Privacy

Consent, Other Applicable Flags, and Data APIs

When you use the AppLovin SDK, you are responsible for complying with applicable privacy regulations. If you collect and/or transmit personally identifiable information, you are responsible for protecting and managing that data.

You are fully responsible for correctly collecting consent values and other applicable flags and for passing those to AppLovin. This is true whether you use your own consent mechanism or a third-party API. MAX provides APIs with which you pass consent and other applicable flags to AppLovin.

Best practices:

• Solicit your own legal advice. Nothing in this document should be construed as legal advice.
• Read and understand AppLovin Policies for Publishers, AppLovin’s Privacy Policy, and integration guides offered by AppLovin.
• List AppLovin in your privacy policy as a third-party that collects data. Include a link to AppLovin in your privacy policy.

This framework helps facilitate compliance with:

• The General Data Protection Regulation (“GDPR”) and laws of similar effect
• Certain U.S. multi-state privacy requirements
• Data restrictions under GDPR, COPPA, and App Store policies

However, consent and privacy requirements may extend beyond these. You should apply them accordingly and based on the jurisdiction(s) of your users.

Consent and Other Applicable Flags in GDPR and Other Regions

When you use the AppLovin SDK, AppLovin requires you to correctly set certain consent values and other applicable flags and to send those to AppLovin. You are fully responsible for correctly collecting and sending these values and flags. This is true whether you use your own consent mechanism or a third-party API.

Some of these flags indicate whether users from certain locations provided opt-in consent to collect and use their personal data for interest-based advertising. These locations include the European Union, European Economic Area, United Kingdom, and Switzerland.

Another flag indicates whether users from certain U.S. states opted out of the sale of their information.

When you initialize the AppLovin SDK, the SDK records the values that you set in the “Privacy States” fields to the log. These fields include “Has User Consent” and “Do Not Sell”. Because the AppLovin SDK records the values of these fields when the SDK initializes, you must set these values before you initialize the AppLovin SDK. This ensures that the fields are set and passed to AppLovin correctly. Refer to the Mediation Debugger or to the section marked “Privacy States” in the logs to verify that you correctly set these values.

If the user consents to interest-based advertising, set the user consent flag accordingly, then initialize the AppLovin SDK, and start requesting ads. After you set the consent value for a particular user, AppLovin will continue to respect that value for the lifetime of your application or until the user revokes consent to interest-based advertising.

Blueprint

C++

UAppLovinMAX::SetHasUserConsent(true);

If the user does not consent to interest-based advertising, set the user consent flag accordingly, then initialize the AppLovin SDK and start requesting ads. After you set the consent value for a user, AppLovin respects that value for the lifetime of your application or until the user consents to interest-based advertising.

Blueprint

C++

UAppLovinMAX::SetHasUserConsent(false);

You must verify that you set the consent flag correctly. If you set the consent flag correctly, the “Has User Consent” value shown in the logs (under “Privacy States”) is either “true” or “false”. You can also check the value of the consent flag in the Mediation Debugger. As described above, after you set the consent value, AppLovin respects that value for the lifetime of your application or until the consent value changes.

AppLovin MAX helps you handle consent values on behalf of supported mediation partners. MAX shares these consent values via adapters. To do this, you must use GDPR-supported network SDKs. Consult with your network partner to determine which of their SDK versions support GDPR.

AppLovin MAX does not support your handling of consent values on behalf of Meta, Inc. You must work directly with Meta to determine what support Meta provides for GDPR compliance.

As explained in AppLovin’s Terms of Use and Policies for Publishers, you may not provide AppLovin with children data or cause that information to be provided via a third party. As of SDK versions 13.0.0 and later, you may not initialize or use the AppLovin SDK in any way or otherwise use the AppLovin Services in connection with a “child” as defined under applicable laws. For more details, see the section below entitled “Prohibition on Children Data or Using the Services for Children or Apps Exclusively Targeted to Children”.

TCF v2 Consent

Note

As of AppLovin MAX SDK version 12.0.0, if you use Google’s CMP (UMP), MAX handles CMP integration. It also ensures that the consent status is established correctly when you initialize the SDK. See “Google UMP Automation” for more details. However, if you use a different CMP, you must perform this integration yourself. You must also ensure that the CMP establishes consent status correctly before you initialize the SDK.

