Managing Your Data
Under GDPR, entities either control data, process data, or do a mixture of both. HockeyApp serves primarily as a data processor and its customers serve as data controllers. In some limited cases, HockeyApp serves as a data controller with regard to its customers. Put simply, we collect customer data and data from your application end-users on your behalf. As such, we provide you with two experiences:
- Where you are the data subject
- Where you must accommodate your app end-users as data subjects.
We provide this first experience through App Center, the successor to HockeyApp. You can find API support for exerting your rights as a data subject there.
For the second experience, we have created new methods and added new functionality to help you deal with DSR (Data Subject Right) requests. Here are our recommendations:
Crashes can contain all sorts of data depending on what kind of app you have built and where exactly it crashes. Since data subjects can request that personal information pertaining to them be deleted within 30 days, it makes sense to set how long you hold onto crashes to a period of retention of 28 days, just to be safe. You can set this through the API or through the portal on a per-app basis. For more information on how to control data retention, see our article "Controlling what data is collected and retained by HockeyApp"
If you have configured our Android or iOS SDK to include data that could be used to identify a data subject, you can now search by that data. We recommend configuring future distributions to include this data as it simplifies servicing DSR requests from your end-users.
Customers who wish to be forgotten may expect you to remove their crash data. When you identify crash data belonging to a customer, you can now delete it.
Some of you may have many releases of applications out there transmitting crash data. Where crash data from these versions no longer provides actionable measures, we suggest visiting the version page and setting them to ignore crashes.
Feedback contains personal information belonging to your end users. When you are asked to present or remove this information, we suggest leveraging our API methods to do so. Soon we will follow up this API support with a search method taking an email as a parameter.
As we move forward we will bring you additional measures of control over your data and that belonging to your customers. If you have any questions or if you have difficulty exerting your rights using our APIs please contact our support.