1

I have been working on a web-app as a hobby. The web-app neither collects nor processes personal data, does not set cookies (or otherwise track individual users), and also does not integrate any services that do these things.

My question is, if I deploy this app on Heroku, does Heroku do anything behind the scenes (e.g., collecting IP addresses) that would make me need to include anything in my website's privacy policy?

If my web-app doesn't save any user data do I need a privacy policy in the first place? There are a lot of mixed answers online.

For context on what the website does. The user inputs a username from a game, and a color. The data is sent to the server for the server to create an image then an image is sent back for the user.

Omar
  • 21
  • 1
  • I asked a similar question here. The answer was no: "You are only responsible for the data that you collect or process, or data that you direct others to collect or process on your behalf. You are not responsible for the actions of third parties that may carry out incidental collection or processing that you have no control over". I am not a downvoter, I think it is a good question that should be more definitively answered by those in authority. – Dave Aug 17 '21 at 11:43
  • @Dave But the answer also says “You are responsible for the data that you process, or data that you direct others to process on your behalf.” Here, Heroku would be serving the web-app on OP's behalf. But whether that matters depends on whether GDPR would even apply. You indicated UK jurisdiction for your question, OP here doesn't indicate any location or context. – amon Aug 17 '21 at 12:36
  • It definitely seems to be an unsolved issue. When you sign up for web hosting, you cannot get the hosts to not log IP addresses, and you sign a contract to that effect. Is that "directing others to collect"? It seems no one really knows until it goes to court, which is hurting businesses today. – Dave Aug 17 '21 at 13:20

0 Answers0