Navigating Complex Privacy: How Tappa Embedded GDPR into its Social Keyboard SDK with Atoro
Company Overview:
Tappa is a technology company that provides a software development kit (SDK) allowing other mobile apps to integrate a customizable, interactive keyboard. This keyboard enhances the user experience, often for social media apps, by enabling unique content creation and sharing directly from the keyboard interface. Managing the data privacy implications of an SDK embedded in third-party apps is a core legal and operational challenge.
Our experience working with Atoro has been very good, and the support we received has been great. Atoro's continuing work with us is fantastic; their attention to detail and support have been key in our complex privacy efforts.
Jaime Pesquera
General Counsel, Tappa
Introduction
For Tappa, whose technology sits inside other companies’ applications, data privacy is not just a policy—it’s a product feature. Their innovative keyboard SDK for social and content apps operates in a complex ecosystem of data controllers and processors. Ensuring ironclad GDPR compliance is fundamental to earning the trust of both their developer clients and end-users.
The Challenge: Ensuring GDPR Compliance in a Complex B2B2C Model
Tappa’s primary objective was to achieve and maintain robust, company-wide GDPR compliance for a product with unique challenges. They needed to address the intricacies of being a data processor through their SDK while their clients act as data controllers. This required deep legal and technical expertise to build a compliance framework that was both sound and scalable.
The Atoro Partnership: Detail-Oriented Support for a Unique Tech Stack
The partnership with Atoro has been central to navigating Tappa’s complex privacy landscape. Described as “very good,” the engagement has focused on continuous support and a sharp attention to detail. Atoro’s expertise was key in tackling the specific challenges of an SDK model—from crafting data processing agreements (DPAs) to providing clear guidance on responsibilities, ensuring Tappa’s privacy efforts were thorough and effective.
The Outcome: A Confident and Compliant Privacy Program
With Atoro’s help, Tappa has successfully built and maintained a strong privacy program. The ongoing collaboration and expert support have been critical, providing Tappa with the confidence that their approach to GDPR is sound, which in turn provides crucial assurance to their app developer clients.
Cloud-Native Expertise
Whether it’s AWS, Azure, or GCP, we deliver audit recommendations that actually work with your infrastructure—not just textbook theory.
Engineers, Not Just Auditors
Our team combines ISO 27001 certification with hands-on experience in cybersecurity engineering. We understand systems at both the compliance and technical level.
Fast, Minimal Disruption
Our agile approach fits around your workflows—delivering full audits in under 4 weeks with zero slowdown.
Compliance Made Practical
We help you meet the standard in a way that actually works for your team—clear steps, smart prioritisation, and zero wasted effort.
