How does Linchpin Mobile comply with GDPR and Data Protection in our company?

The following questions came up, when we planned to roll out Linchpin Mobile internally:

  1. How does Linchpin Mobile collect data? Which data is it?
  2. How can this tracking be deactivated?
  3. Does this app need special features of the operation system (e.g. geo-based tracking, …)?
  4. How is the GDPR “Right to be forgotten” implemented?

The connection between your Atlassian Confluence with Linchpin and Linchpin Mobile is encrypted. No one but your company and your employees can access it. At this point in time we only save data during the active session in the app and delete it afterwards. We plan to add some offline capabilities.

But outsiders cannot access the content within the Linchpin Mobile app (Atlassian Marketplace, iOS, Android). Even if you use our Cloud Gateway server to bridge the connection to your behind the firewall Linchpin we cannot see any data. Everything is end to end encrypted. Refer to our Linchpin Mobile security concept to learn more about how the Gateway server is so secure.

We do however track anonymous usage if our users opt in with Google Firebase. Every user can activate or deactivate the feature. If you want to deactivate the tracking by default, you’ll have to get your own branded app with feature flags. We can customize this app for this and add other features.

The app will work without special features or rights. We do not make use of geo-based tracking at all at this point. The only special features of the phone, that we use is to take and upload pictures, videos and files and to send personalized push notifications. Both features only work if the users gives the app access.

This is a question that you need to tackle within Confluence as no data is permanently stored on the phones. There are multiple solutions available in the Atlassian Marketplace.