Privacy
Nimbus Android SDK can be configured as necessary to respect users consent for data collection and privacy.
COPPA
If your app is governed by COPPA (Children's Online Privacy Protection Act) regulations established by the USA FTC, you must call the following function after initialization so the SDK will configure itself to send that information to demand partners.
Nimbus.COPPA = true
GDPR
The Nimbus SDK includes support for the IAB TCFv2 framework. When working with a Consent Management Provider SDK in app, the Nimbus SDK will attempt to retrieve the Consent String and whether or not GDPR applies from the SharedPreferences using the following standard keys defined by the IAB and automatically append them to the outbound request:
IABTCF_TCString
IABTCF_gdprApplies
User's consent for data protection, e.g. GDPR (General Data Protection Regulation), can also be passed to the SDK manually and will override any values automatically retrieved using the TCFv2 framework. To do so, set the GDPR consent string and user consent using the static helper method on the NimbusAdManager or RequestManager classes.
var userDidConsent: Boolean = true
NimbusAdManager.setGdprConsent(consentString, userDidConsent)
// OR
RequestManager.setGdprConsent(consentString, userDidConsent)
Additionally the GDPR consent string can be set on the User object directly and applied globally for all requests. NOTE: Calling setUser after calling setGdprConsent will overwrite the values set from setGdprConsent and any TCFv2 values automatically retrieved from SharedPreferences.
val userDidConsent: Byte = 1 // The value of one is equivalent to true from the example above
val user = User(ext = User.Extension(consent = consentString, did_consent = userDidConsent))
NimbusAdManager.setUser(user)
// OR
RequestManager.setUser(user)
CCPA
The app can also manage user consent for privacy in the United States, e.g. CCPA (California Consumer Privacy Act), by setting the privacy string.
The CCPA privacy string is a 4 character string in the following format where '-' denotes an unknown value:
| Position | Value | Description |
|---|---|---|
| 0 | Integer | Privacy string version |
| 1 | Y, N, - | Publisher has provided explicit user notice |
| 2 | Y, N, - | User opted out of sale |
| 3 | Y, N, - | Publisher operating under the Limited Service Provider Agreement |
If the user does not fall within a US Privacy jurisdiction, hyphens should be used in the last three positions, generating this privacy string: "1---"
Add the following before initializing any Demand Providers.
lateinit var privacyString: String
Nimbus.usPrivacyString = privacyString
It is important that you check with counsel when deciding whether or not to use the privacy string. Understand that we are not giving legal advice. If you have questions about Nimbus’ CCPA implementation, please talk to your Nimbus Representative and ask for our CCPA whitepaper.