ReflectDocs
Compliance

Privacy & consent

GDPR, CCPA, ATT, advertising consent. What the SDK does, what you have to do, and the APIs that make it easy.

What Reflect collects, by default

  • Install UUID (random GUID, in PlayerPrefs)
  • Device model, OS version, locale, timezone, screen size, RAM
  • App bundle id, version, install source, first install time
  • Network type, carrier name + MCC/MNC
  • Fraud signals: emulator detection, root/jailbreak detection
  • Public IP + country (server-side, from CF headers)

What requires explicit consent

  • GAID (Android advertising id) — gated by RequireAdvertisingConsent + the user’s system-level "Limit Ad Tracking" setting.
  • IDFA (iOS advertising id) — gated by Apple’s ATT prompt. Only collected after user taps Allow.

Advertising consent (GDPR / EEA / UK)

If you’re distributing in regions requiring opt-in for cross-app tracking, set:

new ReflectConfig {
    RequireAdvertisingConsent = true,
    ...
}

The SDK will NOT collect GAID / IDFA until you call:

ReflectSDK.SetAdvertisingConsent(granted: true);
// or
ReflectSDK.SetAdvertisingConsent(granted: false);   // re-collects without ad ids

Wire this to your CMP (consent management platform) callback. Reflect doesn’t ship a CMP UI — every studio has different brand requirements and we don’t want to lock you into ours.

iOS App Tracking Transparency

Apple requires the ATT prompt before any cross-app tracking on iOS 14.5+. Reflect supports two modes:

// 1) Auto-prompt on first launch
new ReflectConfig {
    AutoRequestIosTracking = true,
}

// 2) Manual — call when you have a contextual moment in your UX
ReflectSDK.RequestIosTracking(status => {
    Debug.Log("ATT result: " + status);
    // status is one of: NotDetermined, Restricted, Denied, Authorized, Unavailable
});

The build post-processor injects NSUserTrackingUsageDescription into Info.plist automatically. Edit the wording in Editor/ReflectBuildPostProcessor.cs.

GDPR / CCPA right-to-be-forgotten

ReflectSDK.DeleteUserData(success => {
    Debug.Log("Server-side deletion queued: " + success);
});

This does:

  1. Locally: wipes PlayerPrefs (install UUID + first-launch flag), drops the offline queue file, clears global properties + user_id.
  2. Server-side: POSTs /privacy/delete. The server queues the request; a nightly cron drains the queue and cascade-deletes from events, attributions, clicks, postbacks_log, user_aliases, install_audiences.

The local wipe completes synchronously — even if the server call fails, the user’s device is clean. The server-side processing finishes within 24 hours.

Privacy manifest (iOS)

Reflect ships a SDK-level PrivacyInfo.xcprivacy declaring the three iOS privacy APIs it uses (Device ID, User Defaults, Timestamps). The build post-processor copies it into your Xcode build automatically.

You still need to:

  • Provide your app-level PrivacyInfo.xcprivacy declaring data categories you collect (email, name, etc.).
  • Add Reflect’s server domain to NSPrivacyTrackingDomains if you’re using IDFA.

Anonymized mode

Not implemented as a single config flag (it’d be a leaky abstraction). Compose:

  • RequireAdvertisingConsent = true + don’t call SetAdvertisingConsent(true) — drops GAID/IDFA.
  • Don’t call SetUserId — keeps user anonymous.
  • Don’t pass PII as event properties (email, name) — server-side validation truncates strings to 1024 chars but doesn’t scrub semantic PII.
Tracking domains
Reflect doesn’t track users across apps. The SDK only sends events from the app it’s embedded in to the server you configured (BaseUrl). No fingerprinting beyond what’s needed for install attribution.
← Previous
Deep linking
Next →
Debug overlay