Branch and GDPR
At Branch, our goal is to help our customers meet both the letter and the spirit of GDPR in a simple and straightforward way. We believe GDPR is not just a regulation; respecting the privacy rights of all customers and their users (regardless of origin) is the right thing to do.
Branch has updated its platform to meet GDPR standards worldwide, and we will continue to invest in industry-leading data privacy initiatives.
How Branch supports GDPR compliance
for our customers
SDK privacy controls
Under GDPR, your users have the right to object to data processing. Branch makes it simple for you to stop processing analytics and attribution data from users after they object, though it is important for these users to understand that they may experience degraded functionality. We recommend working with your legal team to keep users informed as you implement the processes required by GDPR.
If you have determined that a user wants to opt-out of analytics and attribution by third-party data processors, and that this preference extends to disabling elements of your core functionality, the Branch SDKs allow you to honor this right. You can flag in the Branch SDK that a particular user has requested that his or her data not be processed by Branch, in which case Branch will no longer process engagement data on your behalf for that user.
After you use the SDK to inform us of a user’s data processing objection, it will still be possible for that user to generate and share Branch links. Basic deep linking will also continue to work. However, since all further activities must occur without passing any identifiable user information on to Branch, these users will no longer benefit from the seamless customer journeys Branch helps you build with cross-platform data.
To learn more about configuring your SDK implementation, visit our documentation portal.
Handling GDPR requests from end users
When your end-users exercise their rights under GDPR, Branch is committed to working with you to fulfill these requests, provided the request comes directly from you.
To submit a GDPR end-user request to our team, reach out to us through our GDPR portal and we will work with you to fulfill your end-user’s request. Please include in that request the end-user’s advertising identifier (e.g., IDFA/GAID), and the date you received the end-user’s request.
Data collected by Branch
List of third-party vendors
We maintain a list of vendors that process customer personal data on Branch’s behalf, and the purpose for which we share data with each of these vendors.
Data Processing Addendum
Branch provides a Data Processing Addendum (DPA). If applicable to your GDPR compliance process, please fill out the fields in the signature block on Page 3, sign, and return to [email protected] After review, we will return a countersigned copy to you within 1-2 business days.