This article provides a reference guide to Userorbit's compliance with the General Data Protection Regulation (GDPR). It outlines Userorbit's roles as a data processor and controller, details available tools and processes for managing data, and clarifies responsibilities for ensuring GDPR-compliant usage.
Properties
- Userorbit's Role —
Data Processor/Controller— Userorbit acts as a Data Processor when its SDK tracks end-user data on behalf of its customers. For data related to customer workspaces, such as user accounts within the Userorbit Admin Panel, Userorbit acts as a Data Controller. - Data Processing Agreement (DPA) —
Document Availability— A Data Processing Agreement (DPA) outlining the obligations and responsibilities of both Userorbit and its customers regarding data processing is available upon request and is part of the standard terms of service. - User Consent —
Configuration— By default, Userorbit's SDK does not set cookies for tracking purposes. User data is collected via explicit calls to theidentifyfunction. Customers are responsible for obtaining appropriate user consent for data collection as required by GDPR before using the Userorbit SDK. - Data Subject Rights —
Tools & Processes— Userorbit provides capabilities to assist customers in fulfilling data subject requests (DSARs), including access, rectification, and erasure. Data can be exported and deleted through the Admin Panel or API. - Data Export Capabilities —
Admin Panel/API— Userorbit allows customers to export user-specific data from the Admin Panel or programmatically via the Userorbit API to fulfill data portability requests. - Data Deletion Capabilities —
Admin Panel/API— Individual user data can be permanently deleted via the Userorbit Admin Panel or through the Data Deletion API endpoint, ensuring compliance with the 'right to be forgotten'. - Cookie Usage —
Minimal— Userorbit's SDK uses a minimal number of essential cookies, primarily for session management within the Admin Panel. It does not use third-party tracking cookies by default. - GDPR-Compliant Usage —
Customer Responsibility— Configuring Userorbit for GDPR-compliant usage involves ensuring proper consent mechanisms are in place, anonymizing data where appropriate, and regularly reviewing data retention policies.
Examples
To export a user's data for a data subject access request, navigate to the User Management section in the Admin Panel, locate the user, and use the export option. For data deletion, similar steps apply, or utilize the Data Deletion API endpoint for automated processes.
// Example (pseudocode) for data deletion via API
POST /api/v1/users/delete
HEADERS: { 'Authorization': 'Bearer YOUR_API_KEY' }
BODY: { 'user_id': 'unique-user-identifier' }
Notes
- Customers are solely responsible for ensuring their use of Userorbit and their overall business practices comply with GDPR.
- Userorbit continuously monitors GDPR guidelines and updates its services to maintain compliance.