AppLovin GDPR FAQ
Q: Will AppLovin be compliant with GDPR?
AppLovin has procedures in place to ensure compliance with GDPR by the date it goes into effect: May 25th, 2018.
Q: What data does AppLovin collect via its advertising service?
Q: What are AppLovin’s data transfer practices for data transferred outside of the EU?
AppLovin participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. AppLovin is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.
Q: Does AppLovin have a data processing agreement (DPA) that can be used by partners?
Q: How do you plan to handle requests from EU end-users (data subjects) of partners under the GDPR?
Q: Do you involve subprocessors to process EU end-user data?
Yes, and we have subprocessor agreements in place with our providers. Please contact email@example.com to request access to the subprocessor list.
Q: What technical and organizational measures do you have in place to secure EU end-user data?
AppLovin has policies and measures in place for Data Security, Breach Notification and Security Training. An overview of AppLovin security policies and measure may be obtained under NDA in certain cases.
Q: Do you have a way to indicate whether the ad request is coming from an EU end-user and whether they have consented to passing personal data?
Yes, our newest SDKs incorporate flags to handle consent and age restrictions for minors. Please see our integration page for details: https://dash.applovin.com/integration. Further information on the flags can be found in the Advanced Integrations > Privacy Settings pages for iOS, Android, and Unity.
Q. Does AppLovin indicate whether or not GDPR consent has been obtained for an EU end-user when sending bid requests to its DSPs?
Yes, when an EU end-user has consented to sharing personal data as indicated by our partners, IDFA and IP address will be passed to eligible DSPs. If an EU end-user has not granted consent to share personal data, IDFA and IP address will not be passed to DSPs. Country code will be passed in lieu of IP address.
Q: Does AppLovin have a Data Protection Officer?
Yes. Contact email is firstname.lastname@example.org.
Q: Do you have a record of processing activities and is this record of processing activities regularly reviewed and updated?