Dash Stats Docs
GDPR compliant

Data processing in the AppBrain SDK

About the AppBrain SDK

AppBrain provides a service for app developers to earn money with their Android app by showing advertisements for other apps to users. This document describes how we process data in a GDPR-compliant way.

AppBrain processes personal data using “privacy by design” where we collect and process the minimal amount of personal information possible to provide our service. The personal information that we still collect is mainly used to combat fraud, which is a legitimate interest (“The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned”, Recital 47). AppBrain doesn’t do any longer term user tracking or profile building. We also don’t pass on personal information to third parties and have set a short retention span of the data, after which the data is anonymized.

We process data in a GDPR-compliant way as a data controller.

Data collected by AppBrain

Types of personal or potentially sensitive data collected by AppBrain
Data Type Purpose Retention
IP address Personal Fraud / duplicate filtering Country determination Anonymized within 30 days after collection (blank last 8 bits of IPv4 addresses and last 80 bits of IPv6 addresses)
Device ID (resettable advertiser ID or Android ID) Personal Fraud / duplicate filtering Install attribution Anonymized within 30 days after collection
Developer-provided keywords, birthdate, gender, latitude, longitude Potentially sensitive Contextual targeting Blanked within 30 days after collection

The AppBrain SDK also collects non-personal information that falls outside the scope of GDPR. This includes system information (Android version, phone manufacturer and model, screen size, phone carrier), and SDK information (developer and app who built in the SDK, hashed recent app installs), which are mostly used for selecting the advertisers that want to advertise to this user. The technical phone stats are used to power aggregate statistics on https://www.appbrain.com/stats

Data transit

The AppBrain SDK communicates with AppBrain servers through secure SSL connections. Users based in the EU will contact servers in the EU that process the data (Google datacenter, Netherlands).

Processors

AppBrain works with a number of companies who are our processors, and passes on the advertiser ID for install attribution purposes when users click on an ad. We only do this when there’s a data protection agreement in place which holds the subprocessor to process the data in GDPR-compliant way and use it only for the given purpose (install attribution).

Subprocessors of data acquired by the AppBrain SDK
Company Purpose Additional information
Google Cloud Hosting Google Cloud GDPR documentation
Rackspace Cloud Hosting Rackspace compliance
Cloudflare Website serving Cloudflare GDPR documentation

Further questions

If you have questions about privacy or your personal data please contact our support team.