Skip to content

Managing data collection

Learn how to manage data collection for the Braze SDK, so you can comply with any data-privacy regulations as needed.

Google Play privacy questionnaire

Starting in April 2022, Android developers must complete Google Play’s Data safety form to disclose privacy and security practices. This guide provides instructions on how to fill out this new form with information on how Braze handles your app data.

As the app developer, you are in control of what data you send to Braze. Data received by Braze is processed according to your instructions. This is what Google classifies as a service provider.

Questions

Questions Answers for Braze SDK
Does your app collect or share any of the required user data types? Yes, the Braze Android SDK collects data as configured by the app developer.
Is all of the user data collected by your app encrypted in transit? Yes.
Do you provide a way for users to request that their data be deleted? Yes.

For more information about handling user requests for their data and deletion, see Braze Data Retention Information.

Data collection

The data collected by Braze is determined by your specific integration and the user data you choose to collect. To learn more about what data Braze collects by default and how to disable certain attributes, see our SDK data collection options.

Category Data type Braze Usage
Location Approximate location Not collected by default.
Precise location
Personal Info Name
Email address
User IDs
Address
Phone number
Race and ethnicity
Political or religious beliefs
Sexual orientation
Other info
Financial info User payment info
Purchase history
Credit score
Other financial info
Health and fitness Health info Not collected by default.
Fitness info
Messages Emails Not collected by default.
SMS or MMS
Other in-app messages If you send In-app messages or push notifications through Braze, we collect information on when users have opened or read these messages.
Photos and videos Photos Not collected.
Videos
Audio files Voice or sound recordings
Music files
Other audio files
Files and docs Files and docs
Calendar Calendar events
Contacts Contacts
App activity App interactions Braze collects session activity data by default. All other interactions and activity is determined by your app's custom integration.
In-app search history Not collected.
Installed apps Not collected.
Other user-generated content Not collected by default.
Other actions
Web browsing Web browsing history Not collected.
App information and performance Crash logs Braze collects crash logs for errors that occur within the SDK. This contains the user's phone model and OS level, along with a Braze specific user ID.
Diagnostics Not collected.
Other app performance data Not collected.
Device or other IDs Device or other IDs Braze generates a device ID to differentiate users' devices, and checks if messages are sent to the correct intended device.

To learn more about other device data that Braze collects which may fall outside the scope of Google Play’s data safety guidelines, see our Android storage overview and our SDK data collection options.

Disabling data tracking

To disable data-tracking activity on the Android SDK, use the method disableSDK(). This will cause all network connections to be canceled, meaning the Braze SDK will no longer pass any data to Braze servers.

Wiping previously-stored data

You can use the method wipeData() to fully clear all client-side data stored on the device.

Resuming data tracking

To resume data collection, you can use the enableSDK() method. Keep in mind, this will not restore any previously wiped data.

Apple’s privacy manifest

What is tracking data?

Apple defines “tracking data” as data collected in your app about an end-user or device that’s linked to third-party data (such as targeted advertising), or a data broker. For a complete definition with examples, see Apple: Tracking.

By default, the Braze SDK does not collect tracking data. However, depending on your Braze SDK configuration, you may be required to list Braze-specific data in your app’s privacy manifest.

What is a privacy manifest?

A privacy manifest is a file in your Xcode project that describes the reason your app and third-party SDKs collect data, along with their data-collection methods. Each of your third-party SDKs that track data require its own privacy manifest. When you create your app’s privacy report, these privacy manifest files are automatically aggregated into a single report.

API tracking-data domains

Starting with iOS 17.2, Apple will block all declared tracking endpoints in your app until the end-user accepts an Ad Tracking Transparency (ATT) prompt. Braze provides tracking endpoints to route your tracking data, while still allowing you to route non-tracking first-party data to the original endpoint.

Declaring Braze tracking data

Prerequisites

The following Braze SDK version is required to implement this feature:

Step 1: Review your current policies

Review your Braze SDK’s current data-collection policies with your legal team to determine whether your app collects tracking data as defined by Apple. If you’re not collecting any tracking data, you don’t need to customize your privacy manifest for the Braze SDK at this time. For more information about the Braze SDK’s data-collection policies, see SDK data collection.

Step 2: Create a privacy manifest

First, check if you already have a privacy manifest by searching for a PrivacyInfo.xcprivacy file in your Xcode project. If you already have this file, you can continue to the next step. Otherwise, see Apple: Create a privacy manifest.

Step 3: Add your endpoint to the privacy manifest

In your Xcode project, open your app’s PrivacyInfo.xcprivacy file, then right-click the table and check Raw Keys and Values.

An Xcode project with the context menu open and "Raw Keys and Values" highlighted.

Under App Privacy Configuration, choose NSPrivacyTracking and set its value to YES.

The 'PrivacyInfo.xcprivacy' file open with "NSPrivacyTracking" set to "YES".

Under App Privacy Configuration, choose NSPrivacyTrackingDomains. In the domains array, add a new element and set its value to the endpoint you previously added to your AppDelegate prefixed with sdk-tracking.

The 'PrivacyInfo.xcprivacy' file open with a Braze tracking endpoint listed under "NSPrivacyTrackingDomains".

