Skip to main content

Overview

The DARO SDK provides an API that relays the privacy consent state a publisher collects in the app to each ad demand source. The publisher must implement consent collection and its UI; the DARO SDK only relays the resulting values to the ad demand sources.
Available from daro-a 1.6.0 / daro-m 1.3.14.
Apply privacy settings before loading ads so they take effect on ad requests.

GDPR

GDPR (General Data Protection Regulation) is a consent-based privacy regulation that applies to users in the European Economic Area (EEA) and the UK. Personal data may only be processed after the user explicitly consents.

How the DARO SDK handles it

After you confirm the user’s consent with a consent tool such as UMP, pass the result to the DARO SDK with the API below. The DARO SDK propagates the state to each ad demand source.

Values

Caution

Use UNKNOWN only as a temporary state. Leaving a GDPR-covered user at UNKNOWN without showing the consent prompt can be a regulatory violation. Update to OPT_IN or OPT_OUT as soon as consent is determined.

consentString

An optional argument (default ""). If you use a CMP such as UMP, pass the GDPR consent string it generates. If you don’t, leaving it empty ("") is fine. This is a separate value from the CCPA consentString.

Code example


CCPA

CCPA (California Consumer Privacy Act) and similar US state privacy laws give users the right to opt out of the sale of their personal information. Unless the user explicitly opts out, processing is allowed by default.

How the DARO SDK handles it

After you confirm whether the user has opted out, pass the result to the DARO SDK with the API below. The DARO SDK propagates the state to each ad demand source.

Values

Default behavior

If you do not call setCcpa, it is treated as OPT_IN and personalized ads are allowed. If your app has CCPA-covered users, set it explicitly.

consentString

This is optional (defaults to ""). If you use UMP, pass the US Privacy String it produced. If you do not use UMP, leaving it empty ("") is fine. This is a separate value from the GDPR consentString.

Caution

CCPA’s OPT_IN / OPT_OUT differ in meaning from GDPR. Under CCPA, OPT_IN means “the user did not opt out,” and OPT_OUT means “the user opted out of the sale of personal information.” Because CCPA is opt-out based, there is no equivalent of UNKNOWN. If the user has not responded yet, treat it as OPT_IN.

Code example


COPPA

COPPA (Children’s Online Privacy Protection Act) protects children under 13 in the United States. Unlike GDPR and CCPA, this is not a user consent flow — it is the publisher’s declaration of whether the app is child-directed.

How the DARO SDK handles it

After you determine whether your app is child-directed, pass the result to the DARO SDK with the API below. The DARO SDK propagates the declaration to each ad demand source.

Values

Default behavior

If you do not call setCoppa, the child-directed status is not sent to ad demand sources. If your app is child-directed, set it explicitly.

Caution

COPPA declares whether the app as a whole is child-directed. Per-user configuration is not supported. Even if only some users are children, decide on an app-wide basis.

Code example


Migrating from the previous APIs

The previous grant* / reject* methods are deprecated. Use the set* APIs going forward.