Hi,
I’m preparing a vendor due diligence response for a client project that uses the 8th Wall SDK and need to confirm a few details for compliance and data protection documentation.
Could you please help clarify the following points regarding data collected and processed by the SDK during use in a web-based AR experience?
-
What categories of data are collected by the SDK during AR session operation (for example, IP address, device telemetry, geolocation, or session identifiers)?
-
Where are these data points processed and stored (for example, specific cloud provider regions or countries)?
-
What is the data retention period for any telemetry or IP logs? Are these deleted after the session ends, or retained for operational purposes?
-
Does 8th Wall have a Data Processing Addendum (DPA) or similar document outlining its privacy and security obligations?
-
For self-hosted implementations, does the SDK still send telemetry or IP data to 8th Wall or Niantic servers, or is all processing fully local?
We do not collect or transmit any personal identifiers (names, emails, etc.) through our implementation, but our client’s data protection team requires clarity on how 8th Wall handles any indirect identifiers such as IP addresses and device telemetry.