Managing data collection
Learn how to manage data collection for the Braze SDK, so you can comply with any data-privacy regulations as needed.
Google Play privacy questionnaire
Starting in April 2022, Android developers must complete Google Play’s Data safety form to disclose privacy and security practices. This guide provides instructions on how to fill out this new form with information on how Braze handles your app data.
As the app developer, you are in control of what data you send to Braze. Data received by Braze is processed according to your instructions. This is what Google classifies as a service provider.
This article provides information related to the data the Braze SDK processes as related to the Google safety section questionnaire. This article is not providing legal advice, so we recommend consulting with your legal team before submitting any information to Google.
Questions
| Questions | Answers for Braze SDK |
|---|---|
| Does your app collect or share any of the required user data types? | Yes, the Braze Android SDK collects data as configured by the app developer. |
| Is all of the user data collected by your app encrypted in transit? | Yes. |
| Do you provide a way for users to request that their data be deleted? | Yes. |
For more information about handling user requests for their data and deletion, see Braze Data Retention Information.
Data collection
The data collected by Braze is determined by your specific integration and the user data you choose to collect. To learn more about what data Braze collects by default and how to disable certain attributes, see our SDK data collection options.
| Category | Data type | Braze Usage |
|---|---|---|
| Location | Approximate location | Not collected by default. |
| Precise location | ||
| Personal Info | Name | |
| Email address | ||
| User IDs | ||
| Address | ||
| Phone number | ||
| Race and ethnicity | ||
| Political or religious beliefs | ||
| Sexual orientation | ||
| Other info | ||
| Financial info | User payment info | |
| Purchase history | ||
| Credit score | ||
| Other financial info | ||
| Health and fitness | Health info | Not collected by default. |
| Fitness info | ||
| Messages | Emails | Not collected by default. |
| SMS or MMS | ||
| Other in-app messages | If you send In-app messages or push notifications through Braze, we collect information on when users have opened or read these messages. | |
| Photos and videos | Photos | Not collected. |
| Videos | ||
| Audio files | Voice or sound recordings | |
| Music files | ||
| Other audio files | ||
| Files and docs | Files and docs | |
| Calendar | Calendar events | |
| Contacts | Contacts | |
| App activity | App interactions | Braze collects session activity data by default. All other interactions and activity is determined by your app's custom integration. |
| In-app search history | Not collected. | |
| Installed apps | Not collected. | |
| Other user-generated content | Not collected by default. | |
| Other actions | ||
| Web browsing | Web browsing history | Not collected. |
| App information and performance | Crash logs | Braze collects crash logs for errors that occur within the SDK. This contains the user's phone model and OS level, along with a Braze specific user ID. |
| Diagnostics | Not collected. | |
| Other app performance data | Not collected. | |
| Device or other IDs | Device or other IDs | Braze generates a device ID to differentiate users' devices, and checks if messages are sent to the correct intended device. |
To learn more about other device data that Braze collects which may fall outside the scope of Google Play’s data safety guidelines, see our Android storage overview and our SDK data collection options.
Disabling data tracking
To disable data-tracking activity on the Android SDK, use the method disableSDK(). This will cause all network connections to be canceled, meaning the Braze SDK will no longer pass any data to Braze servers.
Wiping previously-stored data
You can use the method wipeData() to fully clear all client-side data stored on the device.
Resuming data tracking
To resume data collection, you can use the enableSDK() method. Keep in mind, this will not restore any previously wiped data.
Apple’s privacy manifest
What is tracking data?
Apple defines “tracking data” as data collected in your app about an end-user or device that’s linked to third-party data (such as targeted advertising), or a data broker. For a complete definition with examples, see Apple: Tracking.
By default, the Braze SDK does not collect tracking data. However, depending on your Braze SDK configuration, you may be required to list Braze-specific data in your app’s privacy manifest.
What is a privacy manifest?
