GDPR and CCPA

Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance

The General Data Protection Regulation, better known as GDPR, took effect on May 25, 2018. It’s a set of rules designed to give EU citizens more control over their personal data. Any businesses established in the EU or with users based in Europe are required to comply with GDPR or risk facing heavy fines. The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. We have put together some resources below to help publishers understand better the steps they need to take to be GDPR compliant.

You can learn more about GDPR and CCPA and their differences here.

Step 1: Update Privacy Policy

1.1 Make Sure Your Privacy Policy Includes Information About Advertising ID Collection.

Don’t forget to add information about IP address and advertising ID collection, as well as the link to Appodeal’s privacy policy to your app’s privacy policy in Google Play and App Store.

To speed up the process, you could use privacy policy generators —just insert advertising ID, IP address, and location (if you collect a user’ location) in the "Personally Identifiable Information you collect" field (in line with other information about your app) and the link to Appodeal’s privacy policy in "Link to the privacy policy of third party service providers used by the app".

1.2 Add A Privacy Policy To Your Mobile App.

You must add your explicit privacy policies in two places: your app’s Store Listing page and within your app.

You can find detailed instructions on adding your privacy policy to your app on legal service websites. For example, Iubenda, the solution tailored to legal compliance, provides a comprehensive guide on including a privacy policy in your app.

Make sure that your privacy policy website has an SSL-certificate—this point might seem to be obvious, but it’s still essential.

Here’s are two useful resources that you can utilyze while working on your app compliance:

Please note that although we’re always eager to back you up with valuable information, we’re not authorized to provide any legal advice. It’s important to address your questions to lawyers who work specifically in this area.

Step 2: Stack Consent Manager

In order for Appodeal and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent in the regions covered by GDPR and CCPA.

To get consent for collecting personal data of your users, we suggest you use a ready-made solution - Stack Consent Manager.

Stack Consent Manager comes with a pre-made consent window that you can easily present to your users. That means you no longer need to create your own consent window.

Starting from Appodeal SDK 3.0, Stack Consent Manager is included by default.

Consent will be requested automatically on SDK initialization, and consent form will shown if it is necessary without any additional calls.
In order to test Consent Manager you need to turn on VPN in EU or in California.

private void Start() 
{ 
	int adTypes = AppodealAdType.Interstitial | AppodealAdType.Banner | AppodealAdType.RewardedVideo | AppodealAdType.Mrec; 
	string appKey = "YOUR_APPODEAL_APP_KEY";
	AppodealCallbacks.Sdk.OnInitialized += OnInitializationFinished;
	Appodeal.Initialize(appKey, adTypes); 
} 
... 
#region Initialization Callback
public void OnInitializationFinished(object sender, SdkInitializedEventArgs e)
{
	Debug.Log("Initialization Finished");   
}
#endregion

Advanced

Custom Consent Logic

Stack Consent Manager is included in Appodeal SDK by default. Consent will be requested automatically on SDK initialization, and consent form will shown if it is necessary without any additional calls.
If you would like to customize consent managing logic, call the Appodeal update consent method before SDK initialization and pass the value of your received consent.

// Custom Consent logic 
... 
private void Init() 
{ 
	// Either 
	Appodeal.UpdateConsent(consentObj); 
	// OR 

	Appodeal.UpdateConsentGdpr(GdprUserConsent.Personalized); 
	// OR 
	Appodeal.UpdateConsentCcpa(CcpaUserConsent.OptIn);
	Appodeal.Initialize(appKey, adTypes); 
}

You can use this method to provide the GDPR/CCPA user consent for ad networks in Appodeal SDK anywhere in your application.

Manage Consent Manually

If you wish, you can manage and update consent manually using Stack Consent Manager calls.

