Case Study · Mobile SDK & Privacy
Embedding GDPR into a social keyboard SDK for Tappa.
Tappa provides a keyboard SDK that lives inside other companies’ apps, making it a data processor under GDPR. Atoro built a compliance framework that clarifies controller and processor responsibilities and crafted the DPAs, so privacy is a dependable product feature across every integration.
GDPR compliance
Mobile SDK
Data processor
Ongoing
Results & impact
GDPR
FullGDPR programme built.
B2B2CModel fully compliant.
DPAsCrafted and implemented.
OngoingExpert support.
At a glance
- Product: a customisable keyboard SDK embedded in other apps.
- Engagement: GDPR compliance framework and DPAs.
- Model: B2B2C; Tappa is the processor, clients are controllers.
- Duration: ongoing partnership.
01 The challenge
When privacy is a product feature, not a policy
Tappa provides an SDK allowing mobile apps to integrate a customisable, interactive keyboard. Their technology sits inside other companies’ applications, making data privacy not just a policy, but a product feature. Ensuring ironclad GDPR compliance is fundamental to earning trust from both developer clients and end-users.
They needed deep legal and technical expertise to address the intricacies of being a data processor through their SDK while clients act as data controllers, building a compliance framework that was both sound and scalable.
02 The Atoro approach
Framework, implement, sustain
Framework
Built a comprehensive GDPR compliance framework addressing the unique challenges of an SDK model, clarifying data controller and processor responsibilities across the ecosystem.
Implement
Crafted data processing agreements (DPAs) and provided clear guidance on responsibilities, ensuring Tappa’s privacy efforts were thorough and effective across all integrations.
Sustain
Ongoing collaboration and continuous support with sharp attention to detail, giving Tappa confidence that their GDPR approach remains sound as their product evolves.
Privacy as a dependable product feature, across every integration.
In the client’s words
“Our experience working with Atoro has been very good, and the support we received has been great. Atoro’s continuing work with us is fantastic; their attention to detail and support have been key in our complex privacy efforts.”
Jaime Pesquera, General Counsel, Tappa
FAQ
GDPR compliance FAQs
How does GDPR work for an SDK or data processor?
When your technology sits inside other companies’ apps, you are usually the data processor while your clients are the controllers. For Tappa we built a GDPR framework that clarifies exactly who is responsible for what across the ecosystem, so privacy holds up at every integration point.
Can Atoro handle our data processing agreements (DPAs)?
Yes. We crafted and implemented Tappa’s DPAs and gave clear guidance on responsibilities across all their integrations, so each client relationship rests on agreements that actually reflect how data flows through the SDK.
What does GDPR compliance involve for a B2B2C product?
A framework that clarifies the controller and processor split across the ecosystem, the DPAs and guidance that put it into practice, and ongoing support as the product evolves. For Tappa that turned a complex SDK privacy problem into a sound, scalable, fully compliant model.
Next step
Privacy baked into your product?
Book a call and we will tell you the timeline and the price for your GDPR programme in 30 minutes.
The service behind this story
GDPR compliance: frameworks, DPAs and processor controls that hold up
Outsourced DPO: a named DPO and Article 27 representation
TrustOps: keep privacy current as the product evolves