The Story
Your trip planner is doing well. People are signing up, planning trips, uploading photos, paying for premium features. You check your analytics one morning and notice something interesting: users from Germany, France, the Netherlands, Spain. Real people, in Europe, using your app.
And then you get an email. It’s from a user in Berlin. Very polite. One sentence: “How do I download my data?”
You stare at it. Download their data? What data? You mean like… everything? Their account info? Their trips? Their uploaded photos? You don’t even have a button for that. You don’t even know where all their data lives.
Then you google “European users data rights” and your stomach drops.
It’s called GDPR — the General Data Protection Regulation. It’s a European law that says if you store personal data from people in Europe, those people have rights. The right to know what you’re storing. The right to download all of it. The right to delete all of it. The right to say no to tracking. And if you don’t comply, the fines are staggering. We’re talking up to four percent of annual revenue or twenty million euros, whichever is higher.
Now, you’re probably not going to get a twenty-million-euro fine for your trip planner. But here’s the thing — GDPR isn’t optional. It applies the moment a European user signs up. And beyond the legal side, it’s just good practice. Your users should know what you’re collecting, should be able to get a copy of their data, and should be able to leave and take their data with them. That’s just being a good app.
The good news: you don’t need a lawyer to get the basics right. You need a consent banner, a privacy policy, a data export button, and a delete account button. That’s the checklist. Let’s build it.
This lesson continues with the full course
The story intro above is free to read. The full lesson — prompts, explanations, and adapt-it exercises — requires the Full Course ($249) tier or above.