The USA, 2017 - Present
5 engineers

CCPA, LGPD, GDPR Compliance Management and Automation Tool

Developed for a gaming company. This web tool helps casual game production companies to be GDPR, LGPD, and CCPA compliant. It supports Android, iOS, Facebook, Amazon games, stores and handles over 100M users in the database. Receives and processes over 40,000 requests from gamers every day.


The technical stack includes:

С# .NET Core EF Core PythonJavaScriptAngularJSMySQLDynamoDB Elastic Cache Redis AWSAmazon S3Amazon Athena DockerKinesis Kubernetes AWS SDK KDS ELK
GDPR & CCPA compliance management and automation tool, screen 1

The problem

A very successful 12 years old gaming company with fantastic experience in creating games had no experience building highly loaded databases and managing web applications. When personal information privacy laws appeared they faced many data processing tasks. They hired us to develop a tool to process all requests from users connected with GDPR and CCPA compliances.

The team

For better integration with existing software, Microsoft stack was chosen and we built a team with 4 senior .NET developers, 2 testers, a business analyst, a project manager, and a DevOps. After all, the software was developed and stabilized we reduced the team to 5 engineers to optimize the cost, providing full technical support.

Our approach

Before designing this software, we reviewed and studied the whole game development process, releases, collecting information, etc. Then we analyzed all requirements gathered from 5 different employees from the business team and documented the architecture of all software the customer uses for the business. This gave us a solid foundation to design and integrate this management tool into the business.

Long term support

After 1 year of development and support, we entered long-term contracts and created a dedicated team that works on the project full-time. It is fully integrated with the business core team and game development teams. We visit each other 2 times per year for 1-2 weeks of face-to-face collaboration, building plans, roadmaps, and discussing potential functionalities.

Managing sensitive information

This tool helps to fully meet GDPR (Europe), CCPA  (America), and LGPD (Brazil) requirements. Used by a gaming company with 100M registered users, it automates all workflow connected with RTBF (Right To Be Forgotten) and portability requests.

All users' sensitive information is stored in a secured way that gives NO access to any 3d parties to the personal data.

We designed request data to consist of multiple tasks that needed to be done to complete a request. Each task is a data-removing action in a certain part of the big infrastructure of the gaming business. We designed a UI that helps to manage the execution of all tasks and requests on just one page!

GDPR & CCPA compliance management tool, screen 2

High load back-end

We designed a big data infrastructure that handles 100M users receiving over 40,000 requests daily. A combination of SQL, DynamoDB, and Redis was used to develop a high-load back-end.

Because of a few technical reasons, we decided to use files and Amazon S3 to store encrypted codes of information chunks.

The microservice architecture was used to build a  cost-efficient back-end that quickly updates big data and manages file storage using Amazon Athena as a connector between files and SQL.

GDPR & CCPA compliance application, screen 3

3d party vendor integration

We made a list of 3d party vendors that a company can configure to dispatch RTBF requests to them.

We automated data deletion in Flurry (data analytics), Leanplum (customer engagement), and Helpshift (customer service) systems, thus, a long chain of deleting user's information requires no labor.

Admin can add more vendors using a form. Every vendor will automatically get a notification email about the deletion request.

GDPR & CCPA compliance application, screen 4

Mail reporting

We picked up Amazon SES to send emails and Amazon SNS to get email notifications back into our system.

A custom UI was designed to let admins manage vendor lists, see email statuses and download an attached file to check information IDs (claim codes).

To simplify the deletion process for a vendor we attach a file with encoded IDs of the records to remove. So, no one can see whose data and what exactly is removed but they can perform the action totally securely.

GDPR & CCPA compliance management application, screen 5

Do you have a similar product that requires development?

Whatever stage your solution is at, contact us to discuss it. It is FREE and we engage fast. We will help you onboard the right engineers with solid experience in SaaS development and a deep understanding of SaaS business, better planning, priorities, and realistic estimations.

Chief Executive Officer