Note: It’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for GDPR.

Q: What user-identifiable data is tracked by Appodeal?

We collect 4 categories of data:

  1. Device data — such as screen size, IP address, location (latitude and longitude), battery charge level, time zone, etc.
  2. We also collect app data, such as Bundle ID, store URL, session length, session ID.
  3. Ad data: impression count per session, click count, finish count, total impression count.
  4. User data (only when it’s passed by the publisher): gender, age, relationship status, interests.

Q: Will Appodeal collect consent from end users?

Since Appodeal isn’t the first party to speak to end-users, we require our publishers to request consent for us. You, as a publisher, have to pass a value of the consent to our SDK using a consent parameter in initialize() method.

Q: Do I have to request consent only from  EU users?

Officially, you’re only required to collect user consent within EEA, Switzerland and the UK. However, as global privacy laws are gradually changing as well, we recommend requesting consent from all users at once, irrespective of where they are located. For example, that will exclude a possible mistake of not collecting consent from EU residents who happen to be on vacation elsewhere.

Q: SDK will automatically detect user’s location in the EU and present a consent dialog. Is that correct?

Not exactly. We understand that a publisher may be using more than just Appodeal for their services, and collecting 10 or 20 separate consent results would simply ruin user experience. Therefore, our SDK will not send a consent dialog but will collect the consent answer given by an end user and send it back to Appodeal. We have shared this information as well as consent examples in our blog post.

Q: Should the consent dialog list all the third-party networks that Appodeal shares information with?

The text of the consent will be created by publishers, and we don’t recommend listing all the third-party networks within a consent window. We suggest redirecting users to your privacy policy which should include a link to the Appodeal website where we publish the list of third-party networks and demand partner and it’s available to the public.

Q: Will the consent dialog have to be re-displayed when new ad networks are added?

No. You don’t have to display the consent dialog again when Appodeal adds new partners. We will simply update the list on our website. However, if you add or change partners you are working with, make sure that you update this information on your website.

Q: Is there any way for a user to request their personally identifiable data to be removed from Appodeal and integrated ad networks?

Appodeal Privacy Policy has an opt-out link that can be used at any time, even if a consent result has been registered before.

Q: Should the consent dialog disclose the purpose of collecting data?

We recommend including this information.

Q: Should the consent dialog inform a user about how long their data will be saved for?

No, it is not required to include that information.

Q: Should the consent dialog match users’ language?

We recommend displaying the dialog in the main language of the app.

Q: How long is data held for (by Appodeal and integrated ad networks)?

GDPR states that personal data must be kept “no longer than is necessary for the purposes for which the personal data are processed” [Art.5(1)(e)]. This implies that there is a time limit on how long customers’ data can be kept.

For how long Appodeal keeps such data varies depending on the service. If a customer has an account, then we need to keep the customer’s information for as long as the account is active. We also need a considerable amount of time for compliance purposes (e.g., outstanding payments, sales, and marketing efforts, answering questions). For services where we are the processor, we keep the data according to the instructions we’ve received from the Controllers.

In case we receive a request to delete data from a data subject, we will do so within 30 days.

Q: When will the SDK be available for testing?

We are currently finalizing the last arrangements and making sure it’s stable. It should be released within a week (ETA May 18).

Q: It sounds like the SDK won’t contain a consent dialog to introduce to users, instead we need to develop one on our own. After we do that, we call an API in the SDK stating that we received consent. Is that correct?

Correct. You need to pass a value of the consent to our SDK using a consent parameter in initialize() method.

Q: If one of my users contacts Appodeal and demands removal of their PII, how will you respond and how will you identify that particular user in your system?

We will send them an opt-out link. They can also find the link in our Privacy Policy.

Q: If a user asks us to delete their PII, how exactly do we do that? I mean if we don’t gather any information in the app, besides what Appodeal and ad networks gather, how will we forward a request from our user to Appodeal and associated ad networks to delete their PII? How will we even identify that user? By advertising id or IP address?

You don’t need to do anything. Just tell the user that his/her data has never been stored on your side. By publicly providing in your Privacy Policy the links to your partners who collect and possibly store data, you enable the user to place a proper request, or “opt-out” from a certain partner on their own.

Q: To get consent from EU users only, I check the IP address and determine the Country Code, then check the country code in the EU list of Countries which I believe are the following: “BE”, “EL”, “LT”, “PT”, “BG”, “ES”, “LU”, “RO”, “CZ”, “FR”, “HU”, “SI”, “DK”, “HR”, “MT”, “SK”, “DE”, “IT”, “NL”, “FI”, “EE”, “CY”, “AT”, “SE”, “IE”, “LV”, “PL”, “UK”, “CH”, “NO”, “IS”, “LI”? Admob will have this built into their SDK. I was hoping Appodeal would expose a method like this as well.

We’re not planning on implementing such functionality so far, but we’ll definitely consider it for the next releases.

Q: Will the flag ConsentState.NOT_EEA and all the other be accessible in the Corona plugin too?

It depends on the Google implementation, we’re still waiting for their solution.

Q: Will you have consent demos for Unity and Corona?

Yes, we’re working on it.

Q: Is it possible to use Google’s Consent SDK instead of yours?

Yes, you can do that as long as you collect consent and pass the value of obtained consent to our SDK.

Q: I understand that user consent should be stored server side, along with the consent message. Your samples are storing user choice locally on a device only, right?

We send the consent value locally and on our server side. As the consent window will be implemented by a publisher, we’ll have no access to the text displayed.

Q: Can you give an example on how to pass the consent to the iOS SDK?

You will find an example in the documentation for the new SDK version 2.4.1.

Did this answer your question?