Data privacy at Batch: what sets us apart.

We founded Batch in 2015, right in the midst of Edward Snowden’s revelations which exposed the first global mass surveillance programs.

In 2016, we started hearing about the upcoming European GDPR regulation, which was eventually implemented in May 2018 and changed our industry forever.

Then, in 2020, when everyone thought things were going to settle a bit, the European Union handed down a major ruling by invalidating the Privacy Shield which used to regulate data transfers between the US and the EU.

It’s been a tough decade for organizations wanting to truly put their user’s privacy and security first.

At Batch, we hold a unique position in the world of Customer Engagement & Push Notifications platforms thanks to 2 strong differentiators that let us support forward-looking organizations across Europe and beyond:

1. Being the only EU-based platform of our kind makes us impervious to extraterritorial privacy-abusing laws such as the US’s CLOUD Act and others ;

2. Having chosen the hard way to host our client's data on private hardware lets us ensure data localization in Europe at all times, amongst many other unfair advantages.

The true differentiator of being a EU-based company.

First, let’s debunk a myth.

There are no US vendors, even those running "european instances" of any kind of public cloud, that are able to guarantee true data integrity and surveillance programs imperviousness to European organizations.

None.

Why?

Because it’s never been about where the data is being stored but about where the legal entity is incorporated since laws like the CLOUD Act are by nature extraterritorial.

Hence, a US vendor could store data anywhere in the world « locally » (on those "european instances" for example) and they could still be subpoenaed back home and no one would ever know that they had handed over the data, regardless of wherever in the world it was collected and/or stored.

Hence, organizations that take data privacy really seriously have no choice:

1. They must work with EU-based vendors,

2. They must ensure those vendors themselves work with EU-based hosting providers.

And this is precisely what what we offer:

1. Batch, which is fully owned by iMediapp SA, is proudly incorporated in Paris, France. (We are not a subsidiary.)

2. We work exclusively with two EU-based publicly-traded hosting providers: OVHcloud and Scaleway.

Our infrastructure choices

And that’s not all.

At Batch, we’ve made the tough choice to use private hardware exclusively to host our client's data, not public clouds, as part of our global privacy by design initiatives.

This is what the industry calls bare-metal servers.

Simply put, it means we host our client’s data on dedicated machines (that we do not share with anybody else and can tweak entirely) and that we know where the data is stored at all times.

There are some caveats to doing this.

The main one being that it truly is the hard way, in an era where infinitely scalable platforms such as Amazon AWS or GCP (Google Cloud Platform) lets you scale to hundreds of millions in just one click.

But there are many unfair advantages too:

1. We know where our client's data is being stored at all times.
2. It is more secure than public clouds since we do not share machines and/or abstraction layers with others (e.g: shared RAM).
3. It is more cost-effective. True savings that we’re able to pass onto our clients with unlimited data look back or the ability to offer fixed rates for most of our services for example.
4. It lets us tweak for performance continually since we have complete access to our hosting stack and can decide which software and OS we want to run and how. This has always helped improve our uptime.
5. Finally, it has a reduced environmental impact which is something most of our clients are requiring more and more from their vendors.

And what about GDPR?

The GDPR itself doesn’t specify any incorporation and/or data localization requirements, but this article could hardly exist without a reminder of Batch’s approach to GDPR compliance.

In fact, companies across Europe increasingly require that their data be stored locally as part of their GDPR requirements.

These are usually:

1. publicly-traded companies,
2. healthcare companies,
3. governmental institutions,
4. Or simply companies who take data privacy, well, seriously.

Most of them now turn to Batch for their customer engagement and push notification needs.

At Batch, we approach GDPR compliance from 4 angles:

1. A comprehensive legal framework & Data Processing Agreement,
2. Database architecture designed to facilitate data request/deletion,
3. Technical tools to facilitate actual implementation (SDK methods & APIs),
4. DPO-focused tools such as our Privacy Center.

The complete list of tools, methods & best practices we make available for our clients to comply with the GDPR can be accessed on this page.

To learn more about Batch's core differenciators, visit our Top 10 Differentiators page. To discuss how we can help you accelerate your business while protecting your users, simply reach out to us.