Important

If you access Google demand through MAX, it is critical that you review the Google CMP requirements before you start the integration process.

If you implement a CMP that complies with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, MAX sends the TCF v2 strings to networks in the following ways:

For Amazon, BidMachine (Android), Google, inMobi, Ogury, Smaato, Verve, and YSO Network

These SDKs read the TCF v2 consent strings from NSUserDefaults or SharedPreferences. You do not have to do any additional configuration to make this happen.

For BidMachine (iOS), DT Exchange (versions 8.2.7.0+), and MobileFuse

MAX SDK sends the TCF v2 consent strings to each network via adapters. You can find compatible adapter and SDK versions on the individual network adapter changelogs. Contact the network partner for more information.

For DT Exchange (versions before 8.2.7.0)

MAX SDK checks the consent status in the TCF v2 consent string. It then passes the consent state to the network via the adapter.

For AppLovin, Chartboost, IronSource, Liftoff Monetize, LINE, and Unity Ads

If you use Google UMP as your CMP, the MAX SDK leverages Google UMP’s Additional Consent (AC) Mode. MAX sends the consent states to each network via the adapter, in the AC string. If you do not use Google UMP as your CMP, contact your CMP provider to learn how to send the consent state to these networks.

For Meta Audience Network

If you use Google UMP as your CMP, you can read the consent state by following their Additional Consent Mode guide. Then you can forward the consent state to their SDK. For specific instructions, see “Meta Audience Network Data Processing Options”. If you do not use Google UMP as your CMP, contact your CMP provider to learn how to send the consent state to Meta Audience Network.

For Mintegral

On adapter versions 16.5.71.0 (Android)/7.5.1.0.0 (iOS) or above, the SDK automatically reads the TCF v2 consent strings from NSUserDefaults or SharedPreferences. On other adapter versions, the MAX SDK checks the consent status in the TCF v2 string and passes the consent state to the network through the adapter.

For custom networks and networks that are not compliant with TCF v2

These networks are in the final waterfall. However MAX does not pass any consent flags to them via the adapter.

Prohibition on Children Data or Using the Services for Children or Apps Exclusively Targeted to Children

As explained in AppLovin’s Terms of Use and Policies for Publishers, you may not provide AppLovin with children data or cause that information to be provided via a third party. As of SDK versions 13.0.0 and later, you may not initialize or use the AppLovin SDK in any way or otherwise use the AppLovin Services in connection with a “child” as defined under applicable laws. For example, in mixed-audience apps or “everyone” apps—i.e., apps whose users may include children—if a particular user of your app qualifies as a “child,” the AppLovin SDK should not be initialized or used in any way.

Consistent with these requirements, as of Android/iOS SDK versions 13.0.0, setIsAgeRestrictedUser, is no longer supported as the SDK may not be initialized or used in any way if the user qualifies a “child.” Developers should update their apps to the latest SDK to comply with AppLovin’s policies.

In addition, you cannot use AppLovin Services in apps exclusively designed for, or exclusively directed to, children. For example, iOS Apps in the “Kids” category and Google Play apps that target children and are required to follow Families Ads & Monetization Policy requirements may not use the AppLovin Services at all. AppLovin does not knowingly collect personal information from children or serve advertisements to children.

You can find additional examples in the following table:

App Category	Required Actions
Apps directed to “children,” such as iOS apps in the “kids” categories	You may not use the AppLovin Services at all.
Apps directed to mixed audiences, including “children”	You may not initialize any AppLovin SDK or use the AppLovin Services in connection with any user who qualifies as a “child” under applicable law.
Apps directed to a general audience	You may not initialize any AppLovin SDK or use the AppLovin Services in connection with any user who qualifies as a “child” under applicable law.

For SDK versions earlier than 13.0.0, you must indicate whether a user qualifies as a “child” under applicable laws. This is required so that you can comply with COPPA, GDPR, other age-related requirements, and the Apple App Store and Google Play Store policies. If the user qualifies as a “child” under applicable laws, set the age-restricted user flag this way before initializing or using the AppLovin SDK:

Blueprint

C++

UAppLovinMAX::SetIsAgeRestrictedUser(true);

If the user does not qualify as a “child” under applicable laws, set the age-restricted user flag this way before initializing or using the AppLovin SDK:

Blueprint

C++

UAppLovinMAX::SetIsAgeRestrictedUser(false);

AppLovin encourages you to verify that you correctly set these age-related flags. You can do this in the Mediation Debugger. You can also do this by reviewing the section marked “Privacy States” in the logs.

