Data Privacy Compliance

Nimbus iOS SDK can be configured as necessary to respect users consent for data collection and privacy.

Privacy & Regulations

Nimbus supports handling of user consent to data collection following technical specifications for the IAB Europe Transparency & Consent Framework.

When collecting and/or transmitting personally identifiable information (PII) is your responsibility to protect and manage that data. Nimbus provides different ways to pass consent strings according to regulations where your user is located.

Nimbus iOS SDK can be configured as necessary to respect users consent for data collection and privacy.

It is required to work with a Consent Management Platform to create the values to be sent to NimbusSDK.

GPP

Requires Nimbus SDK 2.2.0+

The Nimbus SDK includes support for the IAB's Global Privacy Platform. When working with a Consent Management Provider SDK in app, the Nimbus SDK will attempt to retrieve the Consent String and Section IDs from the UserDetaults using the following keys defined by the IAB and automatically append them to the outbound request

IABGPP_HDR_GppString
IABGPP_GppSID

The Nimbus SDK includes support for the IAB TCFv2 framework. When working with a Consent Management Provider SDK in app, the Nimbus SDK will attempt to retrieve the Consent String and whether or not GDPR applies from the UserDefaults using the following standard keys defined by the IAB and automatically append them to the outbound request:

IABTCF_TCString
IABTCF_gdprApplies

User’s consent for data protection, e.g. GDPR (General Data Protection Regulation), can also be passed to the SDK manually and will override any values automatically retrieved using the TCFv2 framework.

var user = NimbusUser()
user.configureGdprConsent(consentString: "optional_consent_string")
NimbusAdManager.user = user

CCPA

The app can also manage user consent for privacy in the United States, e.g. CCPA (California Consumer Privacy Act), by setting the privacy string.

The CCPA privacy string is a 4 character string in the following format where '-' denotes an unknown value:

Position	Value	Description
0	Integer	Privacy string version
1	Y, N, -	Publisher has provided explicit user notice
2	Y, N, -	User opted out of sale
3	Y, N, -	Publisher operating under the Limited Service Provider Agreement

Position

Value

Description

Integer

Privacy string version

Y, N, -

Publisher has provided explicit user notice

Y, N, -

User opted out of sale

Y, N, -

Publisher operating under the Limited Service Provider Agreement

If the user does not fall within a US Privacy jurisdiction, hyphens should be used in the last three positions, generating this privacy string: "1---"

Add the following before initializing any Demand Providers.

Nimbus.shared.usPrivacyString = "privacy_string"

It is important that you check with counsel when deciding whether or not to use the privacy string. Understand that we are not giving legal advice. If you have questions about Nimbus’ CCPA implementation, please talk to your Nimbus Representative and ask for our CCPA whitepaper.

COPPA

The app can let the Nimbus SDK know if it is governed by COPPA (Children’s Online Privacy Protection Act) regulations established by the USA FTC.

Nimbus.shared.coppa = true

Last updated 3 months ago