SDK Opt-In and Opt-Out Practices

Follow
Avatar
Dora Kishinevsky
Updated

Privacy Compliance with Singular SDK

Comprehensive guide for implementing privacy-compliant tracking solutions using Singular SDK opt-in and opt-out methods for GDPR, CCPA, COPPA, and other privacy regulations.

Legal Disclaimer: Guidelines on this page do not constitute legal advice. Consult with your legal team on compliance with privacy laws applicable to your jurisdiction and business operations.

Singular provides comprehensive privacy compliance tools enabling organizations to utilize platform capabilities while maintaining compliance with evolving privacy regulations.

Target Audience Developers, Legal/Compliance Teams, Product Managers
Applicable Regulations GDPR, CCPA, COPPA, and jurisdiction-specific privacy laws

Privacy Regulation Overview

Supported Compliance Frameworks

Singular platform supports compliance with major privacy regulations through configurable consent management and tracking control mechanisms.

Regulation Scope Key Requirement Recommended Method
GDPR European Union data protection and privacy User consent before data collection Opt-In or Opt-Out
CCPA California consumer privacy rights Right to opt-out of data sale Opt-Out
COPPA Children's online privacy protection (under 13) Parental consent before collecting data from children or age gate implementation Opt-In + Age Gate
Regional Laws Jurisdiction-specific privacy regulations Varies by jurisdiction Consult legal counsel

Evolving Regulations: Privacy laws continuously evolve with new enactments and interpretations. Singular platform provides flexible tools adapting to changing compliance requirements while maintaining full tracking functionality when permitted.

Compliance Methods

Singular supports two primary compliance methods: Opt-In (consent-first) and Opt-Out (tracking-first with user control), each addressing different regulatory requirements and user consent models.

Method Selection

Choosing Appropriate Compliance Method

Select compliance method based on applicable regulations, user demographics, and legal counsel guidance.

Method When Required Implementation Summary
Opt-In
  • GDPR compliance in EU
  • COPPA compliance for children's apps
  • Jurisdictions requiring explicit consent
 Delay SDK initialization until user grants consent. No data transmitted without explicit permission.
Opt-Out
  • CCPA compliance in California
  • Jurisdictions permitting tracking with opt-out option
  • Apps targeting adult audiences with consent options
 Initialize SDK normally but provide mechanism for users to stop tracking at any time.
Hybrid
  • Apps operating across multiple jurisdictions
  • Mixed audience demographics
  • Varied regulatory requirements
 Implement Opt-In for users requiring explicit consent, then provide Opt-Out mechanism for ongoing control.

Best Practice: Many organizations implement hybrid approach using Opt-In for initial consent followed by Opt-Out option in app settings, providing maximum flexibility and compliance coverage.

Opt-In Method

Consent-first approach delaying SDK initialization until user explicitly grants permission for data collection and tracking.

Opt-In Implementation

Implementation Strategy

Opt-In method requires presenting consent interface before any SDK initialization or data transmission to Singular platform.

Critical Requirement: Do not initialize Singular SDK or collect any data until user explicitly grants consent. SDK initialization must be conditional based on consent status.

Implementation Workflow

Opt-In Flow Diagram

Opt-In Workflow Diagram

Step-by-Step Implementation

1

Check Consent Status

On app launch, check stored consent preference before any SDK operations.

Implementation Considerations:

  • Store consent preference in persistent storage (SharedPreferences, UserDefaults, etc.)
  • Check consent status before AppDelegate or MainActivity initialization
  • Default to no consent (do not assume permission)
SWIFTKOTLINREACT NATIVE 
// Check consent status from storage
func hasUserConsent() -> Bool {
    return UserDefaults.standard.bool(forKey: "singular_tracking_consent")
}

func application(_ application: UIApplication, 
                 didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
    
    // Only initialize if consent granted
    if hasUserConsent() {
        initializeSingular()
    } else {
        // Show consent dialog
        presentConsentDialog()
    }
    
    return true
}
2

Present Consent Interface

If no consent preference stored or consent not granted, present clear consent interface explaining data collection practices.

Consent Interface Requirements:

  • Clear Language: Plain language explaining what data collected and why
  • Explicit Action: User must take affirmative action (not pre-checked boxes)
  • Granular Options: Separate consent for different data types if required by regulation
  • Easy Decline: Declining consent should be as easy as granting it
  • Privacy Policy Link: Link to complete privacy policy for detailed information

GDPR Requirements: Under GDPR, consent must be freely given, specific, informed, and unambiguous. Pre-ticked boxes or implied consent do not meet requirements.

3

Handle Consent Grant

When user grants consent, store preference and initialize Singular SDK with normal configuration.

