Do I need to disclose AppsFlyer in my privacy policy?

Yes. AppsFlyer processes personal data including advertising identifiers and device information, making disclosure mandatory under GDPR, CCPA, and similar regulations. Your privacy policy must identify AppsFlyer as a data processor, explain what data it collects, and describe how users can exercise their rights. Failure to disclose can result in regulatory violations and fines.

What specific data does AppsFlyer collect?

AppsFlyer collects install and event attribution data, IDFA (Apple) and GAID (Google) advertising identifiers, device model and operating system, carrier information, IP addresses, geographic location data, and in-app events and conversion metrics. This data enables attribution of user actions to marketing campaigns and campaign performance analysis.

Does AppsFlyer require a cookie consent banner?

AppsFlyer itself does not use cookies. However, you must still obtain explicit consent under GDPR and similar laws before collecting IDFA/GAID identifiers and device data. For iOS apps, Apple's App Tracking Transparency (ATT) framework requires user opt-in before IDFA access. For web, consent management is necessary for the underlying data collection.

Who processes my data with AppsFlyer and where is it stored?

AppsFlyer Ltd., based in Israel, acts as your data processor. Data collected through AppsFlyer is transferred to Israel and may be shared with configured advertising networks and marketing partners you've integrated. You should verify AppsFlyer's Data Processing Agreement and ensure international data transfer mechanisms (like Standard Contractual Clauses) are in place.

Deep Linking & Attribution

Privacy policy clauses for AppsFlyer

AppsFlyer is a mobile attribution and marketing analytics platform that tracks app installations, user events, and campaign performance. Websites and apps use AppsFlyer to measure marketing effectiveness, attribute user actions to specific campaigns, and optimize advertising spend across channels.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data AppsFlyer collects

Your privacy policy must disclose each of the following data types when you use AppsFlyer.

Install and event attribution

IDFA/GAID advertising identifiers

Device model, OS, and carrier

IP address and geographic data

In-app events and conversions

When does AppsFlyer trigger privacy obligations?

AppsFlyer's SDK begins collecting data the moment it initializes in your app—before any user action. It immediately captures device identifiers (IDFA on iOS, GAID on Android), device model, OS version, carrier, IP address, and geographic location. This triggers obligations instantly:

GDPR (if users are in EU/EEA)

AppsFlyer processes personal data (device IDs, IP addresses, location) as a data processor. You must have a Data Processing Agreement (DPA) in place with AppsFlyer *before* deploying the SDK—this is a GDPR Article 28 requirement, not optional. You must also obtain lawful basis for processing; consent (Article 6(1)(a)) is common but legitimate interest (Article 6(1)(f)) may apply if properly documented. You must disclose in your privacy policy (Article 13/14) that AppsFlyer receives IDFA/GAID, device data, and IP address, and name AppsFlyer as a processor.

Privacy policy clauses for AppsFlyer

What data AppsFlyer collects

When does AppsFlyer trigger privacy obligations?

GDPR (if users are in EU/EEA)

iOS App Tracking Transparency (ATT)

CCPA (if users are in California)

First concrete step

Where data goes

Common compliance pitfalls

Deploying AppsFlyer SDK without a signed DPA

Collecting IDFA without ATT consent on iOS

Misconfiguring consent banners to auto-enable AppsFlyer

Legal note

Sample privacy policy clause

What regulators look for

Priority audit flags

Enforcement context

Frequently asked questions

Do I need to disclose AppsFlyer in my privacy policy?

What specific data does AppsFlyer collect?

Does AppsFlyer require a cookie consent banner?

Who processes my data with AppsFlyer and where is it stored?

Don't ship without Bandit.