Data processing in the AppBrain SDK¶
About the AppBrain SDK¶
AppBrain provides a service for app developers to earn money with their Android app by showing advertisements for other apps to users. This document describes how we process data in a GDPR-compliant way.
AppBrain processes personal data using “privacy by design” where we collect and process the minimal amount of personal information possible to provide our service. The personal information that we still collect is mainly used to combat fraud, which is a legitimate interest (“The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned”, Recital 47). AppBrain doesn’t do any longer term user tracking or profile building. We also don’t pass on personal information to third parties and have set a short retention span of the data, after which the data is anonymized.
We process data in a GDPR-compliant way as a data controller.
Data collected by AppBrain¶
|IP address||Personal||Fraud / duplicate filtering Country determination||Anonymized within 30 days after collection (blank last 8 bits of IPv4 addresses and last 80 bits of IPv6 addresses)|
|Device ID (resettable advertiser ID or Android ID)||Personal||Fraud / duplicate filtering Install attribution||Anonymized within 30 days after collection|
|Developer-provided keywords, birthdate, gender, latitude, longitude||Potentially sensitive||Contextual targeting||Blanked within 30 days after collection|
The AppBrain SDK also collects non-personal information that falls outside the scope of GDPR. This includes system information (Android version, phone manufacturer and model, screen size, phone carrier), and SDK information (developer and app who built in the SDK, hashed recent app installs), which are mostly used for selecting the advertisers that want to advertise to this user. The technical phone stats are used to power aggregate statistics on https://www.appbrain.com/stats
The AppBrain SDK communicates with AppBrain servers through secure SSL connections. Users based in the EU will contact servers in the EU that process the data (Google datacenter, Netherlands).
AppBrain works with a number of companies who are our processors, and passes on the advertiser ID for install attribution purposes when users click on an ad. We only do this when there’s a data protection agreement in place which holds the subprocessor to process the data in GDPR-compliant way and use it only for the given purpose (install attribution).
|Google Cloud||Hosting||Google Cloud GDPR documentation|
|Rackspace Cloud||Hosting||Rackspace compliance|
|Cloudflare||Website serving||Cloudflare GDPR documentation|