Privacy

Consent, Age-Related Flags, and Data APIs

When you use the AppLovin SDK, you are responsible for complying with applicable privacy regulations. If you collect and/or transmit personally identifiable information on your own, you are responsible for protecting and managing that data. Similarly, you are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin, whether you are using your own consent mechanism or a third-party API. AppLovin provides developer APIs for passing applicable consent and age-related flags.

Best practices:

This framework helps facilitate compliance with the General Data Protection Regulation (“GDPR”), certain multi-state privacy requirements as they go into effect, and various children data restrictions under GDPR, COPPA, and App Store policies. However, consent and privacy requirements may extend beyond these circumstances and should be applied accordingly.

Consent and Age-Related Flags in GDPR and Other Regions

You are fully responsible for correctly collecting and passing consent values and age-related flags to AppLovin whether you are using your own or a third-party party solution.

When you use the AppLovin SDK, AppLovin requires you to correctly set flags that indicate whether users located in certain geographic areas, including in the European Union, European Economic Area, United Kingdom, and Switzerland (collectively, the “European Countries”), have provided opt-in consent for the collection and use of personal data for interest-based advertising. AppLovin also requires you to set flags indicating whether users are in an age-restricted category or if users from certain states have opted out of sale of their information.

When you initialize the AppLovin SDK, the SDK records the values that you have set in the “Privacy States” fields—“Age Restricted User”, “Has User Consent”, and “Do Not Sell”—to the log. Because the AppLovin SDK records these “Privacy States” fields at initialization, you must set these values before you initialize the AppLovin SDK. This helps ensure that the “Privacy States” fields are set correctly. Please refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.

If the user consents to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user revokes consent to interest-based advertising.

  • [ALPrivacySettings setHasUserConsent: YES];
  • ALPrivacySettings.setHasUserConsent(true)

If the user does not consent to interest-based advertising, set the user consent flag accordingly, and start requesting ads through the AppLovin SDK. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.

  • [ALPrivacySettings setHasUserConsent: NO];
  • ALPrivacySettings.setHasUserConsent(false)

You must ensure you have set the consent flag correctly. If you set the consent flag correctly, the “Has User Consent” value shown in the logs will be either “true” or “false.” As described above, after you set the consent value, AppLovin will continue to respect that value for the lifetime of your application or until the consent value changes.

Refer to the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these values.

MAX Mediation Debugger. Age Restricted User: false. Has User Consent: true. “Do Not Sell”: false.

AppLovin MAX supports your handling of consent values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on GDPR-supported network SDKs. Please consult with your network partner to determine the correct GDPR-supported SDK versions.

AppLovin MAX does not support your handling of consent values on behalf of Meta, Inc. You must work directly with Meta to determine any support Meta may provide for purposes of GDPR compliance.

For more details regarding age-related flags, see the section below entitled “Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Directed to, Children”.

TCF v2 Consent

When you use a Consent Management Platform (CMP), you must wait until the CMP establishes consent status before you initialize the MAX SDK. If you are accessing Google demand through MAX, it’s critical that you review the Google CMP requirements before you start the integration process.

If you have implemented a CMP (Consent Management Platform) that is compliant with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, AppLovin supports sending the TCF v2 strings as follows:

For Amazon, Criteo, Google, inMobi, Smaato, and Verve
AppLovin supports SDKs reading TCF v2 consent strings from NSUserDefaults or SharedPreferences. The consent string is passed automatically to these networks and you do not have to do any additional configuration to make this happen.
For BidMachine, MobileFuse, Ogury, and DT Exchange
AppLovin supports sending the TCF v2 consent strings to each network via adapters. Compatible adapter and SDK versions can be found on the individual network adapter changelogs. Please contact the network partner for more information.
For Mintegral
On adapter versions 7.5.1.0.0 or above, the SDK automatically reads the TCF v2 consent strings from NSUserDefaults or SharedPreferences. On other adapter versions, the MAX SDK checks the consent status in the TCF v2 string and passes the consent state to the network through the adapter.

Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Exclusively Directed to, Children

To help ensure compliance with COPPA, GDPR, other age-related requirements, and the Apple App Store and Google Play Store policies, you must indicate whether a user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws). If you know that the user falls within an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:

  • [ALPrivacySettings setIsAgeRestrictedUser: YES];
  • ALPrivacySettings.setIsAgeRestrictedUser(true)

If you know that the user does not fall within an age-restricted category (i.e., age 16 or older, or as otherwise defined by applicable laws), you must set the age-restricted user flag accordingly:

  • [ALPrivacySettings setIsAgeRestrictedUser: NO];
  • ALPrivacySettings.setIsAgeRestrictedUser(false)

As explained in AppLovin’s Terms of Use Agreement and Policies for Publishers, AppLovin does not knowingly collect personal information from children or serve ads to children. Apps exclusively designed for, or exclusively directed to, children—for example, iOS Apps in the “Kids” category—may not use the AppLovin SDK.

Again, AppLovin encourages you to review the Mediation Debugger or the section marked “Privacy States” in the logs to verify that you have correctly set these age-related flags.

Multi-State Consumer Privacy Laws

State laws in the United States may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in the relevant states opt out of interest-based advertising or the sale or share of personal information for interest-based advertising. If a user does not opt out in these ways, set the do-not-sell flag accordingly:

  • [ALPrivacySettings setDoNotSell: NO];
  • ALPrivacySettings.setDoNotSell(false)

If a user does opt out of interest-based advertising, set the do-not-sell flag accordingly:

  • [ALPrivacySettings setDoNotSell: YES];
  • ALPrivacySettings.setDoNotSell(true)

AppLovin MAX supports your handling of opt-out values on behalf of supported mediation partners. MAX shares these set consent values via adapters. You must be on supported network SDKs. Please consult with your network partner to determine the correct SDK versions.

For those networks on whose behalf MAX does not support your handling of opt-out values, you must work directly with the network to determine any support those networks may provide for purposes of your obligations for multi-state compliance.

Meta Audience Network Data Processing Options for Users in California

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Meta for Developers documentation.