EU General Data Protection Regulation (GDPR) and TrueLoyal (UGC Platform)

In this article, we will cover:

• GDPR Compliance Overview for UGC Clients
• Categories of Personal Data Processed within the TrueLoyal Platform
  • Category 1 - TrueLoyal Account Data
  • Category 2 - Information about how TrueLoyal customers use our product
  • Category 3 - Information about how the end user uses the product
  • Category 4 - Aggregated data from major social networks
  • Category 5 - Aggregated data from non-social-networks

GDPR Compliance Overview for UGC Clients

The GDPR is a comprehensive EU regulation that governs how personal data is handled. Its purpose is to ensure individuals are informed about, and consent to, how their data is collected and shared with third parties.

Most GDPR requirements have limited impact on the UGC component of TrueLoyal. This is because the platform does not collect highly sensitive personal data such as names, IP addresses, health records, or social security information. The majority of data processed is either publicly available or already covered by End User License Agreements (EULAs) within the source systems. Additionally, TrueLoyal does not sell user data, which is a key consideration under GDPR.

That said, it remains important to understand the categories of data collected within the UGC component and how they relate to GDPR compliance:

Categories of Personal Data Processed within the TrueLoyal Platform

Category 1 - TrueLoyal Account Data

Examples:

• TrueLoyal account email addresses
• TrueLoyal account passwords

Notes

• This data is compliant with GDPR because consent is covered by TrueLoyal’s privacy policy which TrueLoyal’s users agree to when they sign up for TrueLoyal.

Category 2 - Information about how TrueLoyal customers use our product

Examples:

• Google Analytics - Product usage analytics
• Mixpanel - Product usage analytics

Notes

• This data is compliant with GDPR Covered by TrueLoyal’s privacy policy

Category 3 - Information about how the end user uses the product

Examples:

• Engagement Analytics on TrueLoyal embeds
  • Clicks on TrueLoyal posts
  • Clicks on TrueLoyal Calls-to-Action buttons on posts
  • TrueLoyal embed views

Notes

This is the most sensitive category of information that applies to the most customers.

Category 4 - Aggregated data from major social networks

Examples:

• Instagram posts
• X posts
• Facebook posts

Notes

• The aggregation of social data falls under the GDPR personal data regulations.
• The social network’s End User License Agreement (EULA) covers consent for this data.
• We implement compliance with the social network to make sure that posts that are deleted or modified on the social network are reflected in our database. 

Category 5 - Aggregated data from non-social-networks

Examples:

• RSS content

Notes

• Content from these channels does NOT have the protection of an EULA. The responsibility falls on the customer to make sure that they comply with GDPR when they use these sources, and that they have gotten the proper consent for the data being aggregated.