Skip to main content

Overview

The DARO SDK provides APIs to forward the privacy consent state your app collects to each ad demand. You are responsible for collecting consent and building its UI; the DARO SDK only forwards the resulting values to ad demands.
Apply privacy settings before loading ads so they are reflected in ad requests. The set* methods can be called at any time, before or after SDK initialization; when called after initialization, the updated values are re-propagated to each ad demand.
If you set no value, the DARO SDK forwards no signal to ad demands for that regulation. See the Default behavior section of each regulation below for how that case is handled.

GDPR

GDPR (General Data Protection Regulation) is a consent-based privacy regulation that applies to users in the European Economic Area (EEA) and the UK. Personal data may be processed only after the user has explicitly given consent.

How the DARO SDK handles it

After you determine the user’s consent with a Consent Management Platform (CMP) such as UMP, forward the result to the DARO SDK with the API below. The DARO SDK propagates the received state to each ad demand.

Values

Default behavior

If setGdpr is never called, the state stays .unknown and no GDPR signal is forwarded to ad demands. If your app has users subject to GDPR, be sure to set it explicitly.

Notes

Use .unknown only as a temporary state. Keeping .unknown without showing the consent prompt to users subject to GDPR may constitute a regulatory violation. Update to .optIn or .optOut as soon as consent is determined.

consentString

An optional argument (default ""). If you use a CMP such as UMP, pass the GDPR consent string it generates. If you do not use one, leaving it empty ("") is fine. Passing an empty string keeps the previously stored value rather than clearing it (clearing is not supported). This is a separate value from the CCPA consentString.

Examples


CCPA

CCPA (California Consumer Privacy Act) and other US state privacy laws grant users the right to opt out of the sale of their personal information. It is allowed by default unless the user explicitly opts out.

How the DARO SDK handles it

After you determine whether the user has opted out, forward the result to the DARO SDK with the API below. The DARO SDK propagates the received state to each ad demand.

Values

Default behavior

If setCcpa is not called, the DARO SDK forwards no CCPA signal, and ad demands treat the user the same as .optIn: sale/sharing of personal information and personalized ads are allowed. If your app has users subject to CCPA, be sure to set it explicitly.

consentString

An optional argument (default ""). If you use UMP, pass the US Privacy String it produces. If you do not use UMP, leaving it empty ("") is fine. Passing an empty string keeps the previously stored value rather than clearing it (clearing is not supported). This is a separate value from the GDPR consentString.

Notes

CCPA’s .optIn / .optOut differ in meaning from GDPR. Under CCPA, .optIn means “the user did not opt out,” and .optOut means “the user opted out of the sale of personal information.” CCPA is opt-out based, so there is no value equivalent to .unknown. If the user has not yet responded, treat them as .optIn.

Examples


COPPA

COPPA (Children’s Online Privacy Protection Act) is a US regulation that protects children under 13. Unlike GDPR and CCPA, it is not a user consent flow but the publisher’s declaration of whether the app is directed at children.

How the DARO SDK handles it

After you determine whether your app is directed at children, forward it to the DARO SDK with the API below. The DARO SDK propagates the received declaration to each ad demand.

Values

Default behavior

If setCoppa is not called, the child-directed status is not forwarded to ad demands. If your app is directed at children, be sure to set it explicitly.

Notes

COPPA declares whether the app as a whole is directed at children. Per-user settings are not supported. Even if only some users are children, make the determination on an app-wide basis.

Examples


Migrating from the previous API

The previous property-based consent settings (hasUserConsent / gdprConsentString / doNotSell / ccpaString / isTaggedForChildDirectedTreatment) are deprecated. Use the set* method API going forward. The existing properties still work for now — they are internally redirected to the set* calls below — but may be removed in a future release.
If isTaggedForChildDirectedTreatment was never set (nil), it is treated the same as .notChild.