Data Protection and Privacy

These changes assist you in preparing for data compliance regulations, such as the European Union’s General Data Protection Regulation. For a full overview of Salesforce’s approach to managing compliance, visit Salesforce Privacy.

The MobilePush SDK supports three privacy modes that can affect your application’s usage of MobilePush.

Each mode restricts the functionality of the MobilePush SDK and can impact your customers’ experience.

Use this mode when a contact requests that you remove all data related to them from Marketing Cloud Engagement. This mode marks a contact, identified by the SDK’s contact key string, as forgotten. This setting prevents Engagement's marketing activities from storing data or interacting with the contact for marketing activities. Engagement servers host this status.

By default, this suppression lasts for 14 days. You can configure the suppression period in Contact Builder in Marketing Cloud Engagement. At the end of the suppression period, Engagement permanently deletes all contact data.

The SDK restricts all functionality after it receives the first Right to be Forgotten mode change for a contact from the server, either through a silent push notification or when your application enters the foreground.

This mode completely disables the following functions for the lifecycle of your application regarding this contact.

  • Push notifications
  • Analytics tracking
  • Inbox
  • Geofence and beacon messaging
  • Configuration changes

For your contact to use Engagement services again, they must delete and reinstall your application on their mobile device. That contact must then reconfigure the SDK for usage.

This mode marks a contact, identified by the SDK’s contact key string, as restricted from processing. This mode restricts all data operations for that contact.

  • Modifying information
  • Deleting information
  • Changing registration state
  • Sending pushes
  • Creating inbox messages
  • Processing Analytics

The MobilePush SDK acts to restrict all functionality after it receives a Restriction of Processing mode change for a contact from the server.

This mode completely disables the following functionalities when the contact is in a restricted state.

  • Push notifications
  • Analytics tracking
  • Inbox
  • Geofence and beacon messaging
  • Configuration changes

If the contact moves off the restriction state and is again usable, a silent push notification or your application entering the foreground notifies the SDK of the state change. This state change automatically reconfigures the SDK for use, based on your last-used configuration settings.

This mode marks a contact, identified by the SDK’s contact key string, as restricted from tracking activities. This setting restricts certain data operations that collect or act upon Personally Identifiable Information (PII).

If a contact has been moved to Do Not Track, the SDK restricts functionality after it receives the first change in mode from the server, either via a silent push notification or when your application enters the foreground.

While enabled, this state completely disables behavioral analytic tracking, geofence, and beacon messaging, while push notifications and inbox functionality continue to work. While in Do Not Track state, the SDK can also continue to change registration attributes, such as tags and attributes.

Behavioral analytic tracking includes the following events.

  • User events
  • Message open events
  • App open and close events

If the contact moves out of the Do Not Track state, the SDK receives notification of the change in state, either via a silent push notification or when your application enters the foreground. This change automatically reconfigures the SDK for use, based on your last-used configuration settings.

To prepare your application for data privacy compliance, implement the April 2018 version or newer of the MobilePush SDKs as soon as possible.

For Android apps, ensure that you implement version 5.5.0 or above of the MobilePush SDK. This version of the SDK uses the necessary underlying architecture to enable data compliance functionality.

For iOS apps, ensure that you implement version 5.1.0 or above of the MobilePush SDK. This version of the SDK uses the necessary underlying architecture to enable data compliance functionality. Additionally, enable background refresh in your application to assure the best opportunity for silent push notification delivery for seamless mode enablement. For more information on data protection, see iOS Data Protection.