Case Study · Mobile SDK & Privacy

Embedding GDPR into a social keyboard SDK for Tappa.

Tappa provides a keyboard SDK that lives inside other companies’ apps, making it a data processor under GDPR. Atoro built a compliance framework that clarifies controller and processor responsibilities and crafted the DPAs, so privacy is a dependable product feature across every integration.

GDPR compliance

Mobile SDK

Data processor

Ongoing

Results & impact

GDPR

FullGDPR programme built.

B2B2CModel fully compliant.

DPAsCrafted and implemented.

OngoingExpert support.

At a glance

  • Product: a customisable keyboard SDK embedded in other apps.
  • Engagement: GDPR compliance framework and DPAs.
  • Model: B2B2C; Tappa is the processor, clients are controllers.
  • Duration: ongoing partnership.

01 The challenge

When privacy is a product feature, not a policy

Tappa provides an SDK allowing mobile apps to integrate a customisable, interactive keyboard. Their technology sits inside other companies’ applications, making data privacy not just a policy, but a product feature. Ensuring ironclad GDPR compliance is fundamental to earning trust from both developer clients and end-users.

They needed deep legal and technical expertise to address the intricacies of being a data processor through their SDK while clients act as data controllers, building a compliance framework that was both sound and scalable.

02 The Atoro approach

Framework, implement, sustain

Framework

Built a comprehensive GDPR compliance framework addressing the unique challenges of an SDK model, clarifying data controller and processor responsibilities across the ecosystem.

Implement

Crafted data processing agreements (DPAs) and provided clear guidance on responsibilities, ensuring Tappa’s privacy efforts were thorough and effective across all integrations.

Sustain

Ongoing collaboration and continuous support with sharp attention to detail, giving Tappa confidence that their GDPR approach remains sound as their product evolves.

Privacy as a dependable product feature, across every integration.

In the client’s words

“Our experience working with Atoro has been very good, and the support we received has been great. Atoro’s continuing work with us is fantastic; their attention to detail and support have been key in our complex privacy efforts.”

Jaime Pesquera, General Counsel, Tappa

FAQ

GDPR compliance FAQs

How does GDPR work for an SDK or data processor?

When your technology sits inside other companies’ apps, you are usually the data processor while your clients are the controllers. For Tappa we built a GDPR framework that clarifies exactly who is responsible for what across the ecosystem, so privacy holds up at every integration point.

Can Atoro handle our data processing agreements (DPAs)?

Yes. We crafted and implemented Tappa’s DPAs and gave clear guidance on responsibilities across all their integrations, so each client relationship rests on agreements that actually reflect how data flows through the SDK.

What does GDPR compliance involve for a B2B2C product?

A framework that clarifies the controller and processor split across the ecosystem, the DPAs and guidance that put it into practice, and ongoing support as the product evolves. For Tappa that turned a complex SDK privacy problem into a sound, scalable, fully compliant model.

Next step

Privacy baked into your product?

Book a call and we will tell you the timeline and the price for your GDPR programme in 30 minutes.

The service behind this story

GDPR compliance: frameworks, DPAs and processor controls that hold up

Outsourced DPO: a named DPO and Article 27 representation

TrustOps: keep privacy current as the product evolves