Skip to content

Data Privacy Regulations

Explore the guidelines below to ensure best practices when using the X3M SDK to comply with Data Privacy and Child-Directed regulations, including GDPR, CCPA, COPPA, and other relevant standards.

Use of Personal Information

In adherence to data privacy regulations, avoid transmitting personal user information (such as age, gender, etc.) through the custom user properties initialization option (see InitSettings/UserProperties/CustomProperties). Please be aware that X3M disclaims responsibility for managing such information for users identified as children, as this could potentially violate existing regulations

Option 1: Enable CMP Automation

X3M provides a mechanism for automating the integration with Google's User Messaging Platform. To enable this feature, set the flag isCMPAutomationEnabled to true:

XMediatorAds.startWith(
    activity = activity,
    appKey = "<your-app-key>",
    initSettings = InitSettings(
        consentInformation = ConsentInformation(
            isCMPAutomationEnabled = true
        )
    ),
    initCallback = { result -> }
)
boolean isConsentInformationEnabled = true;

XMediatorAds.startWith(
        activity,
        "<your-app-key>",
        new InitSettings.Builder()
                .setConsentInformation(new ConsentInformation(
                        null,
                        null,
                        null,
                        isConsentInformationEnabled,
                        null))
                .build(),
        initResult -> {
            return Unit.INSTANCE;
        }
);

This will prompt the user for consent only when required, and continue with the SDK initialization after the signals have been collected.

Display a Privacy Settings button inside your app

To give users the option to change their consent during the session, you may want to display a button in your app's settings when a form is available. X3M's SDK provides the following methods to achieve this:

if (XMediatorAds.CMPProvider.isPrivacyFormAvailable(context)) {
    // ... display the privacy settings form button
}

// [...]

XMediatorAds.CMPProvider.showPrivacyForm(activity) { error ->
    if (error != null) {
        Log.d("PrivacyForm", "Error: $error")
    }

    Log.d("PrivacyForm", "showPrivacyForm complete!")
}
if (XMediatorAds.getCMPProvider().isPrivacyFormAvailable(context)) {
    // ... display the privacy settings form button
}

// [...]

XMediatorAds.getCMPProvider().showPrivacyForm(activity, error -> {
    if (error != null) {
        Log.d("PrivacyForm", "Error: $error");
    }

    Log.d("PrivacyForm", "showPrivacyForm complete!");
    return Unit.INSTANCE;
});

Debug your integration

When using the CMP Automation feature, you can use the following methods to debug your integration:

// Configure a Debug Geography to trigger Privacy Form display
XMediatorAds.startWith(
    activity = activity,
    appKey = "<your-app-key>",
    initSettings = InitSettings(
        consentInformation = ConsentInformation(
            isCMPAutomationEnabled = true,
            cmpDebugSettings = CMPDebugSettings(
                cmpDebugGeography = CMPDebugGeography.EEA  // Available options: Disabled, EEA and NotEEA
            )
        )
    ),
    initCallback = { result -> }
)

// Clear the collected consent signals from the device 
XMediatorAds.CMPProvider.reset(context)
// Configure a Debug Geography to trigger Privacy Form display
XMediatorAds.startWith(
        activity,
        "<your-app-key>",
        new InitSettings.Builder()
                .setConsentInformation(new ConsentInformation(
                        null,
                        null,
                        null,
                        isCMPAutomationEnabled,
                        new CMPDebugSettings(
                                CMPDebugGeography.EEA.INSTANCE  // Available options: Disabled, EEA and NotEEA
                        )))
                .build(),
        initResult -> {
            return Unit.INSTANCE;
        }
);

// Clear the collected consent signals from the device 
XMediatorAds.getCMPProvider().reset(context);

Option 2: Custom integration with a CMP

Another option is to integrate your app or game directly with the CMP, without relying on X3M's automation. The recommended workflow is as follows:

  1. First, request the CMP to update the consent requirements for the user.
    • If the consent has been granted on a previous session, continue with X3M's initialization without waiting for the requirements update, in order to reduce latency.
  2. Wait for the consent requirements update request to complete.
  3. Launch the CMP's privacy form if available and await for its completion.
  4. Then, initialize X3M's XMediator SDK, and wait for the initialization callback to complete.
  5. By this point, you can start requesting ads.

