Hello
Thanks for reaching out!
Generally we provide the following solutions to help be GDPR and CCPA compliant. These options have been sufficient for all users around the world.
We provide methods in our SDK that allow you to pause OneSignal initialization so you can ask users to opt-in to sharing their data with services you use. We recommend that you disclose and get consent by displaying a dialog box to users. Read more about this in our Data Handling Guide.
We provide ways to delete user records
By upgrading your OneSignal Plan. This helps ensure GDPR compliance with all DPA and Model Clauses. None of your user data is shared with any third party partners.
The first 2 options keeps OneSignal free, but puts the burden on you to make sure users opt-in. The second option shifts the onus to us. For additional guidance on any specific GDPR responsibilities we recommend working with your legal counsel.
OneSignal does not collect any PII (Personally Identifiable Information) except for IP Addresses in countries outside the EU. We can disable all IP Address tracking if you wish.
Any other data that might be considered PII can only be sent to us in the form of tags which you have full control over. Please review our Handling Personal Data guide for more details: https://documentation.onesignal.com/docs/handling-personal-data
?
?We recommend disclosing to users in a privacy policy that data is shared with a 3rd party (OneSignal) for the purposes of sending personalized or targeted notifications. But this would be true no matter what service you use. We do not send ads and do not recommend you use push notifications for advertisements.
?
?Our privacy policy should cover everything you need to know for your own: https://onesignal.com/privacy_policy
?
?Thanks and let us know if we can be of any further assistance.