As explained above, as of SDK versions 13.0.0 and later, you may not initialize or use the AppLovin SDK in any way or otherwise use the AppLovin Services in connection with a “child” as defined under applicable laws, and the age-restricted user flags will no longer be supported. In addition, AppLovin does not knowingly collect personal information from children or serve ads to children and you may not use the AppLovin Services in connection with apps exclusively designed for or exclusively directed to children

Multi-State Consumer Privacy Laws

State laws in the United States may require you to display a “Do Not Sell or Share My Personal Information” link to users in those states, or to provide other options through which those users can opt out of interest-based advertising. Such users can opt out of both interest-based advertising and the sale or sharing of their personal information for the purpose of interest-based advertising. You must set a flag for users from those states that indicates whether those users opt out in this way. If a user does not opt out in these ways, set the do-not-sell flag this way before initializing or using the AppLovin SDK:

Blueprint

C++

UAppLovinMAX::SetDoNotSell(false);

If a user does opt out of interest-based advertising, set the do-not-sell flag this way:

Blueprint

C++

UAppLovinMAX::SetDoNotSell(true);

AppLovin MAX helps you handle opt-out values on behalf of some mediation partners. MAX shares these values via adapters. This only works if you use supported network SDKs. Consult with your network partner to determine the correct SDK versions.

There are some networks for which MAX does not support your handling of opt-out values. For these, you must work directly with the network partner.

Meta Audience Network Data Processing Options for Users in California

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Meta for Developers documentation.

Google Play Families Policy (Android)

This section concerns updates to the Google Play Families Policy. Your designation under the Google Play Families Policy impacts whether you may initialize or use the AppLovin SDK. You can find complete details on Google Play’s Policy Center.

Who does this policy apply to?

According to Google, if you serve ads in your app and your target audience includes only children, then you must use only Families Self-Certified Ads SDKs.

If the target audience for your app includes both children and older users, then you must comply with Google Play Families Policy. You must also ensure that those ads that are shown to children come exclusively from Families Self-Certified Ads SDKs.

What does this mean for your use of the AppLovin SDK and MAX?

As explained in AppLovin’s Terms of Use and Policies for Publishers, you may not provide AppLovin with children data or cause that information to be provided via third party. In addition, you cannot use the AppLovin Services in apps exclusively designed for, or exclusively directed to, children. AppLovin does not knowingly collect personal information from children or serve advertisements to children.

As explained above, as of SDK versions 13.0.0 and later, you may not initialize or use the AppLovin SDK in any way or otherwise use the AppLovin Services in connection with a “child” as defined under applicable laws.

In mixed-audience apps or “everyone” apps—apps whose users may include children—if a particular user of your app qualifies as a “child,” the AppLovin SDK should not be initialized or used in any way.

Requirements

If your app is designed primarily for children under the age of 13:

Google Play requires that you participate in the Designed for Families program and show ads to children exclusively from Families Self-Certified Ads SDKs.

You must also comply with Google Play’s Families Policy Requirements.

You cannot use AppLovin Services in any way in apps exclusively directed to children. See AppLovin’s Terms of Use.

If your app is designed for everyone, including children:

You must adhere to Google Play’s Families Policy Requirements.

If a particular user of your app qualifies as a “child,” the AppLovin SDK should not be initialized or used in any way. For additional information, see “Prohibition on Children Data or Using the Services for Children or Apps Exclusively Targeted to Children” above.

If your app is not designed for children:

You still must meet the requirements outlined in the Google Play Developer Program Policies and Developer Distribution Agreement.

If a particular user of your app qualifies as a “child,” the AppLovin SDK should not be initialized or used in any way. For additional information, see “Prohibition on Children Data or Using the Services for Children or Apps Exclusively Targeted to Children” above.

For more information about the Families Policy, including tips on how to determine the target audience for your app, review Google Play’s Policy Center.