How can I make my referral program compliant with GDPR/CCPA?
Here is a checklist of action items you will want to make sure you update for your GrowSurf campaign to stay compliant with major privacy laws:
- If importing your existing contacts into GrowSurf, make sure that you have their prior consent to communicate.
- If using the GrowSurf form element, you can enable opt-in consent and add legal language in the Campaign Editor > 2. Design > Sign Up section.
- If using GrowSurf's automagic form detection with your site's existing form(s) to add new participants, you must provide an opt-in consent checkbox and your own legal language letting new signups know that by signing up they are enrolled as participants of your referral program.
- If using the GrowSurf leaderboard element, you will need to fully mask participant email addresses in the Campaign Editor > 2. Design > Leaderboard > Leaderboard List section.
- If using the GrowSurf invite element, you will need to enable Don't store invitees' email addresses in the Campaign Editor > 2. Design > Share > Email Invites section.
- GrowSurf persistently stores the following participant data on US servers: email address, first name (if provided), last name (if provided), IP address, and browser fingerprint. To store only the bare minimum of data, navigate to Campaign Editor > 4. Options and enable strict GDPR/CCPA mode.
For full details on GrowSurf's ongoing compliance efforts, please visit https://growsurf.gdprpage.com/.