Privacy

Consent, Age-Related Flags, and Data APIs

When you use the AppLovin SDK, you are responsible for complying with applicable privacy regulations. If you collect and/or transmit personally identifiable information on your own, you are responsible for protecting and managing that data. Similarly, you are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin, whether you are using your own consent mechanism or a third-party API. AppLovin provides developer APIs for passing applicable consent and age-related flags.

Best practices:

This framework helps facilitate compliance with the General Data Protection Regulation (“GDPR”), certain multi-state privacy requirements as they go into effect, and various children data restrictions under GDPR, COPPA, and App Store policies. However, consent and privacy requirements may extend beyond these circumstances and should be applied accordingly.

Consent and Age-Related Flags in GDPR and Other Regions

You are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin whether you are using your own or a third-party party solution.

When you use the AppLovin SDK, AppLovin requires you to correctly set flags that indicate whether users located in certain geographic areas, including in the European Union, European Economic Area, United Kingdom, and Switzerland (collectively, the “European Countries”), have provided opt-in consent for the collection and use of personal data for interest-based advertising. AppLovin also requires you to set flags indicating whether users are in an age-restricted category or if users from certain states have opted out of sale of their information.

When you initialize the AppLovin SDK, the SDK records the values that you have set in the “Privacy States” fields—“Age Restricted User”, “Has User Consent”, and “Do Not Sell”—to the log. Because the AppLovin SDK records these “Privacy States” fields at initialization, you must set these values before you initialize the AppLovin SDK. This helps ensure that the “Privacy States” fields are set correctly. Please refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.

If the user consents to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user revokes consent to interest-based advertising.

AppLovinMAX.setHasUserConsent(true);

If the user does not consent to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.

AppLovinMAX.setHasUserConsent(false);

You must ensure you have set the consent flag correctly. If you set the consent flag correctly, the “Has User Consent” value shown in the logs will be either “true” or “false.” As described above, after you set the consent value, AppLovin will continue to respect that value for the lifetime of your application or until the consent value changes.

Refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.

MAX Mediation Debugger. Age Restricted User: false. Has User Consent: true. “Do Not Sell”: false. MAX Mediation Debugger. Age Restricted User: false. Has User Consent: true. “Do Not Sell”: false.

AppLovin MAX supports your handling of consent values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on GDPR-supported network SDKs. Please consult with your network partner to determine the correct GDPR-supported SDK versions.

AppLovin MAX does not support your handling of consent values on behalf of Meta, Inc. You must work directly with Meta to determine any support Meta may provide for purposes of GDPR compliance.

For more details regarding age-related flags, see the section below entitled “Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Directed to, Children”.

TCF v2 Consent

As of AppLovin MAX SDK version 12.0.0, if you use Google’s CMP (UMP), MAX takes care of CMP integration and ensures that the consent status is established correctly when you initialize the SDK. See “Google UMP Automation” for more details (Android, iOS). However, if you use a different CMP, you must perform this integration yourself and you must ensure that the CMP establishes consent status correctly before you initialize the SDK.

If you access Google demand through MAX, it is critical that you review the Google CMP requirements before you start the integration process.

If you implement a CMP that is compliant with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, AppLovin supports sending the TCF v2 strings to networks in the following ways:

For Amazon, BidMachine (Android), Google, inMobi, Smaato, and Verve
These SDKs automatically read the TCF v2 consent strings from NSUserDefaults or SharedPreferences and you do not have to do any additional configuration to make this happen.
For BidMachine (iOS), DT Exchange, MobileFuse, and Ogury
MAX SDK sends the TCF v2 consent strings to each network via adapters. You can find compatible adapter and SDK versions on the individual network adapter changelogs. Contact the network partner for more information.
For LiftOff Monetize
Because it is in the Global Vendor List (GVL), the MAX SDK checks the consent status in the TCF v2 string and passes the consent state to the network through the adapter.
For AppLovin, Chartboost, IronSource, and LINE
If you use Google UMP as your CMP, the MAX SDK leverages Google UMP’s Additional Consent (AC) Mode and sends the consent states in the AC string to each network via adapters. If you do not use Google UMP as your CMP, contact your CMP provider to learn how to send the consent state to these networks.
For Meta Audience Network
If you use Google UMP as your CMP, you can read the consent state by following their Additional Consent Mode guide and forward it to their SDK. For specific instructions, see “Meta Audience Network Data Processing Options” (Android, iOS). If you do not use Google UMP as your CMP, contact your CMP provider to learn how to send the consent state to Meta Audience Network.
For custom networks and networks that are not compliant with TCF v2
Although such networks are included in the final waterfall, the MAX SDK does not pass any consent flags to them via the adapter.

Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Exclusively Directed to, Children

To help ensure compliance with COPPA, GDPR, other age-related requirements, and the Apple App Store and Google Play Store policies, you must indicate whether a user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws). If you know that the user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:

AppLovinMAX.setIsAgeRestrictedUser(true);
AppLovinSdk.getInstance( context ).initializeSdk(…);

If you know that the user does not fall within an age-restricted category (i.e., age 16 or older, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:

AppLovinMAX.setIsAgeRestrictedUser(false);
AppLovinSdk.getInstance( context ).initializeSdk(…);

As explained in AppLovin’s Terms of Use Agreement and Policies for Publishers, AppLovin does not knowingly collect personal information from children or serve ads to children. Apps exclusively designed for, or exclusively directed to, children—for example, iOS Apps in the “Kids” category—may not use the AppLovin SDK.

Again, AppLovin encourages you to review the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these age-related flags.

Multi-State Consumer Privacy Laws

State laws in the United States may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in the relevant states opt out of interest-based advertising or the sale or share of personal information for interest-based advertising. If a user does not opt out in these ways, set the do-not-sell flag accordingly:

AppLovinMAX.setDoNotSell(false);

If a user does opt out of interest-based advertising, set the do-not-sell flag accordingly:

AppLovinMAX.setDoNotSell(true);

AppLovin MAX supports your handling of opt-out values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on supported network SDKs. Please consult with your network partner to determine the correct SDK versions.

For those networks on whose behalf MAX does not support your handling of opt-out values, you must work directly with the network to determine any support those networks may provide for purposes of your obligations for multi-state compliance.

Meta Audience Network Data Processing Options for Users in California

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Meta for Developers documentation.

Google Play Families Policy (Android)

This section concerns updates to the Google Play Families Policy and outlines certain related updates to your use of the AppLovin SDK. You can find complete details on Google Play’s Policy Center.

Who does this policy apply to?

According to Google, if you serve ads in your app and your target audience only includes children, then you must use only Families Self-Certified Ads SDKs. If the target audience for your app includes both children and older users you must comply with Google Play Families Policy and ensure that ads shown to children come exclusively from Families Self-Certified Ads SDKs.

What does this mean for your use of the AppLovin SDK and MAX?

As explained in AppLovin’s Terms of Use, the AppLovin Services are not to be used in apps exclusively designed for, or exclusively directed to, children. AppLovin does not knowingly collect personal information from children or serve advertisements to children.

As for mixed audience or “everyone” apps that may include children as users, as explained in AppLovin Policies for Publishers, you must include and honor all age-related flags. If you flag a user as an age-restricted user, AppLovin will not collect personal information from or serve advertisements to that user. Additionally, because Google requires that ads shown to children come exclusively from Families Self-Certified Ads SDKs, those ads SDKs that have not self-certified compliance with Google Play policies, such as the Families Self-Certified Ads SDK requirements, are not eligible to participate in MAX auctions.

These are the main requirements and implications:

If your app is designed primarily for children under the age of 13:
If your app is designed for everyone, including children:
  • You must adhere to Google Play’s Families Policy Requirements.
  • Visit the Manage Applications page under AppDiscovery in the AppLovin UI and select the setting Please check this box if your application needs to comply with Google Play’s Families policy. You must review the age data of your users and identify any age-restricted users in your AppLovin SDK integration. For integration instructions, see “How to set GDPR flags”. If you enable this setting then your app will not transmit the Advertising ID for children and users of unknown age.
If your app is not designed for children:

For complete details regarding the Families Policy, including tips regarding how to determine the target audience for your app, please review Google Play’s Policy Center.