This approach ensures that all required consent signals are collected before the ad mediation begins.

Info

For specific instructions on how to implement this workflow using your chosen CMP, please refer to its official documentation.

XMediator provides a mechanism to forward the user consent to each advertising partner.

For more information about the data privacy regulations that may apply to your product please refer to IAB's Standards. Please note that XMediator is not a replacement to a Consent Management Platform. If you wish to integrate one please refer to IAB's authorized CMP list.

To indicate whether the user has given consent to be served personalized ads please use the hasUserConsent flag as shown below:

XMediatorSdk.initialize(
    activity = activity,
    appKey = "<your-app-key>",
    initSettings = InitSettings(
        consentInformation = ConsentInformation(
            hasUserConsent = true
        )
    ),
    initCallback = { result -> }
)

// [...]

XMediatorSdk.setConsentInformation(
    ConsentInformation(
        hasUserConsent = true
    )
)
Boolean hasUserConsent = true;

XMediatorAds.startWith(
        activity,
        "<your-app-key>",
        new InitSettings.Builder()
                .setConsentInformation(new ConsentInformation(
                        hasUserConsent,
                        null,
                        null,
                        false,
                        null))
                .build(),
        initResult -> {
            return Unit.INSTANCE;
        }
);

GDPR Consent for European Economic Area Users

Integration considerations:

  • Please note that XMediator does not generate a GDPR Consent String (see Consent String and Vendor List Format) as using a CMP would. Some ad sources may still require you to integrate a CMP in order to serve ads to european users.
  • If the user is not affected by EU's GDPR you should avoid setting these flags as it may have a negative effect on the ad mediation performance.

For more information on X3M's approach to GDPR please reach out to us.

Opt-out of sale flag

You can use this flag to indicate whether the user has opted out of the sale of their personal information. If the user does not opt out, please set the doNotSell flag as shown below:

XMediatorSdk.initialize(
    activity = activity,
    appKey = "<your-app-key>",
    initSettings = InitSettings(
        consentInformation = ConsentInformation(
            doNotSell = false
        )
    ),
    initCallback = { result -> }
)

// [...]

XMediatorSdk.setConsentInformation(
    ConsentInformation(
        doNotsell = false
    )
)
Boolean doNotSell = true;

XMediatorAds.startWith(
        activity,
        "<your-app-key>",
        new InitSettings.Builder()
                .setConsentInformation(new ConsentInformation(
                        null,
                        doNotSell,
                        null,
                        false,
                        null))
                .build(),
        initResult -> {
            return Unit.INSTANCE;
        }
);

CCPA Data Privacy Regulation

Integration considerations:

  • If the user is not affected by California's CCPA you should avoid setting these flags as it may have a negative effect on the ad mediation performance.

For more information on X3M's approach to CCPA please reach out to us.

Child directed flag

You can use this flag to indicate whether the user must be treated as a child. To do this, set the isChildDirected flag as shown below:

XMediatorSdk.initialize(
    activity = activity,
    appKey = "<your-app-key>",
    initSettings = InitSettings(
        consentInformation = ConsentInformation(
            isChildDirected = true
        )
    ),
    initCallback = { result -> }
)

// [...]

XMediatorSdk.setConsentInformation(
    ConsentInformation(
        isChildDirected = true
    )
)
Boolean isChildDirected = true;

XMediatorAds.startWith(
        activity,
        "<your-app-key>",
        new InitSettings.Builder()
                .setConsentInformation(new ConsentInformation(
                        null,
                        null,
                        isChildDirected,
                        false,
                        null))
                .build(),
        initResult -> {
            return Unit.INSTANCE;
        }
);

COPPA Regulation

Integration considerations:

For more information on how X3M complies with COPPA, please visit the COPPA Compliance Guidelines for Apps on X3M Platform