Legal


Global Data Privacy


As your trusted partner, Airship is committed to meeting the standards that our customers have come to expect from us. That means not just providing amazing products that scale to sending billions of messages each day, but also ensuring that the Airship platforms support your compliance needs, including the EU General Data Protection Regulation (GDPR) and the laws passed in various states in the US, including California (CCPA and CPRA), Virginia (CDPA), Colorado (CDPA) and the others that are sure to follow. Airship welcomes global privacy laws as opportunities to demonstrate our commitment to data protection and privacy rights.

What is the General Data Protection Regulation (GDPR)?

The GDPR is a comprehensive data protection law that regulates the processing of personal data of individuals in the European Union (EU). This new law went into effect on May 25, 2018. GDPR aims to protect the privacy of EU individuals through tight limits on personal data processing, increased transparency into the nature, purpose and use of personal data, and expansion of each individual’s rights over their data. The GDPR presents an opportunity for your business to strengthen its brand loyalty by building trust through responsible use of personal data.

What is the California Consumer Privacy Act (CCPA)  and how does it relate to other California data privacy laws?

The CCPA  is a California privacy regulation that went into effect on January 1, 2020. It created consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.  Similar to the GDPR, the CCPA requires businesses to provide increased transparency and intention regarding its collection and processing of personal information of California consumers and households. For businesses that underwent GDPR compliance work, many of those processes, policies and features helped guide their CCPA compliance work. 

In November 2020, Californians voted to pass a ballot measure that created the California Privacy Rights Act (CPRA). CPRA amends and expands the reach of CCPA and creates a new enforcement agency called the California Privacy Protection Agency (CPPA). Most of the provisions of CPRA went into effect on January 1, 2023, but a “lookback” period will be applied as of January 1, 2022, for data collected during calendar year 2022. In addition, the CPPA is adopting final regulations to guide the enforcement of CPRA.

For all businesses, whether also covered under the GDPR, the CCPA and CPRA present an opportunity to strengthen brand loyalty with not only California consumers but all of its customers by building trust through responsible and transparent use of personal information.’

What about other privacy legislation?

Additional countries, including Brazil, China, Russia and others have also passed privacy legislation in recent years. Other US states, including Virginia, Colorado and Washington, have passed privacy legislation, and an increasing number of other US States are considering proposals for privacy legislation of their own. While GDPR and CCPA are still considered the high water mark for data privacy practices, the global privacy landscape is changing quickly and it’s imperative for businesses to remain current with their compliance obligations.

How We Address Global Data Privacy Expectations

Privacy by Design

We have a core team comprised of senior members of the Engineering, Operations, Security, Product Development and Legal teams that meet regularly to proactively apply the Privacy by Design and Data Protection by Default principles to our product enhancement, development and operations. These data privacy standards, controls and features are available to all Airship customers. This means that as other countries implement GDPR-inspired privacy regulations and other states in the United States implement CCPA-like privacy regulations, you will be well positioned for future privacy compliance efforts in other parts of the U.S. and the world.

Product Level Enhancements

To help our customers comply with applicable data privacy laws, including the GDPR and the CCPA, we’ve made and continue to make enhancements to the Airship platform and the Apptimize platform to provide controls and features.  These product level controls and features include APIs for the Airship platform to support our customers responding to data subject requests as described in Airship’s documentation. Additionally, we have implemented a data retention schedule for the Airship platform and the Apptimize platform so that personal data isn’t retained any longer than necessary. We continue to listen to our customers and explore ways to simplify and further automate our product and service offerings to better support you in your compliance with applicable data privacy laws.

Strengthening Security

We’ve implemented a set of security processes and controls to help protect your data entrusted to us through your use of the Airship platform and the Apptimize platform.   We provide you with information about these security processes and controls in our Security Measures document.  The Airship and Apptimize platform security measures are audited annually by an independent third party against the SSAE 18 SOC2 standards.

Third Party Vendor Review

To ensure that your data is protected to the subprocessor level, we have included relevant data privacy and protection terms in place with subprocessors for the Airship platform and the Apptimize platform.

Data Privacy Framework Certification

Airship participates in and certifies compliance with the Data Privacy Framework Principles.

FAQ About GDPR & Airship

We also understand that data privacy and compliance with the GDPR is a shared responsibility between Airship and you, as our customer. To support your GDPR compliance, we have outlined the most common questions asked about the GDPR and your use of the Airship platform in the Airship GDPR FAQ as an additional resource.