A privacy manifest is a file in your Xcode project that describes the reason your app and third-party SDKs collect data, along with their data-collection methods. Each of your third-party SDKs that track data require its own privacy manifest. When you create your app’s privacy report, these privacy manifest files are automatically aggregated into a single report.
API tracking-data domains
Starting with iOS 17.2, Apple will block all declared tracking endpoints in your app until the end-user accepts an Ad Tracking Transparency (ATT) prompt. Braze provides tracking endpoints to route your tracking data, while still allowing you to route non-tracking first-party data to the original endpoint.
Declaring Braze tracking data
For a full walkthrough, see the Privacy Tracking Data tutorial.
Prerequisites
The following Braze SDK version is required to implement this feature:
Step 1: Review your current policies
Review your Braze SDK’s current data-collection policies with your legal team to determine whether your app collects tracking data as defined by Apple. If you’re not collecting any tracking data, you don’t need to customize your privacy manifest for the Braze SDK at this time. For more information about the Braze SDK’s data-collection policies, see SDK data collection.
If any of your non-Braze SDKs collect tracking data, you’ll need to review those policies separately.
Step 2: Create a privacy manifest
First, check if you already have a privacy manifest by searching for a PrivacyInfo.xcprivacy file in your Xcode project. If you already have this file, you can continue to the next step. Otherwise, see Apple: Create a privacy manifest.
Step 3: Add your endpoint to the privacy manifest
In your Xcode project, open your app’s PrivacyInfo.xcprivacy file, then right-click the table and check Raw Keys and Values.
Under App Privacy Configuration, choose NSPrivacyTracking and set its value to YES.
Under App Privacy Configuration, choose NSPrivacyTrackingDomains. In the domains array, add a new element and set its value to the endpoint you previously added to your AppDelegate prefixed with sdk-tracking.
Step 4: Declare your tracking data
Next, open AppDelegate.swift then list each tracking property you want to declare by creating a static or dynamic tracking list. Keep in mind, Apple will block these properties until the end-user accepts their ATT prompt, so only list the properties you and your legal team consider tracking. For example:
In the following example, dateOfBirth, customEvent, and customAttribute are declared as tracking data within a static list.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import UIKit
import BrazeKit
@main
class AppDelegate: UIResponder, UIApplicationDelegate {
static var braze: Braze? = nil
func application(
_ application: UIApplication,
didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
) -> Bool {
let configuration = Braze.Configuration(apiKey: brazeApiKey, endpoint: brazeEndpoint)
// Declare which types of data you wish to collect for user tracking.
configuration.api.trackingPropertyAllowList = [
.dateOfBirth,
.customEvent(["event-1"]),
.customAttribute(["attribute-1", "attribute-2"])
]
let braze = Braze(configuration: configuration)
AppDelegate.braze = braze
return true
}
}
In the following example, the tracking list is automatically updated after the end-user accepts the ATT prompt.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
func applicationDidBecomeActive(_ application: UIApplication) {
// Request and check your user's tracking authorization status.
ATTrackingManager.requestTrackingAuthorization { status in
// Let Braze know whether user data is allowed to be collected for tracking.
let enableAdTracking = status == .authorized
AppDelegate.braze?.set(adTrackingEnabled: enableAdTracking)
// Add the `.firstName` and `.lastName` properties, while removing the `.everything` configuration.
AppDelegate.braze.updateTrackingAllowList(
adding: [.firstName, .lastName],
removing: [.everything]
)
}
}
Step 5: Prevent infinite retry loops
To prevent the SDK from entering an infinite retry loop, use the set(adTrackingEnabled: enableAdTracking) method to handle ATT permissions. The adTrackingEnabled property in your method should be handled similar to the following:
1
2
3
4
5
6
7
8
func applicationDidBecomeActive(_ application: UIApplication) {
// Request and check your user's tracking authorization status.
ATTrackingManager.requestTrackingAuthorization { status in
// Let Braze know whether user data is allowed to be collected for tracking.
let enableAdTracking = status == .authorized
AppDelegate.braze?.set(adTrackingEnabled: enableAdTracking)
}
}
Disabling data tracking
To disable data-tracking activity on the Swift SDK, set the enabled property to false on your Braze instance. When enabled is set to false, the Braze SDK ignores any calls to the public API. The SDK also cancels all in-flight actions, such as network requests, event processing, etc.
