Overview
The DARO SDK provides an API that relays the privacy consent state a publisher collects in the app to each ad demand source. The publisher must implement consent collection and its UI; the DARO SDK only relays the resulting values to the ad demand sources.Available from daro-a
1.6.0 / daro-m 1.3.14.Apply privacy settings before loading ads so they take effect on ad requests.
GDPR
GDPR (General Data Protection Regulation) is a consent-based privacy regulation that applies to users in the European Economic Area (EEA) and the UK. Personal data may only be processed after the user explicitly consents.How the DARO SDK handles it
After you confirm the user’s consent with a consent tool such as UMP, pass the result to the DARO SDK with the API below. The DARO SDK propagates the state to each ad demand source.Values
Caution
UseUNKNOWN only as a temporary state. Leaving a GDPR-covered user at UNKNOWN without showing the consent prompt can be a regulatory violation. Update to OPT_IN or OPT_OUT as soon as consent is determined.
consentString
An optional argument (default""). If you use a CMP such as UMP, pass the GDPR consent string it generates. If you don’t, leaving it empty ("") is fine. This is a separate value from the CCPA consentString.
Code example
CCPA
CCPA (California Consumer Privacy Act) and similar US state privacy laws give users the right to opt out of the sale of their personal information. Unless the user explicitly opts out, processing is allowed by default.How the DARO SDK handles it
After you confirm whether the user has opted out, pass the result to the DARO SDK with the API below. The DARO SDK propagates the state to each ad demand source.Values
Default behavior
If you do not callsetCcpa, it is treated as OPT_IN and personalized ads are allowed. If your app has CCPA-covered users, set it explicitly.
consentString
This is optional (defaults to""). If you use UMP, pass the US Privacy String it produced. If you do not use UMP, leaving it empty ("") is fine. This is a separate value from the GDPR consentString.
Caution
CCPA’sOPT_IN / OPT_OUT differ in meaning from GDPR. Under CCPA, OPT_IN means “the user did not opt out,” and OPT_OUT means “the user opted out of the sale of personal information.” Because CCPA is opt-out based, there is no equivalent of UNKNOWN. If the user has not responded yet, treat it as OPT_IN.
Code example
COPPA
COPPA (Children’s Online Privacy Protection Act) protects children under 13 in the United States. Unlike GDPR and CCPA, this is not a user consent flow — it is the publisher’s declaration of whether the app is child-directed.How the DARO SDK handles it
After you determine whether your app is child-directed, pass the result to the DARO SDK with the API below. The DARO SDK propagates the declaration to each ad demand source.Values
Default behavior
If you do not callsetCoppa, the child-directed status is not sent to ad demand sources. If your app is child-directed, set it explicitly.
Caution
COPPA declares whether the app as a whole is child-directed. Per-user configuration is not supported. Even if only some users are children, decide on an app-wide basis.Code example
Migrating from the previous APIs
The previousgrant* / reject* methods are deprecated. Use the set* APIs going forward.

