Thank you for your awesome platform.
I’m a privacy aware developer and would like to know what privacy guarantees you give.
As I’m understanding your TOS you are not sharing the source code and are not allowing developers to decompile the binary.
The GDPR requires me to have privacy guarantees in writing that third-party service providers are compliant with the law.
Thanks for the feedback and paying close attention to security!
Section 15. Customer Data and Processing of Personal Data in our TOS (https://www.appgyver.com/tos) covers this.
We are fully GDPR-compliant. You can view a list of our subprocessors at https://www.appgyver.com/subprocessors
Could you please elaborate what you mean with ‘Customer Data’.
It is not clear if I’m the ‘Customer’ or the user from my app is the ‘Customer’.
You list Google Analytics as a subprocessor.
It would be fine if you use Google Analytics on your website to track usage.
But it would be a deal breaker if every generated app would send usage data to Google.
Basically what I need to know is if my users are been tracked or not.
Does the generated app send back data to Appgyver?
Even if I use my own backend?
Customer data means data you as a developer work with, i.e. your IP address might end up in a crash log. Also, if you write a phone number in your page’s Title text component and save, that personally identifiable info does end up in our AWS/Heroku as it is saved in the database containing the app config. Thus these entities are subprocessors in GDPR parlance, even though the use case here is rather academic.
Everything here applies for the platform itself; we do not collect any data from the actual standalone apps created by Composer, and someone using an AppGyver-built app is not under our TOS in that context.
If you use your own backend, the app does not connect to AppGyver servers at all when running as a standalone binary (full disclosure: there’s currently a single legacy feature that always requests an anonymous user session from AppGyver servers on app open even if you don’t use our backend services, but that’s going away in a future release).
Thank you very much for your answer.
Is there a current ticket linked to the legacy feature which will removed?
I’m sure there are other people not using your platform due to similar concerns.
It would help to clarify your stance on privacy in a more public accessible way.
Good point, would be good to put together some plain-language privacy brief.
I created a tracker ticket about the legacy feature: https://tracker.appgyver.com/bug-reports/p/composer-built-apps-request-a-session-token-from-appgyver-server-unnecessarily