SWIFTKOTLINREACT NATIVE 
func userGrantedConsent() {
    // Store consent preference
    UserDefaults.standard.set(true, forKey: "singular_tracking_consent")
    UserDefaults.standard.synchronize()
    
    // Initialize Singular SDK
    initializeSingular()
}

func initializeSingular() {
    let config = SingularConfig(apiKey: "SDK_KEY", andSecret: "SDK_SECRET")
    
    // Configure as needed
    config.launchOptions = launchOptions
    
    // Initialize SDK
    Singular.start(config)
}
4

Handle Consent Decline

When user declines consent, store preference and do not initialize SDK. App continues functioning without tracking.

SWIFTKOTLINREACT NATIVE 
func userDeclinedConsent() {
    // Store declined preference
    UserDefaults.standard.set(false, forKey: "singular_tracking_consent")
    UserDefaults.standard.synchronize()
    
    // Do NOT initialize Singular SDK
    // App continues without tracking
    
    // Optional: Log declined consent for internal analytics
    print("User declined tracking consent")
}
5

Provide Consent Revocation

Even after granting consent via Opt-In method, users should have option to revoke consent later. Implement Opt-Out mechanism in app settings.

Regulatory Requirement: Most privacy regulations require ability to withdraw consent as easily as granting it. Implement Opt-Out method in settings for ongoing consent management.

See Opt-Out Method section for revocation implementation details.

COPPA Compliance

Children's Privacy Protection

Apps targeting children or mixed audiences require special consideration under COPPA and similar children's privacy regulations.

Age Gate Implementation
#

Age Verification Requirement

Apps with mixed audiences (children and adults) must implement age gate before any data collection from children.

Age Gate Flow

  1. Prompt for Age: Request user age or birthdate on app launch before any tracking
  2. Determine Audience: Identify if user is child (under 13 in US) or adult
  3. Child Users: For children, obtain verifiable parental consent before initializing SDK (treat as Opt-In with parental consent requirement)
  4. Adult Users: For adults, proceed with normal Opt-In or Opt-Out flow based on jurisdiction

Parental Consent Methods

COPPA accepts several methods for verifiable parental consent:

  • Parent providing credit card information
  • Signed consent form via fax, email, or postal mail
  • Parent calling toll-free number
  • Parent video-conferencing with staff
  • Parent providing government-issued ID verified against database
  • Answer knowledge-based challenge questions

Consult legal counsel on appropriate parental consent method for your app.

Apps Targeting Solely Children
#

Specialized SDK for Children's Apps

For apps targeting exclusively children (not mixed audiences), Singular provides specialized Kids Apps SDKs complying with COPPA requirements by not capturing device identifiers.

Kids Apps SDKs: Review Kids Apps SDKs FAQ and contact your account team for guidance on utilizing Singular in COPPA-compliant manner for children-only apps.

Key Differences

Kids Apps SDKs differ from standard SDKs:

  • No device identifier collection (IDFA, GAID, etc.)
  • Limited attribution capabilities (aggregate only)
  • No cross-device tracking
  • Compliant with App Store and Play Store children's app policies

Opt-Out Method

Tracking-first approach initializing SDK normally but providing user control to stop tracking at any time through app settings or preferences.

Opt-Out Implementation

Implementation Strategy

Opt-Out method allows SDK initialization on app launch while providing mechanism for users to disable tracking if desired, typically through settings interface.

Implementation Workflow

Opt-Out Flow Diagram

Opt-Out Workflow Diagram

Step-by-Step Implementation

1

Initialize SDK on App Launch

Initialize Singular SDK normally during app launch, enabling tracking by default.

SWIFTKOTLINREACT NATIVE 
func application(_ application: UIApplication, 
                 didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
    
    // Check if user previously opted out
    let hasOptedOut = UserDefaults.standard.bool(forKey: "singular_opted_out")
    
    // Initialize Singular SDK
    let config = SingularConfig(apiKey: "SDK_KEY", andSecret: "SDK_SECRET")
    config.launchOptions = launchOptions
    Singular.start(config)
    
    // If previously opted out, stop tracking immediately
    if hasOptedOut {
        Singular.stopAllTracking()
    }
    
    return true
}
2

Provide Opt-Out Mechanism

Create clear, easily accessible mechanism for users to opt out of tracking, typically in app settings or privacy preferences.

Opt-Out Interface Requirements:

  • Easy Access: Place in intuitive location (Settings → Privacy or similar)
  • Clear Description: Explain what opting out means and impact on app functionality
  • Simple Toggle: One-step toggle or button to disable tracking
  • Immediate Effect: Opt-out takes effect immediately without requiring app restart
  • Reversible: User can opt back in just as easily

CCPA Requirement: California Consumer Privacy Act requires "Do Not Sell My Personal Information" link prominently displayed. Opt-out mechanism should be clearly labeled and easily accessible.

3

Handle Opt-Out Action

When user opts out, call Singular.stopAllTracking() to immediately cease all data transmission to Singular.

