By design, all data and network traffic from your app will go directly to your webserver, exactly as it would if the user browsed your website via Mobile Safari on iOS or Mobile Chrome on Android. No website data whatsoever passes through any GoNative servers, and there is no on-going dependency on GoNative's servers or uptime at all going forward.
Therefore, from a security perspective, there is no special access GoNative requires to work. It relies on the same security, encryption, and access that exists already on your website, and all will continue to work the same way.
A license is required prior to publishing for any use of GoNative source code. Your app will check for a valid license when launched on a user's device. No personal information of any kind is retained in relation to the license check, and if the license server is unreachable for any reason the app will continue to function normally.
Based on this architecture, using GoNative does not introduce any additional known requirements to comply to the new standards introduced by the European data protection law known as the General Data Protection Regulation (GDPR) in effect starting May 25, 2018. Please note that this article is not intended to convey or constitute legal advice.