Wiping previously-stored data
You can use the wipeData() method to fully clear locally-stored SDK data on a user’s device.
For Braze Swift versions 7.0.0 and later, the SDK and the wipeData() method randomly generates a UUID for their device ID. However, if your useUUIDAsDeviceId is set to false or you’re using Swift SDK version 5.7.0 or earlier, you’ll also need to make a post request to /users/delete since your Identifier for Vendors (IDFV) will automatically be used as that user’s device ID.
Resuming data tracking
To resume data collection, set enabled to true. Keep in mind, this will not restore any previously wiped data.
IDFV collection
In previous versions of the Braze iOS SDK, the IDFV (Identifier for Vendor) field was automatically collected as the user’s device ID. Beginning in Swift SDK v5.7.0, the IDFV field was optionally disabled, and instead, Braze would set a random UUID as the device ID. Starting in Swift SDK v7.0.0, the IDFV field will not be collected by default, and a UUID will be set as the device ID instead.
The useUUIDAsDeviceId feature configures the Swift SDK to set the device ID as a UUID. Traditionally, the iOS SDK would assign the device ID equal to the Apple-generated IDFV value. With this feature enabled by default on your iOS app, all new users created via the SDK would be assigned a device ID equal to a UUID.
If you still want to collect IDFV separately, you can use set(identifierforvendor:).
Considerations
SDK Version
In Swift SDK v7.0.0+, when useUUIDAsDeviceId is enabled (default), all new users created will be assigned a random device ID. All previously existing users will maintain their same device ID value, which may have been IDFV.
When this feature is not enabled, devices will continue to be assigned IDFV upon creation.
Downstream
Technology partners: When this feature is enabled, any technology partners that derive the IDFV value from the Braze device ID will no longer have access to this data. If the IDFV value derived from the device is needed for your partner integration, we recommend that you set this feature to false.
Currents: useUUIDAsDeviceId set to true means the device ID sent in Currents will no longer equal the IDFV value.
Frequently asked questions
Will this change impact my existing users in Braze?
No. When enabled, this feature will not overwrite any user data in Braze. New UUID device IDs will only be created for new devices or when wipedata() is called.
Can I turn this feature off after turning it on?
Yes, this feature can be toggled on and off at your discretion. Previously stored device IDs will never be overwritten.
Can I still capture the IDFV value via Braze elsewhere?
Yes, you can still optionally collect the IDFV via the Swift SDK (collection is disabled by default).
Disabling data tracking
This guide uses code samples from the Braze Web SDK 4.0.0+. To upgrade to the latest Web SDK version, see SDK Upgrade Guide.
To disable data-tracking activity on the Web SDK, use the method disableSDK(). This will sync any data logged before disableSDK() was called, and will cause all subsequent calls to the Braze Web SDK for this page and future page loads to be ignored.
Use the Disable Tracking or Resume Tracking tag type to disable or re-enable web tracking, respectively. These two options call disableSDK and enableSDK.
Best practices
To provide users with the option to stop tracking, we recommend building a simple page with two links or buttons: one that calls disableSDK() when clicked, and another that calls enableSDK() to allow users to opt back in. You can use these controls to start or stop tracking via other data sub-processors as well.
The Braze SDK does not need to be initialized to call disableSDK(), allowing you to disable tracking for fully anonymous users. Conversely,enableSDK() does not initialize the Braze SDK so you must also call initialize() afterward to enable tracking.
Resuming data tracking
To resume data collection, you can use the enableSDK() method.
Wiping previously-stored data
To manually trigger a data flush and ensure queued user data or events are sent to Braze’s servers, use the RequestImmediateDataFlush() method on the UBraze object.
1
UBraze->RequestImmediateDataFlush();
Edit this page on GitHub