Update Consent Status

Call requestConsentInfoUpdate() on an instance of ConsentManager:

private ConsentManager  _consentManager;
_consentManager = ConsentManager.GetInstance();
_consentManager?.RequestConsentInfoUpdate(AppKey, this);

Subscribe to the desired Consent Manager event using one of the options from this guide. (you can subscribe to any event you want)

You can use callbacks as shown below after:

public void YourMethod()
{
	ConsentManagerCallbacks.ConsentInfo.OnUpdated += OnConsentInfoUpdated;
	ConsentManagerCallbacks.ConsentInfo.OnFailedToUpdate += OnFailedToUpdateConsentInfo;
}

#region ConsentInfo Callbacks	
private void OnConsentInfoUpdated(object sender, ConsentEventArgs e)
{
	Debug.Log("Consent Info Updated");
}
private void OnFailedToUpdateConsentInfo(object sender, ConsentManagerExceptionEventArgs e)
{
	Debug.Log("Failed to update Consent Info");
}
#endregion

All returned errors are Exception instances with custom codes:

Code	Description
INTERNAL(1)	Error on the SDK side. Includes JS-bridge or encoding/decoding errors
NETWORKING(2)	HTTP errors, parse request/response
INCONSISTENT(3)	Incorrect SDK API usage

Consent manager SDK can be synchronized at any moment of the application lifecycle. We recommend synchronizing it at the application launch. Multiple synchronization calls are allowed.

If the consent information is successfully updated, the updated consent is provided via the OnConsentInfoUpdated() method.

Now you can receive information about the previous user consent and regulation zone. Before request these parameters are undefined.

// Get consent status  
_consentManager?.GetConsentStatus()

Consent Status	Definition
UNKNOWN	The user has neither granted nor declined consent for personalized or non-personalized ads.
NON_PERSONALIZED	The user has granted consent for non-personalized ads.
PARTLY_PERSONALIZED	The user has granted partly(for a few Ad networks) consent for personalized ads.
PERSONALIZED	The user has granted consent for personalized ads.

Update Consent Status

Call requestConsentInfoUpdate() on an instance of ConsentManager:

private ConsentManager  _consentManager;
_consentManager = ConsentManager.GetInstance();
_consentManager?.RequestConsentInfoUpdate(AppKey, this);

Extend your class with IConsentInfoUpdateListener:

YourClassName : IConsentInfoUpdateListener;

Now you can use use the following callback methods within your public class:

public void OnConsentInfoUpdated(IConsent consent)
{
	Debug.Log("onConsentInfoUpdated");
 	// User's consent status successfully updated.
    // Initialize the Appodeal SDK with the received Consent object here or show consent window
}

public void OnFailedToUpdateConsentInfo(IConsentManagerException error)
{
	Debug.Log($"onFailedToUpdateConsentInfo Reason: {error.getReason()}");
    // User's consent status failed to update.
}

All returned errors are Exception instances with custom codes:

Code	Description
INTERNAL(1)	Error on the SDK side. Includes JS-bridge or encoding/decoding errors
NETWORKING(2)	HTTP errors, parse request/response
INCONSISTENT(3)	Incorrect SDK API usage

Consent manager SDK can be synchronized at any moment of the application lifecycle. We recommend synchronizing it at the application launch. Multiple synchronization calls are allowed.

If the consent information is successfully updated, the updated consent is provided via the OnConsentInfoUpdated() method of the IConsentInfoUpdateListener .

Now you can receive information about the previous user consent and regulation zone. Before request these parameters are undefined.

// Get consent status  
_consentManager?.GetConsentStatus()

Consent Status	Definition
UNKNOWN	The user has neither granted nor declined consent for personalized or non-personalized ads.
NON_PERSONALIZED	The user has granted consent for non-personalized ads.
PARTLY_PERSONALIZED	The user has granted partly(for a few Ad networks) consent for personalized ads.
PERSONALIZED	The user has granted consent for personalized ads.

Update Consent Status

Call requestConsentInfoUpdate() on an instance of ConsentManager:

private ConsentManager consentManager;
consentManager = ConsentManager.getInstance();
consentManager?.requestConsentInfoUpdate(appKey, this);

Extend your class with IConsentInfoUpdateListener:

YourClassName : IConsentInfoUpdateListener;

Now you can use use the following callback methods within your public class:

public void onConsentInfoUpdated(Consent consent)
{
	Debug.Log("onConsentInfoUpdated");
 	// User's consent status successfully updated.
    // Initialize the Appodeal SDK with the received Consent object here or show consent window
}

public void onFailedToUpdateConsentInfo(ConsentManagerException error)
{
	Debug.Log($"onFailedToUpdateConsentInfo Reason: {error.getReason()}");
    // User's consent status failed to update.
}

All returned errors are Exception instances with custom codes:

Code	Description
INTERNAL(1)	Error on the SDK side. Includes JS-bridge or encoding/decoding errors
NETWORKING(2)	HTTP errors, parse request/response
INCONSISTENT(3)	Incorrect SDK API usage

Consent manager SDK can be synchronized at any moment of the application lifecycle. We recommend synchronizing it at the application launch. Multiple synchronization calls are allowed.

