 10 days and then you do the validation check at the end
if they are invalid they can eat a bag of d*cks
i like this. but needs to be stated in the agreement beforehand 🤣
Recommended threads
- Sign In With Apple OAuth Help
Hi All! I've got a flutter & appwrite app which Im trying to use sign in with apple for. I already have sign in with google working and the function is the sam...
- Custom Domains
Hi All, Should be a quick config issue. I'm setting up custom domains on the hosted version. I have verified the domain with the CNAME but appwrite isn't gene...
- custom domain with CloudFlare
Hi all, it seems that CloudFlare has blocked cross-domain CNAME link which made my app hostname which is in CloudFlare, unable to create a CNAME pointing to clo...