SDK Data Processing and Compliance

When you hear ‘advertising SDK,’ do you immediately think ‘security and privacy risk’?

We hear this concern often when we’re talking to publishers. So, we wanted to set the record straight on what types of data we collect through our SDK, and our data privacy regulation compliance.

We are a data processor, meaning we accept data from the app publisher, and transfer it to the advertiser, and vice-versa. We do not interpret, analyze or create profiles from the data.

All data that we process is passed through HTTPS, ensuring the data is secure and properly encrypted. This minimizes the risk of bad actors intercepting the data, or data leakage.

We are compliant with IAB’s TCF 2.0 (IAB’s GDPR Transparency and Consent Framework), IAB CCPA Compliance Framework for Publishers and Technology companies (CCPA), and have our IAB Open Measurement SDK Integration Certification. 

We’re aligned with data privacy regulations that apply to countries where we do business: GDPR, COPPA, CCPA, and support the DoNotTrack signal. Our privacy policy, terms of use, and security policy provide the specifics, as well as the outline of our GDPR compliance.

We process the following user data from our publishers:

Device data:

• Operating system
• Make (phone brand)
• Model
• OS Version
• Connection type
• CPU Model
• CPU Vendor

User Data:

• IAB Compliance Data
• CCPA Opt-Out
• GDPR consent
• Advertising IDs (with consent)
• Google Ad ID
• Apple IDFA
• Country
• IP Address
• Geo-parameters (lat/long)
• User Agent

We share the responsibility for data protection with our publisher partners. Our principles of transparency apply not only to our business model but to how we process data -- we know that properly securing user information is essential to growing your user base and preserving your brand’s reputation.

Have additional thoughts about advertising SDKs? Take our survey and tell us what you think.