Data Privacy Compliance

Nimbus iOS SDK can be configured as necessary to respect users consent for data collection and privacy.

Nimbus supports handling of user consent to data collection following technical specifications for the IAB Europe Transparency & Consent Framework.

When collecting and/or transmitting personally identifiable information (PII) is your responsibility to protect and manage that data. Nimbus provides different ways to pass consent strings according to regulations where your user is located.

Nimbus Android SDK can be configured as necessary to respect users consent for data collection and privacy.

It is required to work with a Consent Management Platform to create the values to be sent to NimbusSDK.

GPP

Requires Nimbus SDK 2.2.0+

The Nimbus SDK includes support for the IAB's Global Privacy Platform. When working with a Consent Management Provider SDK in app, the Nimbus SDK will attempt to retrieve the Consent String and Section IDs from the default SharedPreferences using the following keys defined by the IAB and automatically append them to the outbound request:

IABGPP_HDR_GppString
IABGPP_GppSID

The Nimbus SDK can manage user's consent for data protection, e.g. GDPR (General Data Protection Regulation) via the IAB TCFv2 framework. The Nimbus SDK will attempt to retrieve the Consent String and whether or not GDPR applies from the SharedPreferences using the following standard keys defined by the IAB and automatically append them to the outbound request:

IABTCF_TCString
IABTCF_gdprApplies

Another option to set the GDPR consent string is using the static helper method on the NimbusAdManager or RequestManager classes which will take precedence over any values set in the SharedPreferences.

NimbusAdManager.setGdprConsent(consentString) 
// OR
RequestManager.setGdprConsent(consentString)

Additionally, the GDPR consent string can be set on the User object directly and applied globally for all requests.

Calling setUser after calling setGdprConsent will overwrite the values set from setGdprConsent.

val user = User(ext = User.Extension(consent = consentString))

NimbusAdManager.setUser(user) 
// OR
RequestManager.setUser(user)

CCPA

The app can also manage user consent for privacy in the United States, e.g. CCPA (California Consumer Privacy Act), by setting the privacy string.

The CCPA privacy string is a 4 character string in the following format where '-' denotes an unknown value:

Position	Value	Description
0	Integer	Privacy string version
1	Y, N, -	Publisher has provided explicit user notice
2	Y, N, -	User opted out of sale
3	Y, N, -	Publisher operating under the Limited Service Provider Agreement

Position

Value

Description

Integer

Privacy string version

Y, N, -

Publisher has provided explicit user notice

Y, N, -

User opted out of sale

Y, N, -

Publisher operating under the Limited Service Provider Agreement

If the user does not fall within a US Privacy jurisdiction, hyphens should be used in the last three positions, generating this privacy string: "1---"

Add the following before initializing any Demand Providers.

lateinit var privacyString: String

Nimbus.usPrivacyString = privacyString

It is important that you check with counsel when deciding whether or not to use the privacy string. Understand that we are not giving legal advice. If you have questions about Nimbus’ CCPA implementation, please talk to your Nimbus Representative and ask for our CCPA whitepaper.

COPPA

If your app is governed by COPPA (Children's Online Privacy Protection Act) regulations established by the USA FTC, you must call the following function after initialization so the SDK will configure itself to send that information to demand partners.

Nimbus.COPPA = true;

Last updated 9 months ago