Let's talk about GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive European law governing the collection, storage, deletion, modification, and processing of personal data belonging to individuals in the European Union (EU). Adopted on 27 April 2016 and enforceable from 25 May 2018, it replaces Directive 95/46/EC and standardizes data protection across all EU member states. GDPR applies to any organization processing personal data of EU residents, regardless of the company’s location, and requires that obligations be passed down to all third-party processors handling that data.
When will GDPR be effective?
GDPR became enforceable on 25 May 2018.
What is a data controller?
A data controller determines the purposes and means of processing personal data. Back4app clients generally act as data controllers for any personal data they collect and make available on the Back4app platform.
What is a data processor?
A data processor acts on behalf of a controller to process personal data. Back4app typically serves as a data processor, performing operations such as collection, recording, storage, retrieval, consultation, use, disclosure, and deletion of personal data as instructed by our clients.
Who does GDPR apply to?
GDPR covers all organizations, regardless of location, that process personal data of EU individuals. "Personal data" means any information relating to an identified or identifiable person.
Back4app’s role under GDPR
- Back4app clients will usually act as the data controller for any personal data made available to Back4app.
- Back4app will typically act as the data processor for any person data made available by our customers.

Back4app as data controller
Back4app acts as a data controller when determining purposes and means of processing on our platform. Examples include:
- Account registration, administration, and service access data.
- Data collected during support activities.
Back4app as data processor
Back4app processes personal data on behalf of our clients, performing any operation covered by GDPR, such as storage, retrieval, adaptation, and deletion of personal data.
Does Back4app offer a DPA - Data Processing Addendum?
Back4app’s GDPR‑compliant Data Processing Addendum (DPA) is now incorporated directly into our Terms of Service.
Are Back4app services GDPR compliant?
If you qualify as a data controller under GDPR, Back4app offers GDPR‑compliant hosting plans. The GDPR obligations and protections are covered by the incorporated DPA within our Terms of Service.