SWIFTKOTLINREACT NATIVE 
func userOptedOut() {
    // Stop all tracking immediately
    Singular.stopAllTracking()
    
    // Store opt-out preference
    UserDefaults.standard.set(true, forKey: "singular_opted_out")
    UserDefaults.standard.synchronize()
    
    // Optional: Show confirmation to user
    showAlert(title: "Tracking Disabled", 
              message: "Your data will no longer be tracked.")
}
stopAllTracking() Behavior

When stopAllTracking() called:

  • All event tracking immediately ceases
  • Session tracking stops
  • No data sent to Singular servers
  • Attribution tracking disabled
  • Setting persists across app sessions until reversed
4

Handle Opt-In Action

When user decides to opt back in, call Singular.resumeAllTracking() to resume normal tracking operations.

SWIFTKOTLINREACT NATIVE 
func userOptedIn() {
    // Resume all tracking
    Singular.resumeAllTracking()
    
    // Update opt-out preference
    UserDefaults.standard.set(false, forKey: "singular_opted_out")
    UserDefaults.standard.synchronize()
    
    // Optional: Show confirmation to user
    showAlert(title: "Tracking Enabled", 
              message: "Your app activity will now be tracked.")
}
resumeAllTracking() Behavior

When resumeAllTracking() called:

  • Event tracking resumes immediately
  • Session tracking restarts
  • Data transmission to Singular servers enabled
  • Attribution tracking reactivated
  • New session created to mark resumption

Implementation Best Practices

Opt-Out Considerations

Settings Placement
#

Recommended Locations

Place opt-out control in intuitive, easily accessible locations:

  • Privacy Settings: Dedicated privacy or data settings section
  • General Settings: Main settings menu with clear privacy subsection
  • Account Settings: User account preferences area
  • First-Run Experience: Mention opt-out availability during onboarding
Clear Communication
#

Transparency Requirements

Clearly communicate what opting out means and any functionality impact:

  • Data Collection Description: Explain what data collected and for what purposes
  • Opt-Out Effects: Describe what happens when user opts out
  • Functionality Impact: Disclose if opting out affects app features
  • Reversibility: Confirm users can opt back in at any time
Preference Persistence
#

Storage Considerations

Store opt-out preference reliably across app sessions:

  • Persistent Storage: Use SharedPreferences (Android) or UserDefaults (iOS)
  • Check on Launch: Verify opt-out status every app launch
  • Respect Preference: Honor opt-out even if SDK reinitialized
  • Backup Storage: Consider backing up to server for cross-device consistency

Additional Considerations

Comprehensive privacy compliance requires attention to multiple aspects beyond basic opt-in/opt-out implementation.

Data Retention and Deletion

User Data Management

Privacy regulations often require mechanisms for users to request data deletion or export.

Data Subject Rights: Contact Singular Support for assistance with user data deletion requests or data export requirements under GDPR, CCPA, or other privacy regulations.

Privacy Policy

Required Disclosures

Maintain comprehensive, accessible privacy policy disclosing data collection, usage, and sharing practices.

Privacy Policy Requirements:

  • Data Collected: List all data types collected including device identifiers, events, and user information
  • Usage Purpose: Explain how data used (analytics, attribution, advertising, etc.)
  • Third-Party Sharing: Disclose data sharing with Singular and other third parties
  • User Rights: Explain user rights regarding data access, deletion, and opt-out
  • Contact Information: Provide contact method for privacy questions and requests

Multi-Jurisdiction Compliance

Global Privacy Requirements

Apps serving multiple jurisdictions must comply with various privacy regulations simultaneously.

Approach Description
Geolocation-Based Detect user location and apply appropriate privacy controls based on jurisdiction (Opt-In for EU, Opt-Out for California, etc.)
Highest Standard Apply strictest requirements (typically GDPR Opt-In) globally, simplifying compliance at cost of immediate tracking
User Selection Allow users to specify jurisdiction during onboarding, applying appropriate privacy controls

Legal Counsel Required: Multi-jurisdiction compliance complex and requires legal expertise. Consult with privacy counsel to determine appropriate approach for your business.

Testing Privacy Implementation

Validation Checklist

Privacy Implementation Validation:

  • SDK not initialized before consent granted (Opt-In method)
  • stopAllTracking() immediately ceases data transmission
  • resumeAllTracking() successfully restarts tracking
  • Opt-out preference persists across app sessions
  • Consent interface clearly explains data practices
  • Opt-out mechanism easily accessible in settings
  • Privacy policy accessible and comprehensive
  • Age gate implemented for mixed-audience apps (COPPA)
  • Testing Console shows no events when opted out
  • Testing Console shows events resume when opted in

Additional Resources

Complete documentation for privacy compliance, SDK implementation, and regulatory guidance.

Singular Documentation

Privacy Regulation Resources

Legal Disclaimer

Not Legal Advice: Information provided in this guide represents generally accepted technical implementation methods but does not constitute legal advice. To determine full interpretation of privacy laws and how they apply to your specific business, consult your own privacy or legal team.

Privacy regulations vary by jurisdiction and continue evolving. Maintain ongoing consultation with legal counsel to ensure compliance with applicable laws.