GDPR compliance is a complex topic. in Germany, for some reason, GDPR compliance is taken extremely seriously even more seriously than in other EU countries. What that means for me as a software developer providing clients with solutions is that I have to make sure every server and every framework that is in touch with my clients’ data has been proven to be compliant with the GDPR rules. if I am not able to give my client proof of the compliance of my solutions I’m not able to do business with them. Especially pharma companies and any official governmental institutions are very aware of the GDPR rules. in our agency we love to make applications with play canvas and our clients increasingly give us a hard time because of the GDPR rules that are not confirmed by playcanvas. I was not able to find any GDPR compliance statement on your website. Is Playcanvas especially the service of hosting a game or experience from your service GDPR compliant? if yes please do establish a page stating this fact because my clients are not satisfied with just me saying hey they are compliant. They demand to have it in writing at least on your website. What I mean you can see here with this statement some other software service in UK has on their homepage for example Privacy Notice
The issue is not solved sorry. Actually that was my post and back then I thought the infos on the privacy webpage of Playcanvas would clear the issue but the information on that site is not specific enough in terms of the European Data Guidlines and talks about Data Security in general at Playcanvas. That won’t fly with our clients. The information provided has to be way more specific. I could not find a sentence that would state clearly that Playcanvas and it’s Hosting Platform (not only the service) is compliant to GDPR. So that is the issue. Cheers Clarence
The way the GDPR is applied in Germany and Swiss as well is that I if I provide a software solution that uses Playcanvas I have to make sure that you guys are compliant to the GDPR or I can get sued by my clients later for not providing solutions that are compliant to GDPR. The fine that these companies can hit you with is ridiculously high. Most of the time if you are working with big companies now they will confront you with a contract that I as a company am reliable to implement the GDPR including all 3 party software and frameworks I’m using. So I have to provide proof that the companies I’m working with are compliant. In the end my clients can get sued by the end users and they basically pass liability over to the agency via contract. In some cases, the entities that are giving us the job want to see a written a document of the compliance of the third parties to GDPR coming from the third parties themselves (that is the worst case) before they make a contract. But what can you do that is the law here now. So there we go. We like to use Playcanvas but if you can’t guarantee compliance to our clients we are legally in a very bad place.
You seem to describe more of a “why” you need it, and less about how the current privacy policy does not comply with GDPR requirements. You could always self-host, if the policy is not suitable for you and come up with one that fits your needs.
We will be talking to our legal team about amending the privacy policy to explicitly state this as it can’t hurt to have that extra assurance for clients and users. However this is not going to be an overnight change so I wouldn’t wait on it.
Our current terms are GDPR compliant despite not explicitly stating it.
@yaustar adding a “We are GDPR compliant” to the privacy policy does not make it so and has no legal merit to it. Perhaps, could be added just for those, who wants a TLDR