GDPR Compliance
Last updated: 2026-04-06
Adopture was built from the ground up to be privacy-compliant. Our mobile analytics SDK collects no personal data, uses no cookies, and stores no IP addresses. This means your app can use Adopture without requiring a cookie consent banner or GDPR consent dialog.
Why no consent banner is needed
- No cookies in the SDK – Adopture’s mobile SDK does not use cookies or any browser-based tracking.
- No IP address storage – IP addresses are used momentarily for geographic lookup (country/region via MaxMind GeoLite2 local database), then immediately discarded. IPs are never stored in our database.
- No personally identifiable information (PII) – We don’t collect names, emails, device IDs, or advertising identifiers from your app’s users.
- Hashed identifiers only – User identifiers are one-way SHA256 hashed on the device before transmission. These cannot be reversed to identify individuals.
- No fingerprinting – We don’t combine device attributes to create unique fingerprints.
- No cross-app tracking – Analytics data is isolated per app, never combined across different apps.
What data the SDK collects
| Data Field | Example | Personal Data? |
|---|---|---|
| Hashed daily ID | a8f2e...c91d (SHA256) | No (anonymized, irreversible) |
| Hashed monthly ID | b3d1f...e72a (SHA256) | No (anonymized, irreversible) |
| Session ID | UUID v4 | No (random, not linked to user) |
| Event type | "screen", "track" | No |
| Event name | "home_viewed" | No |
| OS & version | "iOS 17.2" | No (not unique) |
| App version | "2.1.0" | No |
| Screen dimensions | 390x844 | No (not unique) |
| Locale | "en-US" | No |
| Country/Region | "Germany/NRW" | No (derived from IP, IP discarded) |
| Custom properties | {"theme": "dark"} | Depends on what you send* |
*Note: Custom properties are defined by you (the app developer). Do not send PII in custom properties.
Your responsibilities as data controller
As the app developer, you are the data controller under GDPR. Adopture acts as your data processor.
While Adopture’s SDK is designed to collect no personal data, you should:
- Have a Data Processing Agreement (DPA) in place – view our DPA
- Mention your use of Adopture in your app’s privacy policy
- Avoid sending PII in custom event properties
- Review the data your app sends to ensure compliance
Regulatory compliance
GDPR (EU): Adopture is designed to comply with the General Data Protection Regulation. No consent mechanism is required for the SDK as it processes no personal data.
ePrivacy Directive: No cookies or device storage access means no consent requirement under the ePrivacy Directive / TDDDG.
CCPA (California): Hashed, anonymous data does not constitute "personal information" under CCPA. No sale of data occurs.
PECR (UK): Same privacy-by-design principles apply. No cookies or similar technologies are used.
Data residency
- All analytics data is stored on Hetzner servers in Germany
- Analytics data never leaves the EU
- Account data (email, name, billing): some processors in the US (Stripe for payments, Resend for email) – protected by EU Standard Contractual Clauses and EU-US Data Privacy Framework
- See our full Privacy Policy for details
Learn more
- Data Processing Agreement
- Privacy Policy
- Terms of Service
- Questions? Contact us at chris@adopture.com