Consent, Age-Related Flags, and Data APIs

When you use the AppLovin SDK, you are responsible for complying with applicable privacy regulations. If you collect and/or transmit personally identifiable information on your own, you are responsible for protecting and managing that data. Similarly, you are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin, whether you are using your own consent mechanism or a third-party API. AppLovin provides developer APIs for passing applicable consent and age-related flags.

Best practices:

• Solicit your own legal advice. Nothing in this document should be construed as legal advice.
• Read and understand AppLovin Policies for Publishers, AppLovin’s Privacy Policy, and integration guides offered by AppLovin.
• List AppLovin as a third-party which collects data in your privacy policy, and include a link to AppLovin in your privacy policy.

This framework helps facilitate compliance with the General Data Protection Regulation (“GDPR”), certain multi-state privacy requirements as they go into effect, and various children data restrictions under GDPR, COPPA, and App Store policies. However, consent and privacy requirements may extend beyond these circumstances and should be applied accordingly.

Consent and Age-Related Flags in GDPR and Other Regions

You are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin whether you are using your own or a third-party party solution.

When you use the AppLovin SDK, AppLovin requires you to correctly set flags that indicate whether users located in certain geographic areas, including in the European Union, European Economic Area, United Kingdom, and Switzerland (collectively, the “European Countries”), have provided opt-in consent for the collection and use of personal data for interest-based advertising. AppLovin also requires you to set flags indicating whether users are in an age-restricted category or if users from certain states have opted out of sale of their information.

When you initialize the AppLovin SDK, the SDK records the values that you have set in the “Privacy States” fields—“Age Restricted User”, “Has User Consent”, and “Do Not Sell”—to the log. Because the AppLovin SDK records these “Privacy States” fields at initialization, you must set these values before you initialize the AppLovin SDK. This helps ensure that the “Privacy States” fields are set correctly. Please refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.

If the user consents to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user revokes consent to interest-based advertising.

• [ALPrivacySettings setHasUserConsent: YES];

• ALPrivacySettings.setHasUserConsent(true)

If the user does not consent to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.

• [ALPrivacySettings setHasUserConsent: NO];

• ALPrivacySettings.setHasUserConsent(false)

You must ensure you have set the consent flag correctly. If you set the consent flag correctly, the “Has User Consent” value shown in the logs will be either “true” or “false.” As described above, after you set the consent value, AppLovin will continue to respect that value for the lifetime of your application or until the consent value changes.

Refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.

AppLovin MAX supports your handling of consent values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on GDPR-supported network SDKs. Please consult with your network partner to determine the correct GDPR-supported SDK versions.

AppLovin MAX does not support your handling of consent values on behalf of Meta, Inc. You must work directly with Meta to determine any support Meta may provide for purposes of GDPR compliance.

For more details regarding age-related flags, see the section below entitled “Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Directed to, Children”.

TCF v2.0 Consent

If you have implemented a CMP (Consent Management Platform) that is compliant with IAB TCF v2.0 (Transparency & Consent Framework) for your user consent flow, AppLovin supports sending the TCF v2.0 strings as follows:

For Amazon, Criteo, Google, inMobi, and Smaato

AppLovin supports SDKs reading TCF v2.0 consent strings from NSUserDefaults or SharedPreferences. The consent string is passed automatically to these networks and you do not have to do any additional configuration to make this happen.

For BidMachine, Ogury, and DT Exchange

AppLovin supports sending the TCF v2.0 consent strings to each network via adapters. Compatible adapter and SDK versions can be found on the individual network adapter changelogs. Please contact the network partner for more information.

Smaato started receiving traffic from European Countries on August 1st, 2022 on compatible SDK/adapter versions. Google, Amazon, and DT Exchange continue to receive traffic from European Countries. If you do not want to send traffic from European Countries to these networks, you can use MAX ad unit geo targeting to exclude desired countries. Please see below:

Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Exclusively Directed to, Children

To help ensure compliance with COPPA, GDPR, other age-related requirements, and the Apple App Store and Google Play Store policies, you must indicate whether a user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws). If you know that the user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:

• [ALPrivacySettings setIsAgeRestrictedUser: YES];

• ALPrivacySettings.setIsAgeRestrictedUser(true)

If you know that the user does not fall within an age-restricted category (i.e., age 16 or older, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:

• [ALPrivacySettings setIsAgeRestrictedUser: NO];

• ALPrivacySettings.setIsAgeRestrictedUser(false)

As explained in AppLovin’s Terms of Use Agreement and Policies for Publishers, AppLovin does not knowingly collect personal information from children or serve ads to children. Apps exclusively designed for, or exclusively directed to, children—for example, iOS Apps in the “Kids” category—may not use the AppLovin SDK.

Again, AppLovin encourages you to review the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these age-related flags.

Multi-State Consumer Privacy Laws

California and Virginia laws may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in those states opt out of interest-based advertising or a sale or share of personal information for interest-based advertising. If a user does not opt out in these ways, set the do-not-sell flag accordingly:

• [ALPrivacySettings setDoNotSell: NO];

• ALPrivacySettings.setDoNotSell(false)

If a user does opt out of interest-based advertising, set the do-not-sell flag accordingly:

• [ALPrivacySettings setDoNotSell: YES];

• ALPrivacySettings.setDoNotSell(true)

AppLovin MAX supports your handling of opt-out values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on supported network SDKs. Please consult with your network partner to determine the correct SDK versions.

For those networks on whose behalf MAX does not support your handling of opt-out values, you must work directly with the network to determine any support those networks may provide for purposes of your obligations for multi-state compliance.

Meta Audience Network Data Processing Options for Users in California

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Meta for Developers documentation.