The USA, 2017 - Present
5 engineers

CCPA, LGPD, GDPR compliance management and automation tool

Developed for a gaming company. This web tool helps casual game production companies to be GDPR, LGPD, and CCPA compliant. It supports Android, iOS, Facebook, Amazon games, stores and handles over 100M users in the database. Receives and processes over 40,000 requests from gamers every day.

 

The technical stack includes:

С# .NET Core EF Core PythonJavaScriptAngularJSMySQLDynamoDB Elastic Cache Redis AWSAmazon S3Amazon Athena DockerKinesis Kubernetes AWS SDK KDS ELK
GDPR & CCPA compliance management and automation tool, screen 1

The problem

A very successful 12 years old gaming company with amazing experience in creating games had no experience in building highly loaded databases and managing web applications. When personal information privacy laws appeared they faced many data processing tasks. They hired us to develop a tool to process all requests from users connected with GDPR and CCPA compliances.
 

The team

For better integration with existing software, Microsoft stack was chosen and we built a team with 4 senior .NET developers, 2 testers, a business analyst, a project manager, and a DevOps. After all, the software was developed and stabilized we reduced the team to 5 engineers in total to optimize the cost, providing full technical support.
 

Our approach

Before designing this software we reviewed and studied the whole game development process, releases, collecting information, etc. Then we analyzed all requirements gathered from 5 different employees from the business team and documented the architecture of all software the customer uses for the business. This gave us a solid foundation to design this management tool and integrate it into the business.

Long term support

After 1 year of development and support, we entered long-term contracts and created a dedicated team that works on the project full time. It is fully integrated with the business core team and game development teams. We visit each other 2 times per year for 1-2 weeks of face to face collaboration, building plans, roadmaps, and discussing potential functionalities.

Managing sensitive information

This tool helps to fully meet GDPR (Europe), CCPA  (America), and LGPD (Brazil) requirements. Used by a gaming company with 100M registered users, it automates all workflow connected with RTBF (Right To Be Forgotten) and portability requests.

All users' sensitive information is stored in a secured way that gives NO access to any 3d parties to the personal data.

We designed request data to consist of multiple tasks that needed to be done to complete a request. Each task is a data-removing action in a certain part of the big infrastructure of the gaming business. We designed a UI that helps to manage the execution of all tasks and requests on just one page!
 

GDPR & CCPA compliance management tool, screen 2

High load back-end

We designed bigdata infrastructure that handles 100M users receiving more than 40,000 requests daily. A combination of SQL, DynamoDB, and Redis was used to develop a high load back-end.

Because of a few technical reasons we decided to use files and Amazon S3 to store encrypted codes of information chunks.

The microservice architecture was used to build a  cost-efficient back-end that quickly updates bigdata and manages file storage using Amazon Athena as a connector between files and SQL.

GDPR & CCPA compliance application, screen 3

3d party vendor integration

We made a list of 3d party vendors that a company can configure to dispatch RTBF requests to them.

We automated data deletion in Flurry (data analytics), Leanplum (customer engagement), and Helpshift (customer service) systems, thus a long chain of deleting user's information requires no labor.

Admin can add more vendors using a form. Every vendor will automatically get a notification email about the deletion request.

GDPR & CCPA compliance application, screen 4

Mail reporting

We picked up Amazon SES to send emails and Amazon SNS to get email notifications back into our system.

A custom UI was designed to let admins manage vendor lists, see email statuses and download an attached file to check information IDs (claim codes).

To simplify the deletion process for a vendor we attach a file with encoded IDs of the records to remove. So, no one can see whose data and what exactly is removed but they can perform the action totally securely.

GDPR & CCPA compliance management application, screen 5

Do you have a similar SaaS product that requires development?

Whatever stage your SaaS solution is at, get in touch with us to discuss it. It is FREE and we engage fast. We will help you with onboarding the right engineers with strong experience in SaaS development and a deep understanding of SaaS business, better planning, priorities, and realistic estimations.

 
Andrew
Ryzhokhin
Chief Executive Officer