At a glance: Limit or stop data-sharing with AppsFlyer to comply with privacy regulations like GDPR and CCPA.
Questions about AppsFlyer privacy: The privacy relationship between you and AppsFlyer is governed by the AppsFlyer Services Privacy Policy. For questions relating to this Services Privacy Policy or to contact our data protection officer, send a mail to: privacy@appsflyer.com. For purposes of Article 27 of the General Data Protection Regulation, the representative within the EU of AppsFlyer is AppsFlyer Germany GmbH, Schönhauser Allee 180, 10119 Berlin, Germany (contact privacy@appsflyer.com; +49-30-166373500).
Opt-in and opt-out scenarios
- The AppsFlyer SDK embedded in apps can be set to:
- Opt-out: stop or limit data collection.
- Opt-in: after opting-out, resume data collection.
- The app developer and marketer, after considering the regulatory and business requirements, implement opt-in/opt-out as detailed in this article.
- Use opt-out to:
- Comply with regulations like GDPR and CCPA that prohibit or restrict data collection.
- Complete opt-out: stop collecting any attribution data.
- Partial opt-out: send some data or anonymize the data sent.
- Selective opt-out: based on specific regulations or age of the app user.
- Use opt-in: To switch opt-out to opt-in.
Opting-out users
Opt-out can take place at a number of different levels depending on regulatory and user requirements. Follow the appropriate flow using an opt-out scenario as detailed. Do this to ensure compliance with opt-out requests and in order to continue collecting attribution data where appropriate.
In scenarios where opt-out is enabled, the AppsFlyer ID is hashed.
Scenarios
Opt-out at installation
When: Upon the first launch (Example, COPPA compliance)
What: The app requires the user's agreement to perform event recording during all sessions. If the user consents to recording (for example, user above a certain age) the app calls the SDK start method. Otherwise, the start method should not be called.
Caution
Don't use stop if start was never called.
How: The start method should always be called at the session start of opted-in users, but shouldn't be called for opted-out users. In addition, in-app events cannot be sent for users who have never opted-in, as they are regarded as coming from unknown users and go to organic.
Therefore, for apps, we recommend that enable Installation opt-out, has a permanent flag parameter that shows if start was called beforehand or not. This flag should ALWAYS be checked before calling start or logEvent methods are called.
Data sent to AppsFlyer: No data is sent. If the user subsequently opts-in attribution and session data are sent from the time start is called.
Example
com.carefulapp requires users to register upon installing. The form includes a checkbox: "I'm over age 13". Dev the developer added a flag called is_tracking, which becomes true only for registrations that have this box checked, and then activates start.
Code sample example here.
Prevent data sharing with third parties
When: Every time the SDK is initialized.
What: A user can request to opt-out of sharing their data with 3rd parties. By activating this option in the AppsFlyer SDK BEFORE the first start call, the following applies to the whole session:
- Users from SRNs are attributed as Organic, and their data is not shared with your integrated partners.
- Users from click ad networks (non-SRNs) are attributed correctly in AppsFlyer, but not shared with the ad networks via postbacks, APIs, raw data reports, or any other method.
How:
To prevent event data sharing via:
- SDK (Android, iOS—starting with SDK V6.4+):
- Prevent one or more specified media sources (or all media sources) from receiving the event: Use
setSharingFilterForPartnersSDK method.
- Prevent one or more specified media sources (or all media sources) from receiving the event: Use
- S2S API:
- Send the S2S sharing_filter parameter
Data sent to AppsFlyer: Data is sent and stored in AppsFlyer, but never shared with AppsFlyer integrated partners.
Example
com.to.california is a travel app for California theme parks. To be CCPA compliant, if a resident of California submits an opt-out request, the app notifies AppsFlyer not to share the user event data with third-parties.
Session opt-out
When: On every app launch.
What: All app sessions require user agreement to perform event and data recording during a session.
How: For the Session opt-out scenario, the first SDK call comes after the user agrees or refuses that data be sent from their device:
- If the user agrees to send data, the
startmethod should be called. - If the user refuses that data be sent, don't call
start.
Data sent to AppsFlyer depends on the opt-out status of each session as follows:
- Opt-out session: No data is sent.
- Opt-in session: All session data is sent. Note: Attribution data is sent the first time the user opts-in.
Example
com.adultsplay is a casual gaming app for adults over 18 years old. It doesn't require users to register, but it does require their confirmation of age with every new launch. Sessions, where the users confirm they're over 18, get the full gaming experience and are recorded, while otherwise no recording is carried out.
Dev the developer added a flag called is_tracking, which becomes true only for sessions that confirm age 18. If this flag is true, the start method is called. Otherwise, start isn't called.
One-time opt-out
When: Anytime (GDPR)
What: The app owner collects attribution and post-install data. The user requests to stop further collection of data, for example, in compliance with a GDP request GDPR.
How: Don't call start and then directly call stop!
Instead, on the first launch use the start method with the requestListener. Upon successful completion, in the callback function call stop.
On all the following sessions don't call start.
Data sent to AppsFlyer: Install and session data is sent to AppsFlyer. No data is sent to AppsFlyer after the stop method is called.
Example
com.watchmegrow is a plant growth viewing app, where users watch growing plants and mobile ads. The app owner wants to keep all in-app activities data secret.
On the first launch, Dev the developer calls start method with the requestListener. When receiving a successful completion, calls stop from the callback function and sets a persistent parameter is_first_launch to false. On following launches, Dev checks if is_first_launch is false, and then skips start.
Code sample example here
Record install and anonymize
When: Upon the first launch
What: The app owner wants to collect all attribution data, and then wants to collect all subsequent information, such as in-app events or sessions data, as unattributed organic data. Post-installation, all device IDs are anonymized when sent to AppsFlyer from the SDK.
How: Don't call start and then directly call stop!
Instead, on the first launch use the start method with the requestListener. Upon successful completion, in the callback function call anonymizeUser(true).
Data sent to AppsFlyer:
- On install: Complete attribution data is sent to AppsFlyer.
- After install: In-app events data and session data are sent to AppsFlyer without attribution data. Upon receipt, the user identifier is anonymized and the AppsFlyer ID and IP address are hashed. The following image shows an example of anonymized and hashed data.
Example
The app owner of the com.munistic app believes all users are born equal and prefers to see all their post-install actions as organic only.
On the first launch, Dev the developer calls start method with the requestListener. When receiving a successful completion, calls anonymizeUser(true) from the callback function.
Opting-out of retargeting campaigns
Consider excluding opted-out users from retargeting campaigns. These users are likely to complain about being retargeted having opted out.
When manually running retargeting campaigns, targeted at active users, make sure to remove the opted-out users from the lists sent to media sources lists.
Alternately, if you're using AppsFlyer Audiences, to build your audience lists and send them to media sources, opted-out users are excluded from the lists sent to media sources.
stop API and deep linking
Using the stop API stops all external communication by the AppsFlyer SDK embedded in the app.
Therefore, after calling stop, shortened links are no longer decoded by the AppsFlyer SDK. This means that any shortened link does not generate the call to onAppOpenAttribution, and deep linking isn't performed correctly.
If your app has a relatively high percentage of opted-out users and you plan some retargeting campaigns for your users, use long links, and avoid using shortened links.
Restarting the SDK function
When an opted-out user agrees to opt-in call the start method to restart the SDK and begin recording attribution data.
Strict mode SDK (iOS only)
Sometimes developers prefer to submit their apps without any reference to the AdSupport framework and IDFA collection in their code. In such cases, use the Strict mode SDK.