Consent, Age-Related Flags, and Data APIs
When you use the AppLovin SDK, you are responsible for complying with applicable privacy regulations. If you collect and/or transmit personally identifiable information on your own, you are responsible for protecting and managing that data. Similarly, you are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin, whether you are using your own consent mechanism or a third-party API. AppLovin provides developer APIs for passing applicable consent and age-related flags.
Best practices:
- Solicit your own legal advice. Nothing in this document should be construed as legal advice.
- Read and understand AppLovin Policies for Publishers, AppLovin’s Privacy Policy, and integration guides offered by AppLovin.
- List AppLovin as a third-party which collects data in your privacy policy, and include a link to AppLovin in your privacy policy.
This framework helps facilitate compliance with the General Data Protection Regulation (“GDPR”), certain multi-state privacy requirements as they go into effect, and various children data restrictions under GDPR, COPPA, and App Store policies. However, consent and privacy requirements may extend beyond these circumstances and should be applied accordingly.
Consent and Age-Related Flags in GDPR and Other Regions
You are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin whether you are using your own or a third-party party solution.
When you use the AppLovin SDK, AppLovin requires you to correctly set flags that indicate whether users located in certain geographic areas, including in the European Union, European Economic Area, United Kingdom, and Switzerland (collectively, the “European Countries”), have provided opt-in consent for the collection and use of personal data for interest-based advertising. AppLovin also requires you to set flags indicating whether users are in an age-restricted category or if users from certain states have opted out of sale of their information.
When you initialize the AppLovin SDK, the SDK records the values that you have set in the “Privacy States” fields—“Age Restricted User”, “Has User Consent”, and “Do Not Sell”—to the log. Because the AppLovin SDK records these “Privacy States” fields at initialization, you must set these values before you initialize the AppLovin SDK. This helps ensure that the “Privacy States” fields are set correctly. Please refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.
If the user consents to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user revokes consent to interest-based advertising.
AppLovinMAX.setHasUserConsent(true);
If the user does not consent to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.
AppLovinMAX.setHasUserConsent(false);
You must ensure you have set the consent flag correctly. If you set the consent flag correctly, the “Has User Consent” value shown in the logs will be either “true” or “false.” As described above, after you set the consent value, AppLovin will continue to respect that value for the lifetime of your application or until the consent value changes.
Refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.
AppLovin MAX supports your handling of consent values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on GDPR-supported network SDKs. Please consult with your network partner to determine the correct GDPR-supported SDK versions.
AppLovin MAX does not support your handling of consent values on behalf of Meta, Inc. You must work directly with Meta to determine any support Meta may provide for purposes of GDPR compliance.
For more details regarding age-related flags, see the section below entitled “Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Directed to, Children”.
TCF v2.0 Consent
If you have implemented a CMP (Consent Management Platform) that is compliant with IAB TCF v2.0 (Transparency & Consent Framework) for your user consent flow, AppLovin supports sending the TCF v2.0 strings as follows:
- For Amazon, BidMachine (Android), Criteo, Google, inMobi, and Smaato
- AppLovin supports SDKs reading TCF v2.0 consent strings from NSUserDefaults or SharedPreferences. The consent string is passed automatically to these networks and you do not have to do any additional configuration to make this happen.
- For BidMachine (iOS), Ogury, and DT Exchange
- AppLovin supports sending the TCF v2.0 consent strings to each network via adapters. Compatible adapter and SDK versions can be found on the individual network adapter changelogs. Please contact the network partner for more information.
Smaato started receiving traffic from European Countries on August 1st, 2022 on compatible SDK/adapter versions. Google and DT Exchange continue to receive traffic from European Countries. If you do not want to send traffic from European Countries to these networks, you can use MAX ad unit geo targeting to exclude desired countries. Please see below:
Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Exclusively Directed to, Children
To help ensure compliance with COPPA, GDPR, other age-related requirements, and the Apple App Store and Google Play Store policies, you must indicate whether a user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws). If you know that the user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:
AppLovinMAX.setIsAgeRestrictedUser(true);
If you know that the user does not fall within an age-restricted category (i.e., age 16 or older, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:
AppLovinMAX.setIsAgeRestrictedUser(false);
As explained in AppLovin’s Terms of Use Agreement and Policies for Publishers, AppLovin does not knowingly collect personal information from children or serve ads to children. Apps exclusively designed for, or exclusively directed to, children—for example, iOS Apps in the “Kids” category—may not use the AppLovin SDK.
Again, AppLovin encourages you to review the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these age-related flags.
Multi-State Consumer Privacy Laws
California and Virginia laws may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in those states opt out of interest-based advertising or a sale or share of personal information for interest-based advertising. If a user does not opt out in these ways, set the do-not-sell flag accordingly:
AppLovinMAX.setDoNotSell(false);
If a user does opt out of interest-based advertising, set the do-not-sell flag accordingly:
AppLovinMAX.setDoNotSell(true);
AppLovin MAX supports your handling of opt-out values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on supported network SDKs. Please consult with your network partner to determine the correct SDK versions.
For those networks on whose behalf MAX does not support your handling of opt-out values, you must work directly with the network to determine any support those networks may provide for purposes of your obligations for multi-state compliance.
Meta Audience Network Data Processing Options for Users in California
To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Meta for Developers documentation.
Google Play Families Policy (Android)
This section concerns updates to the Google Play Families Policy and outlines certain related updates to your use of the AppLovin SDK. You can find complete details on Google Play’s Policy Center.
Who does this policy apply to?
According to Google, if you serve ads in your app and your target audience only includes children, then you must use only Families self-certified ads SDKs. If the target audience for your app includes both children and older users you must comply with Google Play Families Policy and ensure that ads shown to children come exclusively from Families self-certified ads SDKs.
What does this mean for your use of the AppLovin SDK and MAX?
As explained in AppLovin’s Terms of Use, the AppLovin Services are not to be used in apps exclusively designed for, or exclusively directed to, children. AppLovin does not knowingly collect personal information from children or serve advertisements to children. As for mixed audience or “everyone” apps that may include children as users, as explained in AppLovin Policies for Publishers, you must include and honor all age-related flags. If you flag a user as an age-restricted user, AppLovin will not collect personal information from or serve advertisements to that user.
These are the main requirements and implications:
- If your app is designed primarily for children under the age of 13:
-
- Google Play requires that you participate in Designed for Families program and comply with Google Play’s Families Policy Requirements.
- AppLovin Services are not to be used in apps exclusively directed to children. Please see AppLovin’s Terms of Use.
- If your app is designed for everyone, including children:
-
- You must adhere to Google Play’s Families Policy Requirements.
- Visit the Manage Applications page under AppDiscovery in the AppLovin UI and select the setting Please check this box if your application needs to comply with Google Play’s Families policy. You must review the age data of your users and identify any age-restricted users in your AppLovin SDK integration. For integration instructions, see “How to set GDPR flags”. If you enable this setting then your app will not transmit the Advertising ID for children and users of unknown age.
- If your app is not designed for children:
-
- You must still meet the requirements outlined in the Google Play Developer Program Policies and Developer Distribution Agreement.
For complete details regarding the Families Policy, including tips regarding how to determine the target audience for your app, please review Google Play’s Policy Center.