Skip to content

Privacy

When you use the AppLovin SDK, you are responsible for complying with applicable privacy regulations. If you collect and/or transmit personally identifiable information, you are responsible for protecting and managing that data.

You are fully responsible for correctly collecting consent values and age-related flags and for passing those to AppLovin. This is true whether you use your own consent mechanism or a third-party API. MAX provides APIs with which you pass applicable consent and age-related flags to AppLovin.

Best practices:

This framework helps facilitate compliance with:

  • The General Data Protection Regulation (“GDPR”)
  • Certain multi-state privacy requirements
  • Children’s data restrictions under GDPR, COPPA, and App Store policies

However, consent and privacy requirements may extend beyond these. You should apply them accordingly.

When you use the AppLovin SDK, AppLovin requires you to correctly set certain consent values and age-related flags and to send those to AppLovin. You are fully responsible for correctly collecting and sending these values and flags. This is true whether you use your own consent mechanism or a third-party API.

Some of these flags indicate whether users from certain locations provided opt-in consent to collect and use their personal data for interest-based advertising. These locations include the European Union, European Economic Area, United Kingdom, and Switzerland.

Another flag indicates whether a user is in an age-restricted category. Another flag indicates whether users from certain states opted out of sale of their information.

When you initialize the AppLovin SDK, the SDK records the values that you set in the “Privacy States” fields to the log. These fields are “Age Restricted User”, “Has User Consent”, and “Do Not Sell”. Because the AppLovin SDK records the values of these fields when the SDK initializes, you must set these values before you initialize the AppLovin SDK. This ensures that the fields are set correctly. Refer to the Mediation Debugger or to the section marked “Privacy States” in the logs to verify that you correctly set these values.

If the user consents to interest-based advertising, set the user consent flag accordingly, initialize the AppLovin SDK, and start requesting ads. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user revokes consent to interest-based advertising.

AppLovinMAX.setHasUserConsent(true);

If the user does not consent to interest-based advertising, set the user consent flag accordingly. Then start requesting ads through the AppLovin SDK. After you set the consent value for a user, AppLovin respects that value for the lifetime of your application or until the user consents to interest-based advertising.

AppLovinMAX.setHasUserConsent(false);

You must verify that you set the consent flag correctly. If you set the consent flag correctly, the “Has User Consent” value shown in the logs (under “Privacy States”) is either “true” or “false”. You can also check the value of the consent flag in the Mediation Debugger. As described above, after you set the consent value, AppLovin respects that value for the lifetime of your application or until the consent value changes.

MAX Mediation Debugger. Age Restricted User: false. Has User Consent: true. Do Not Sell: false.MAX Mediation Debugger. Tracking Authorization Status: Authorized. Age Restricted User: false. Has User Consent: true. Do Not Sell: false.

AppLovin MAX helps you handle consent values on behalf of supported mediation partners. MAX shares these consent values via adapters. To do this, you must use GDPR-supported network SDKs. Consult with your network partner to determine which of their SDK versions support GDPR.

AppLovin MAX does not support your handling of consent values on behalf of Meta, Inc. You must work directly with Meta to determine what support Meta provides for GDPR compliance.

For more details regarding age-related flags, see the section below entitled “Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Directed to, Children”.

If you implement a CMP that complies with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, MAX sends the TCF v2 strings to networks in the following ways:

For Amazon, BidMachine (Android), Google, inMobi, Ogury, Smaato, and Verve
These SDKs read the TCF v2 consent strings from NSUserDefaults or SharedPreferences. You do not have to do any additional configuration to make this happen.
For BidMachine (iOS), DT Exchange (versions 8.2.7.0+), and MobileFuse
MAX SDK sends the TCF v2 consent strings to each network via adapters. You can find compatible adapter and SDK versions on the individual network adapter changelogs. Contact the network partner for more information.
For DT Exchange (versions before 8.2.7.0)
MAX SDK checks the consent status in the TCF v2 consent string. It then passes the consent state to the network via the adapter.
For AppLovin, Chartboost, IronSource, Liftoff Monetize, LINE, and Unity Ads
If you use Google UMP as your CMP, the MAX SDK leverages Google UMP’s Additional Consent (AC) Mode. MAX sends the consent states to each network via the adapter, in the AC string. If you do not use Google UMP as your CMP, contact your CMP provider to learn how to send the consent state to these networks.
For Meta Audience Network
If you use Google UMP as your CMP, you can read the consent state by following their Additional Consent Mode guide. Then you can forward the consent state to their SDK. For specific instructions, see “Meta Audience Network Data Processing Options”. If you do not use Google UMP as your CMP, contact your CMP provider to learn how to send the consent state to Meta Audience Network.
For custom networks and networks that are not compliant with TCF v2
These networks are in the final waterfall. However MAX does not pass any consent flags to them via the adapter.

Prohibition on Ads to, and Personal Information from, Children and Apps Exclusively Designed for, or Exclusively Directed to, Children

You must indicate whether a user is in an age-restricted category (i.e., under the age of 16, or as otherwise defined by applicable laws). This is required so that you can comply with COPPA, GDPR, other age-related requirements, and the Apple App Store and Google Play Store policies. If you know that the user is in an age-restricted category, set the age-restricted user flag this way:

AppLovinMAX.setIsAgeRestrictedUser(true);
AppLovinSdk.getInstance( context ).initializeSdk(…);

If you know that the user is not in an age-restricted category, set the age-restricted user flag this way:

AppLovinMAX.setIsAgeRestrictedUser(false);
AppLovinSdk.getInstance( context ).initializeSdk(…);

As explained in AppLovin’s Terms of Use Agreement and Policies for Publishers, AppLovin does not knowingly collect personal information from children or serve ads to children. Apps exclusively designed for children, or apps exclusively directed to children—for example, iOS Apps in the “Kids” category—may not use the AppLovin SDK.

AppLovin encourages you to verify that you correctly set these age-related flags. You can do this in the Mediation Debugger. You can also do this by reviewing the section marked “Privacy States” in the logs.

Multi-State Consumer Privacy Laws

State laws in the United States may require you to display a “Do Not Sell or Share My Personal Information” link to users in those states, or to provide other options through which those users can opt out of interest-based advertising. Such users can opt out of both interest-based advertising and the sale or sharing of their personal information for the purpose of interest-based advertising. You must set a flag for users from those states that indicates whether those users opt out in this way. If a user does not opt out in these ways, set the do-not-sell flag this way:

AppLovinMAX.setDoNotSell(false);

If a user does opt out of interest-based advertising, set the do-not-sell flag this way:

AppLovinMAX.setDoNotSell(true);

AppLovin MAX helps you handle opt-out values on behalf of some mediation partners. MAX shares these values via adapters. This only works if you use supported network SDKs. Consult with your network partner to determine the correct SDK versions.

There are some networks for which MAX does not support your handling of opt-out values. For these, you must work directly with the network partner.

Meta Audience Network Data Processing Options for Users in California

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Meta for Developers documentation.