Depending on whether your app allows users to manage their account and complete the checkout process within the app will determine the action you may need to consider taking to ensure compliance with the GDPR.
Guest only apps where users navigate to your website to manage their account or complete the checkout process do not involve storage of any personal data. For such apps, Poq acts as a data processor, which you may wish to state in your own privacy notices.
For apps that allow users to manage their personal profile, Poq will process a user's registration and account details via secure HTTPS API calls. In the event an API call fails, we will log the details of the failed call including the user’s details and this data will automatically be deleted after a maximum of 90 days.
Apps that allow users to complete the checkout process natively within the app involve Poq holding the users' details in a secure server, therefore, acting in the capacity of the data processor, again you may wish to state this in your own privacy notices.
In order to comply with the GDPR, Poq will be defaulting any marketing preference toggles to opted out for new apps, which will ensure users actively need to opt-in to any marketing activity. We would recommend clients review the current settings for their own app and advise Poq should they wish to make any changes.
We will only make changes beyond those mentioned above on your instruction and will review any specific requests on an individual case basis around effort and pricing.