Security & Compliance

Hosting Built to SupportGDPR Compliance

Back4app is a secure hosting platform committed to helping you achieve and maintain GDPR compliance. Build with confidence knowing your data is protected by industry-leading security measures.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive European law governing the collection, storage, deletion, modification, and processing of personal data belonging to individuals in the European Union (EU). Adopted on 27 April 2016 and enforceable from 25 May 2018, it replaces Directive 95/46/EC and standardizes data protection across all EU member states.

GDPR applies to any organization processing personal data of EU residents, regardless of the company's location, and requires that obligations be passed down to all third-party processors handling that data.

Key GDPR Concepts

Understanding the fundamental roles and responsibilities under GDPR

Data Controller

Determines the purposes and means of processing personal data. Back4app clients generally act as data controllers for personal data they collect and make available on the platform.

Data Processor

Acts on behalf of a controller to process personal data. Back4app serves as a data processor, handling storage, retrieval, adaptation, and deletion as instructed by clients.

Who It Applies To

GDPR covers all organizations, regardless of location, that process personal data of EU individuals. "Personal data" means any information relating to an identified or identifiable person.

Back4app's Role Under GDPR

How we handle your data as both a controller and processor

1

As Data Controller

Back4app acts as a data controller when determining purposes and means of processing on our platform. Examples include:

  • Account registration, administration, and service access data
  • Data collected during support activities
  • Customer communications and email records
User
Back4AppController
2

As Data Processor

Back4app acts as a Data Processor under the GDPR, processing personal data on behalf of its clients (Data Controllers) and in accordance with their instructions. Examples include:

  • Storage, hosting, and retrieval of personal data
  • Technical operations to operate, maintain, and secure client applications
  • Deletion or destruction of personal data, as instructed by clients
EU Citizen
App DeveloperController
Back4AppProcessor

Frequently Asked Questions

Common questions about GDPR and Back4app's compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive European law governing the collection, storage, deletion, modification, and processing of personal data belonging to individuals in the European Union. It became enforceable on 25 May 2018 and applies to any organization processing personal data of EU residents, regardless of the company's location.

What is a data controller?

A data controller determines the purposes and means of processing personal data. Back4app clients generally act as data controllers for any personal data they collect and make available on the Back4app platform.

What is a data processor?

A data processor acts on behalf of a controller to process personal data. Back4app typically serves as a data processor, performing operations such as collection, recording, storage, retrieval, consultation, use, disclosure, and deletion of personal data as instructed by our clients.

Who does GDPR apply to?

GDPR covers all organizations, regardless of location, that process personal data of EU individuals. 'Personal data' means any information relating to an identified or identifiable person, including names, email addresses, IP addresses, and more.

Does Back4app offer a Data Processing Addendum (DPA)?

Yes, Back4app's GDPR-compliant Data Processing Addendum (DPA) is incorporated directly into our Terms of Service. This ensures that all GDPR obligations and protections are automatically covered when you use our platform.

Are Back4app services GDPR compliant?

Back4app provides infrastructure and contractual safeguards designed to support GDPR compliance for customers acting as data controllers. GDPR obligations and protections are addressed through the Data Processing Addendum (DPA) incorporated into Back4app's Terms of Service.

How does Back4app protect my data?

Back4app implements comprehensive security measures including encryption at rest and in transit, regular security audits, access controls, and compliance with industry standards.

Build with confidence.
Your data is protected.

Start building applications with infrastructure designed to support GDPR compliance. No credit card required.

This page is provided for informational purposes only and does not constitute legal advice or form part of any contractual agreement. The definitions and descriptions provided here are subject to and governed by Back4app's Terms of Service, Privacy Policy, and Data Processing Addendum, which prevail in the event of any inconsistency.