We welcome a world that is more private. We have invested significant resources into providing diligent compliance across all of our solutions and teams. Our mission, and responsibility, is to not only provide a fully-compliant product to our customers, but to help them ensure their own compliance as well.
We’ve implemented technical and organizational measures to ensure that, by default, only the personal data necessary for each specific purpose of the service is processed in strict accordance with our customers’ instructions and configurations.
We have developed a comprehensive range of APIs and tools to help our customers build a fully compliant stack. By adopting our tools, brands can address data subject requests across their partner ecosystems, in near real-time. Adhering to the GDPR and CCPA Right of Deletion, our APIs help organizations globally take another step toward compliance.
- The right to erasure
- The right to access
- The right to data portability
- The right to rectification
For apps that frequently handle sensitive personal information or protect health information (PHI), it’s important to work with a company that takes a privacy by design approach to keep your data safe. We let you decide which data you share and with whom, while maintaining the strictest standards for compliance across every global market, including HIPAA.
To help our customers ensure compliance with the CCPA, we are committed to: 1. Acting only as a service provider for our customers and processing the data only for the stated business purposes 2. Never selling or disclosing any personal information received from our customers 3. Being fully transparent with our customers 4. Supporting customer opt-in and opt-out requirements 5. Ensuring appropriate agreements are in place with our customers 6. Having appropriate technical and organizational measures in place to protect our customer data.
Yes, you may download our DPA.
The GDPR applies to Personal Data. However, Personal Data is broadly defined and includes identifiers such as IP address, cookies, and device IDs. Therefore, under such definition data collected by you through your use of AppsFlyer may be deemed Personal Data under the GDPR.
AppsFlyer employs strict physical, technical, administrative, and organizational measures to protect data and meets a number of major ISO standards (e.g. 27001, 27017, 27018 and more). See AppsFlyer’s security page for more information.
We process the personal data of the end users of our customers who use or interact with our customers’ websites, products, services, advertisements, and mobile application services.
AppsFlyer has a range of privacy-preserving solutions where aggregated data is the solution to ensure that PII or personal data is not processed. IP addresses are a natural part of internet connections on the web, therefore at the regional level these are received by AppsFlyer. However, AppsFlyer provides solutions that include IP masking.
Data requests are made via our OpenGDPR API system (applied globally) that allows each customer to comply with such data subject requests. The system allows you to follow the request you place on behalf of your end-user and receive confirmation of, for example – deletion. More details can be found here.
Yes, please refer here for more information. Our DPA is global, meaning it is applicable to all relevant privacy regulations around the globe.
Current AppsFlyer sub-processors include AWS and Google Cloud Platform for data storage, Zendesk for our customer service provision, Databricks for data analytics, and AppsFlyer’s Israel HQ and applicable AppsFlyer subsidiaries for technical and service assistance. The local AppsFlyer subsidiary that may process your information is dependent on your location. You can find more information here.