User Privacy for Postbacks FAQ

This feature is being rolled out gradually to Singular Attribution customers.  Talk to your Customer Success Manager to open it for you.

Singular customers can now adjust how postbacks are sent for end-users who do not allow sharing of their data in compliance with CCPA, GDPR, ePrivacy, COPPA, etc. In order to use this feature, you should have implemented the LDS flag within your SDK / S2S integration when sending events to Singular. 

user_privacy.png

Using this feature, you will be able to choose one of three policies for users with Limited Data Sharing:

  • Send postbacks as usual
  • Not send postbacks at all for these users
  • Send postbacks without personally identifiable information (PII)

This allows you to keep using install attribution for optimizing your marketing campaigns, while complying with privacy rules and your users' wishes regarding their private information.

Tip: For more information about postbacks, see the Partner Configuration and Postbacks FAQ and How to Configure Partner Settings and Postbacks. To learn about Limited Data Sharing, see User Privacy and Limit Data Sharing.

FAQ

How do I set up user privacy for postbacks?

To set up user privacy for postbacks:

  1. In your SDK integration, for each user of your app, you can mark whether their data should be restricted using the Limit Data Sharing function. To learn more,  see the "Complying with Data Privacy Laws" section in our Unity SDK Guide, iOS SDK Guide, Android SDK Guide, React Native SDK Guide, or Unreal Engine SDK Guide.
  2. In the Singular platform, under Attribution > Partner Configuration, select a partner from the list in the left sidebar, hover over an app site in the table, and click the edit configuration button.

    edit_configuration.png

  3. In the Edit Configuration window, in the User Privacy section:
    • Check the Restrict postbacks when Limit Data Sharing is true checkbox.
    • Under Restriction Type, choose how to restrict postbacks for Limited Data Sharing users: either send postbacks without personally identifiable information (PII), or not send postbacks for these users at all.
    • You can also change the default Limit Data Sharing status for users whose status wasn't explicitly set in your app. By default, if the user hasn't been set as Limited Data Sharing = true, Singular considers the value to be false and will include these users' PII in postbacks. If you set the default to true, all users will be regarded as having chosen Limited Data Sharing by default, unless you explicitly set a user's LDS status to false (learn more).

user_privacy.png

Which types of postbacks are affected by user privacy settings?

Setting the User Privacy options affects all types of postbacks for the app site, including install, events, revenue, and fraud postbacks.

What data is considered personally identifiable information (PII) in the context of postbacks?

The following data is considered PII. If you choose to restrict postbacks for users with Limited Data Sharing, the following data will not be included in postbacks.

Macro Description
{TOUCHPOINT_IP} IP of the device at the time of the attributed touchpoint
{ATTRIBUTION_IP} IP of the device at the time of the attribution, install or re-engagement
{EVENT_IP} IP of the device at the time of the executed event
{IP} Default IP Address
{ID} Default device id (UDID/IDFA/ANDI)
{CLID} Click ID
{IDFA} iOS advertising identifier of the device
{IFA1} SHA-1 of IDFA
{IFA5} MD5 of IDFA
{ASID} Android App Set ID of the app developer
{IDFV} iOS ID of the app developer
{ANDI} Android ID
{AND1} SHA1 of Android ID
{AND5} MD5 of Android ID
{AIFA} Android advertising identifier of the device
{AIF1} SHA-1 of AIFA
{AIF5} MD5 of AIFA
{CUSTOM_USERID} Custom User ID
{USERID} Custom User ID (legacy parameter)
{OAID} OAID of the device
{OAI1} SHA-1 of OAID of the device
{OAI5} MD5 of OAID of the device
{AMID} Amazon Device ID
{AMI1} SHA-1 of AMID
{AMI5} MD5 of AMID
{SING} Singular Device ID
{ODIN} ODIN identifier for Android (legacy ID)
{OPNU} Open UDID identifier
{IMEI} Android IMEI ID
{IMEI5} MD5 of IMEI ID
{WAID} Windows Device ID
{SDID} Web Device ID
{ECID} External Click ID (used in Clipboard-based attribution)
{UDID} Unique device id
{UDI1} SH1 of UDID
{UDI5} MD5 of UDID
{MAC1} SHA1 of Mac Address
{MAC5} MD5 of Mac Address
{APID} Singular legacy internal ID (unused)
{ALL_TAG_KEYSPACE_ID} Default device ID per platform (unused)
Can I change the data included in the PII list?

If your organization has specific requirements for what data should be included in privacy-restricted postbacks, discuss your options with your Singular Solutions Engineer or Customer Success Manager.

What are the limitations of user privacy settings for postbacks?

Note the following limitations:

  • Postback data cannot be restricted for self-attributing networks (SANs) such as Facebook or Google. For these networks, you can only configure whether to send or not send postbacks when Limited Data sharing is true – you do not have the option of sending postbacks with restricted data.
  • Postback data cannot be restricted for deferred deep links. When dealing with installs and events that result from users clicking on deferred deep links, your only two options are to send a full postback or not to send a postback at all. If you have configured Singular to restrict data in postbacks, the postbacks that result from deferred deep links will not be sent at all.
  • Some networks may not accept postbacks without PII. Be sure to coordinate with your media partner if you are planning to use this configuration for them. Check the postback logs to monitor whether the postbacks were sent successfully.