> ## Documentation Index
> Fetch the complete documentation index at: https://guide.daro.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Control Privacy

> Guide to configuring the DARO iOS SDK for GDPR, CCPA, and COPPA privacy compliance

## Overview

The DARO SDK provides APIs to forward the privacy consent state your app collects to each ad demand. You are responsible for collecting consent and building its UI; the DARO SDK only forwards the resulting values to ad demands.

<Note>
  Apply privacy settings **before loading ads** so they are reflected in ad requests. The `set*` methods can be called at any time, before or after SDK initialization; when called after initialization, the updated values are re-propagated to each ad demand.
</Note>

<Note>
  If you set no value, the DARO SDK forwards no signal to ad demands for that regulation. See the **Default behavior** section of each regulation below for how that case is handled.
</Note>

***

## GDPR

GDPR (General Data Protection Regulation) is a consent-based privacy regulation that applies to users in the European Economic Area (EEA) and the UK. Personal data may be processed only after the user has explicitly given consent.

### How the DARO SDK handles it

After you determine the user's consent with a Consent Management Platform (CMP) such as UMP, forward the result to the DARO SDK with the API below. The DARO SDK propagates the received state to each ad demand.

```swift theme={null}
DaroAds.shared.setGdpr(.optIn, consentString: consentString)
```

### Values

| `DaroGdprStatus` | Meaning                                                                                                      |
| ---------------- | ------------------------------------------------------------------------------------------------------------ |
| `.optIn`         | The user **consented** to personal data processing and personalized ads.                                     |
| `.optOut`        | The user **declined** consent. Ads are served non-personalized.                                              |
| `.notApplicable` | The user is **not subject to GDPR** (for example, outside the EEA). Personalized ads are allowed.            |
| `.unknown`       | The **initial state before the consent prompt has been shown**. Use temporarily until consent is determined. |

### Default behavior

If `setGdpr` is never called, the state stays `.unknown` and no GDPR signal is forwarded to ad demands. If your app has users subject to GDPR, be sure to set it explicitly.

### Notes

Use `.unknown` only as a temporary state. Keeping `.unknown` without showing the consent prompt to users subject to GDPR may constitute a regulatory violation. Update to `.optIn` or `.optOut` as soon as consent is determined.

### consentString

An optional argument (default `""`). If you use a CMP such as UMP, pass the GDPR consent string it generates. If you do not use one, leaving it empty (`""`) is fine. Passing an empty string keeps the previously stored value rather than clearing it (clearing is not supported). This is a separate value from the CCPA `consentString`.

### Examples

```swift theme={null}
DaroAds.shared.setGdpr(.optIn, consentString: consentString)
DaroAds.shared.setGdpr(.optOut)
DaroAds.shared.setGdpr(.notApplicable)
DaroAds.shared.setGdpr(.unknown)
```

***

## CCPA

CCPA (California Consumer Privacy Act) and other US state privacy laws grant users the right to opt out of the sale of their personal information. It is allowed by default unless the user explicitly opts out.

### How the DARO SDK handles it

After you determine whether the user has opted out, forward the result to the DARO SDK with the API below. The DARO SDK propagates the received state to each ad demand.

```swift theme={null}
DaroAds.shared.setCcpa(.optOut, consentString: consentString)
```

### Values

| `DaroCcpaStatus` | Meaning                                                                        |
| ---------------- | ------------------------------------------------------------------------------ |
| `.optIn`         | The user **did not opt out.** Sale/sharing of personal information is allowed. |
| `.optOut`        | The user **opted out** of the sale of personal information.                    |
| `.notApplicable` | The user is **not subject to CCPA**.                                           |

### Default behavior

If `setCcpa` is not called, the DARO SDK forwards no CCPA signal, and ad demands treat the user the same as `.optIn`: sale/sharing of personal information and personalized ads are allowed. If your app has users subject to CCPA, be sure to set it explicitly.

### consentString

An optional argument (default `""`). If you use UMP, pass the US Privacy String it produces. If you do not use UMP, leaving it empty (`""`) is fine. Passing an empty string keeps the previously stored value rather than clearing it (clearing is not supported). This is a separate value from the GDPR `consentString`.

### Notes

CCPA's `.optIn` / `.optOut` differ in meaning from GDPR. Under CCPA, `.optIn` means "the user did not opt out," and `.optOut` means "the user opted out of the sale of personal information." CCPA is opt-out based, so there is no value equivalent to `.unknown`. If the user has not yet responded, treat them as `.optIn`.

### Examples

```swift theme={null}
DaroAds.shared.setCcpa(.optIn)
DaroAds.shared.setCcpa(.optOut)
DaroAds.shared.setCcpa(.notApplicable)
```

***

## COPPA

COPPA (Children's Online Privacy Protection Act) is a US regulation that protects children under 13. Unlike GDPR and CCPA, it is not a user consent flow but the publisher's declaration of whether the app is directed at children.

### How the DARO SDK handles it

After you determine whether your app is directed at children, forward it to the DARO SDK with the API below. The DARO SDK propagates the received declaration to each ad demand.

```swift theme={null}
DaroAds.shared.setCoppa(.child)
```

### Values

| `DaroCoppaStatus` | Meaning                                                                |
| ----------------- | ---------------------------------------------------------------------- |
| `.child`          | The app is **directed at children**. Personalized ads are not allowed. |
| `.notChild`       | The app is **not directed at children**.                               |

### Default behavior

If `setCoppa` is not called, the child-directed status is not forwarded to ad demands. If your app is directed at children, be sure to set it explicitly.

### Notes

COPPA declares whether the app as a whole is directed at children. Per-user settings are not supported. Even if only some users are children, make the determination on an app-wide basis.

### Examples

```swift theme={null}
DaroAds.shared.setCoppa(.child)
DaroAds.shared.setCoppa(.notChild)
```

***

## Migrating from the previous API

The previous property-based consent settings (`hasUserConsent` / `gdprConsentString` / `doNotSell` / `ccpaString` / `isTaggedForChildDirectedTreatment`) are deprecated. Use the `set*` method API going forward. The existing properties still work for now — they are internally redirected to the `set*` calls below — but may be removed in a future release.

| Deprecated                                                 | Replacement API                                         |
| ---------------------------------------------------------- | ------------------------------------------------------- |
| `DaroAds.shared.hasUserConsent = true`                     | `DaroAds.shared.setGdpr(.optIn)`                        |
| `DaroAds.shared.hasUserConsent = false`                    | `DaroAds.shared.setGdpr(.optOut)`                       |
| `DaroAds.shared.gdprConsentString = "..."`                 | `DaroAds.shared.setGdpr(.optIn, consentString: "...")`  |
| `DaroAds.shared.doNotSell = false`                         | `DaroAds.shared.setCcpa(.optIn)`                        |
| `DaroAds.shared.doNotSell = true`                          | `DaroAds.shared.setCcpa(.optOut)`                       |
| `DaroAds.shared.ccpaString = "..."`                        | `DaroAds.shared.setCcpa(.optOut, consentString: "...")` |
| `DaroAds.shared.isTaggedForChildDirectedTreatment = true`  | `DaroAds.shared.setCoppa(.child)`                       |
| `DaroAds.shared.isTaggedForChildDirectedTreatment = false` | `DaroAds.shared.setCoppa(.notChild)`                    |

<Note>
  If `isTaggedForChildDirectedTreatment` was never set (`nil`), it is treated the same as `.notChild`.
</Note>
