Skip to main content

Data Privacy

BidMachine SDK provides APIs to support publisher compliance with major privacy regulations. Publishers should set all privacy flags before initializing the SDK so the values are applied correctly. Publishers are responsible for collecting consent from users and passing the appropriate signals to the SDK.

GDPR

The EU's General Data Protection Regulation (GDPR) applies to users in the European Economic Area (EEA), UK, and Switzerland.

Publishers should integrate a consent management platform that complies with IAB TCF v2. Publishers must not load ads until the consent management platform has determined the user's consent status. BidMachine SDK automatically reads the TCF v2 consent string set by the consent management platform.

note

BidMachine does not audit consent management platforms for TCF compliance or adherence to applicable privacy laws.

Manually

If publishers do not use a consent management platform, consent signals can be passed directly to the SDK.

Subject to GDPR — publishers use the following API to indicate whether the user is subject to GDPR:

BidMachine.setSubjectToGDPR(Boolean?)

User consent — publishers use the following API to indicate whether the user has given consent for personalized data processing:

BidMachine.setConsentStatus(Boolean)
Deprecated since 3.7.0

BidMachine.setConsentConfig is deprecated. Publishers should use BidMachine.setConsentStatus(bool) instead.

BidMachine.setConsentConfig(Boolean, String?)

CCPA

The California Consumer Privacy Act (CCPA) applies to users in California, effective July 1, 2020.

BidMachine SDK automatically reads the US Privacy String from SharedPreferences when it is set by the publisher's consent management platform according to the IAB USPrivacy API spec. For more information on the string format, see the IAB US Privacy String spec.

If publishers must pass the US Privacy String manually:

Deprecated since 3.7.0

BidMachine.setUSPrivacyString is deprecated. The IAB US Privacy String format only covers California (CCPA) and does not extend to other US state privacy laws. The GPP framework supersedes it with a unified standard that covers all US state laws (California, Virginia, Colorado, Connecticut, and others) under a single string. Publishers should use a GPP-compliant consent management platform or pass signals via BidMachine.setGPP instead.

BidMachine.setUSPrivacyString(String?)

COPPA

The Children's Online Privacy Protection Act (COPPA) applies to users under 13 years old in the US. Publishers should set this flag to true for apps directed at children or when they know that a specific user is under 13.

BidMachine.setCoppa(Boolean?)

GPP

The Global Privacy Platform (GPP) is a unified framework for transmitting privacy, consent, and consumer-choice signals across jurisdictions. It covers US state laws (including CCPA), GDPR, and other regional regulations.

If the publisher's consent management platform supports the IAB GPP spec, BidMachine SDK automatically reads GPP data from SharedPreferences.

Manually

To pass GPP data directly, publishers provide the GPP string and the applicable section IDs:

BidMachine.setGPP(String?, List<Int>?)

Non-Personalized Ads

Available since SDK 3.7.0. Publishers use this flag to request non-personalized ads and to limit the data BidMachine collects and shares with demand partners.

This is relevant in several scenarios:

  • Age-restricted users in the US — US state laws (CCPA/CPRA in California, and similar laws in Virginia, Colorado, Connecticut, and others) prohibit selling or sharing personal data of users under 16 without opt-in consent. For users under 13, COPPA applies stricter rules. Publishers should use this flag alongside setCoppa when they cannot determine the exact age but targeting must be limited.
  • Users who declined personalized advertising — when a user opts out of personalized ads through the publisher's consent flow but is not subject to a specific regulation covered by the other APIs.
  • General opt-out — as a catch-all to suppress targeting signals when none of the more specific privacy flags apply.

When set to true, BidMachine requests non-personalized ads only.

BidMachine.setNonPersonalized(Boolean?)