Step 4: Declare your tracking data

Next, open AppDelegate.swift then list each tracking property you want to declare by creating a static or dynamic tracking list. Keep in mind, Apple will block these properties until the end-user accepts their ATT prompt, so only list the properties you and your legal team consider tracking. For example:

In the following example, dateOfBirth, customEvent, and customAttribute are declared as tracking data within a static list.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import UIKit
import BrazeKit

@main
class AppDelegate: UIResponder, UIApplicationDelegate {

  static var braze: Braze? = nil

  func application(
    _ application: UIApplication,
    didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
  ) -> Bool {
    let configuration = Braze.Configuration(apiKey: brazeApiKey, endpoint: brazeEndpoint)
    // Declare which types of data you wish to collect for user tracking.
    configuration.api.trackingPropertyAllowList = [
      .dateOfBirth,
      .customEvent(["event-1"]),
      .customAttribute(["attribute-1", "attribute-2"])
    ]
    let braze = Braze(configuration: configuration)
    AppDelegate.braze = braze
    return true
  }
}

In the following example, the tracking list is automatically updated after the end-user accepts the ATT prompt.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
func applicationDidBecomeActive(_ application: UIApplication) {
  // Request and check your user's tracking authorization status.
  ATTrackingManager.requestTrackingAuthorization { status in
    // Let Braze know whether user data is allowed to be collected for tracking.
    let enableAdTracking = status == .authorized
    AppDelegate.braze?.set(adTrackingEnabled: enableAdTracking)

    // Add the `.firstName` and `.lastName` properties, while removing the `.everything` configuration.
    AppDelegate.braze.updateTrackingAllowList(
      adding: [.firstName, .lastName],
      removing: [.everything]
    )
  }
}

Step 5: Prevent infinite retry loops

To prevent the SDK from entering an infinite retry loop, use the set(adTrackingEnabled: enableAdTracking) method to handle ATT permissions. The adTrackingEnabled property in your method should be handled similar to the following:

1
2
3
4
5
6
7
8
func applicationDidBecomeActive(_ application: UIApplication) {
    // Request and check your user's tracking authorization status.
    ATTrackingManager.requestTrackingAuthorization { status in
      // Let Braze know whether user data is allowed to be collected for tracking.
      let enableAdTracking = status == .authorized
      AppDelegate.braze?.set(adTrackingEnabled: enableAdTracking)
    }
}

Disabling data tracking

To disable data-tracking activity on the Swift SDK, set the enabled property to false on your Braze instance. When enabled is set to false, the Braze SDK ignores any calls to the public API. The SDK also cancels all in-flight actions, such as network requests, event processing, etc.

Wiping previously-stored data

You can use the wipeData() method to fully clear locally-stored SDK data on a user’s device.

For Braze Swift versions 7.0.0 and later, the SDK and the wipeData() method randomly generates a UUID for their device ID. However, if your useUUIDAsDeviceId is set to false or you’re using Swift SDK version 5.7.0 or earlier, you’ll also need to make a post request to /users/delete since your Identifier for Vendors (IDFV) will automatically be used as that user’s device ID.

Resuming data tracking

To resume data collection, set enabled to true. Keep in mind, this will not restore any previously wiped data.

IDFV collection

In previous versions of the Braze iOS SDK, the IDFV (Identifier for Vendor) field was automatically collected as the user’s device ID. Beginning in Swift SDK v5.7.0, the IDFV field was optionally disabled, and instead, Braze would set a random UUID as the device ID. Starting in Swift SDK v7.0.0, the IDFV field will not be collected by default, and a UUID will be set as the device ID instead.

The useUUIDAsDeviceId feature configures the Swift SDK to set the device ID as a UUID. Traditionally, the iOS SDK would assign the device ID equal to the Apple-generated IDFV value. With this feature enabled by default on your iOS app, all new users created via the SDK would be assigned a device ID equal to a UUID.

If you still want to collect IDFV separately, you can use set(identifierforvendor:).

Considerations

SDK Version

In Swift SDK v7.0.0+, when useUUIDAsDeviceId is enabled (default), all new users created will be assigned a random device ID. All previously existing users will maintain their same device ID value, which may have been IDFV.

When this feature is not enabled, devices will continue to be assigned IDFV upon creation.

Downstream

Technology partners: When this feature is enabled, any technology partners that derive the IDFV value from the Braze device ID will no longer have access to this data. If the IDFV value derived from the device is needed for your partner integration, we recommend that you set this feature to false.

Currents: useUUIDAsDeviceId set to true means the device ID sent in Currents will no longer equal the IDFV value.

Frequently asked questions

Will this change impact my existing users in Braze?

No. When enabled, this feature will not overwrite any user data in Braze. New UUID device IDs will only be created for new devices or when wipedata() is called.

Can I turn this feature off after turning it on?

Yes, this feature can be toggled on and off at your discretion. Previously stored device IDs will never be overwritten.

Can I still capture the IDFV value via Braze elsewhere?

Yes, you can still optionally collect the IDFV via the Swift SDK (collection is disabled by default).

Disabling data tracking

To disable data-tracking activity on the Web SDK, use the method disableSDK(). This will sync any data logged before disableSDK() was called, and will cause all subsequent calls to the Braze Web SDK for this page and future page loads to be ignored.

Use the Disable Tracking or Resume Tracking tag type to disable or re-enable web tracking, respectively. These two options call disableSDK and enableSDK.

Best practices

To provide users with the option to stop tracking, we recommend building a simple page with two links or buttons: one that calls disableSDK() when clicked, and another that calls enableSDK() to allow users to opt back in. You can use these controls to start or stop tracking via other data sub-processors as well.

Resuming data tracking

To resume data collection, you can use the enableSDK() method.

Wiping previously-stored data

To manually trigger a data flush and ensure queued user data or events are sent to Braze’s servers, use the RequestImmediateDataFlush() method on the UBraze object.

1
UBraze->RequestImmediateDataFlush();
HOW HELPFUL WAS THIS PAGE?
New Stuff!