If the consent information is successfully updated, the updated consent is provided via the onConsentInfoUpdated() method of the I IConsentInfoUpdateListener .

Now you can receive information about the previous user consent and regulation zone. Before request these parameters are undefined.

// Get consent status  
consentManager.getConsentStatus()

Consent Status	Definition
UNKNOWN	The user has neither granted nor declined consent for personalized or non-personalized ads.
NON_PERSONALIZED	The user has granted consent for non-personalized ads.
PARTLY_PERSONALIZED	The user has granted partly(for a few Ad networks) consent for personalized ads.
PERSONALIZED	The user has granted consent for personalized ads.

Necessity of showing the consent window

After the onConsentInfoUpdated method was called, you need to determine if your users are subject to the GDPR and CCPA and whether you should show the consent window for the collection of personal data.

You can check whether to show a Consent Dialog or not. Before request these parameters are undefined(Unknown status)

// Get current ShouldShow status
_consentManager?.ShouldShowConsentDialog()

ShouldShow	Definition
TRUE	The user is within the scope of the GDPR or CCPA laws, the consent window should be displayed.
FALSE	The user is not within the scope of the GDPR or CCPA laws OR the consent window has already been shown.
UNKNOWN	The value is undefined(the requestConsentInfoUpdate method was not called).

// Get current ShouldShow status 
consentManager.shouldShowConsentDialog()

ShouldShow	Definition
TRUE	The user is within the scope of the GDPR or CCPA laws, the consent window should be displayed.
FALSE	The user is not within the scope of the GDPR or CCPA laws OR the consent window has already been shown.
UNKNOWN	The value is undefined(the requestConsentInfoUpdate method was not called).

Show Consent window

SDK allows calling consent window API only after request

After the SDK requests, you can build and load the consent window. Loading allowed in any regulation zone and independent from previous consent.

private ConsentForm _consentForm;
_consentForm = ConsentForm.GetInstance(this); 
_consentForm?.Load();

You can check that the consent window is ready or not

boolean loaded = _consentForm.IsLoaded();

After the consent window Is ready you can show it

if (_consentForm != null)
{
    _consentForm.Show();
}

After the first display of the consent window, the shouldShowConsentDialog method will return the value of ConsentShouldShow.FALSE in the next sessions

Handling presentation callbacks

public void YourMethod()
{
	ConsentManagerCallbacks.ConsentForm.OnLoaded += OnConsentFormLoaded;	
	ConsentManagerCallbacks.ConsentForm.OnExceptionOccurred += OnConsentFormExceptionOccurred;
	ConsentManagerCallbacks.ConsentForm.OnOpened += OnConsentFormOpened;
	ConsentManagerCallbacks.ConsentForm.OnClosed += OnConsentFormClosed;
}

#region ConsentForm Callbacks	
private void OnConsentFormLoaded(object sender, EventArgs e)
{
	Debug.Log("Consent Form loaded");   
}
private void OnConsentFormExceptionOccurred(object sender, ConsentManagerExceptionEventArgs e)
{
	Debug.Log("Consent Form Exception Occurred");
}
private void OnConsentFormOpened(object sender, EventArgs e)
{
	Debug.Log("Consent Form Opened");
}
private void OnConsentFormClosed(object sender, ConsentEventArgs e)
{
	Debug.Log("Consent Form Closed");
}
#endregion

private ConsentForm _consentForm;
_consentForm = ConsentForm.GetInstance(this); 
_consentForm?.Load();

You can check that the consent window is ready or not

boolean loaded = _consentForm.IsLoaded();

After the consent window Is ready you can show it

if (_consentForm != null)
{
    _consentForm.Show();
}

After the first display of the consent window, the shouldShowConsentDialog method will return the value of ConsentShouldShow.FALSE in the next sessions

Handling presentation callbacks
Extend your class with IConsentFormListener:

YourClassName : IConsentFormListener;

public void OnConsentFormLoaded() { print("ConsentFormListener - onConsentFormLoaded");}

public void OnConsentFormError(ConsentManagerException exception) { print($"ConsentFormListener - onConsentFormError, reason - {exception.getReason()}");}

public void OnConsentFormOpened() { print("ConsentFormListener - onConsentFormOpened");}

public void OnConsentFormClosed(Consent consent) { print($"ConsentFormListener - onConsentFormClosed, consentStatus - {consent.getStatus()}");}

private ConsentForm consentForm;
consentForm = ConsentForm.GetInstance(this);
consentForm?.load();

You can check that the consent window is ready or not

boolean loaded = consentForm.isLoaded();

After the consent window Is ready you can show it

if (consentForm != null)
{
    consentForm.show();
}

After the first display of the consent window, the shouldShowConsentDialog method will return the value of ConsentShouldShow.FALSE in the next sessions

Handling presentation callbacks

Extend your class with IConsentFormListener:

YourClassName : IConsentFormListener;

public void onConsentFormLoaded() { print("ConsentFormListener - onConsentFormLoaded");}

public void onConsentFormError(ConsentManagerException exception) { print($"ConsentFormListener - onConsentFormError, reason - {exception.getReason()}");}

public void onConsentFormOpened() { print("ConsentFormListener - onConsentFormOpened");}

public void onConsentFormClosed(Consent consent) { print($"ConsentFormListener - onConsentFormClosed, consentStatus - {consent.getStatus()}");}

Advanced

You can force consent manager to write iAB keys in SharedPreference by setting up storage property before the request to ConsentManager.Storage

SDK does not remove iAB keys from SharedPreference and only overrides them.

// Get manager
_consentManager = ConsentManager.GetInstance();
  // Set storage 
_consentManager.SetStorage(ConsentManagerStorage.SharedPreference);

You can register yourself as a vendor before request. Should be called before request.

Parameter	Type	Description
name	String	Display name. Will be displayed in the consent window
bundle	String	Custom string to check consent result for the vendor
policyUrl	String	Policy URL
purposeIds	Array of integers	iAB purposes ids array
featureIds	Array of integers	iAB features ids array
legitimateInterestPurposeIds	Array of integers	iAB leg int purposes ids array

// Get manager 
_consentManager = ConsentManager.GetInstance();
  // Create custom vendor 
var customVendor = new Vendor.Builder(
    "Appodeal Test",
    "com.appodeal.test",
    "https://customvendor.com")
    .SetPurposeIds(new List<int> {100, 200, 300})
    .SetFeatureIds(new List<int> {400, 500, 600})
    .SetLegitimateInterestPurposeIds(new List<int> {700, 800, 900})
    .Build();
 // Set custom vendor 
_consentManager?.SetCustomVendor(customVendor);  
// Get by bundle 
var vendor = _consentManager?.GetCustomVendor("com.appodeal.test");

HasConsent	Definition
TRUE	The vendor's consent value is true.
FALSE	The vendor's consent value is false.
UNKNOWN	The value is undefined(the requestConsentInfoUpdate method was not called).

You can force consent manager to write iAB keys in SharedPreference by setting up storage property before the request to ConsentManager.Storage

SDK does not remove iAB keys from SharedPreference and only overrides them.

// Get manager 
consentManager = ConsentManager.getInstance();
// Set storage 
consentManager.setStorage(ConsentManager.Storage.SHARED_PREFERENCE);

You can register yourself as a vendor before request. Should be called before request.

Parameter	Type	Description
name	String	Display name. Will be displayed in the consent window
bundle	String	Custom string to check consent result for the vendor
policyUrl	String	Policy URL
purposeIds	Array of integers	iAB purposes ids array
featureIds	Array of integers	iAB features ids array
legitimateInterestPurposeIds	Array of integers	iAB leg int purposes ids array

// Get manager 
consentManager = ConsentManager.getInstance();
// Create custom vendor 
var customVendor = new Vendor.Builder(
    "Appodeal Test",
    "com.appodeal.test",
    "https://customvendor.com")
    .setPurposeIds(new List<int> {100, 200, 300})
    .setFeatureIds(new List<int> {400, 500, 600})
    .setLegitimateInterestPurposeIds(new List<int> {700, 800, 900})
    .build(); 
// Set custom vendor 
consentManager?.setCustomVendor(customVendor);
// Get by bundle 
var vendor = consentManager?.getCustomVendor("com.appodeal.test");

HasConsent	Definition
TRUE	The vendor's consent value is true.
FALSE	The vendor's consent value is false.
UNKNOWN	The value is undefined(the requestConsentInfoUpdate method was not called).