User Consent Flow - cleveradssolutions/CAS-Flutter GitHub Wiki

:zap: Before you start
Make sure you have correctly Privacy Regulations.

In order for CAS and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent for use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.

Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance.

Read more about:

Automatic consent flow

The automatic ask for consent from the user introduced in CAS 3.0. To get consent for collecting personal data of your users, we suggest you use a built-in Consent Flow, comes with a pre-made consent form that you can easily present to your users. That means you no longer need to create your own consent window.

The user will see the consent flow when your app create CAS Manager. When the user completes the flow, the SDK calls your initialization-completion handler.

ManagerBuilder builder = CAS.buildManager();
builder.withInitializationListener(new InitializationListenerWrapper());
builder.initialize();
    
class InitializationListenerWrapper extends InitializationListener {
  @override
  void onCASInitialized(InitConfig initialConfig) {
    String error = initialConfig.error;
    String countryCode = initialConfig.countryCode;
    bool isTestMode = initialConfig.isTestMode;
    bool isConsentRequired = initialConfig.isConsentRequired;
  }
}

Don't forget to apply the configuration by calling the builder.initialize() function.

You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you were to initialize these third-party SDKs before the user completes the consent flow, these third-party SDKs would not be able to access relevant identifiers and you would suffer a material impact on measurement, reporting, and ad revenue.

Privacy Policy URL

One requirement of the consent dialog is to provide the user with a link to the Privacy Policy.
To add a link to the Privacy policy, create CAS Manager withConsentFlow():

builder.withConsentFlow(CAS.buildConsentFlow().withPrivacyPolicy("https://url_to_privacy_policy"));

If you don't define a link to your application's policy, the user will follow the link to Clever Ads Solutions policy.

Overview flow

Users will not see the Consent dialog if at least one of following is true

  • Users located in regions that are not covered by information protection
  • Users who are subject to COPPA restrictions.
  • Users for whom consent is defined in the CAS.setUserConsentStatus()

Disable flow

CAS consent flow is enabled by default. You can disable the consent flow by building CAS Manager withConsentFlow():

builder.withConsentFlow( CAS.buildConsentFlow().disableFlow() );
)

Manual consent flow

You can use the show() method on the ConsentFlow instance to present the dialog.

ConsentFlow flow = CAS.buildConsentFlow(); 
    flow.withDismissListener(new DismissListenerWrapper());
    flow.withPrivacyPolicy("https://url_to_privacy_policy");
    flow.show();

class DismissListenerWrapper extends OnDismissListener {
  @override
  onConsentFlowDismissed(int status) {
  }
}

If you need to perform any actions after the user has made a choice the dialog, place that logic in the OnDismissListener.

Meta Audience Network Data Processing Options for Users in California

The CAS does not support your handling of CCPA opt-out values for Meta Audience Network, you must work directly with the network to purposes of your obligations for CCPA compliance.

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Additional Meta AudienceNetwork steps.

Custom Consent Logic

The following instructions apply if you are using your own or a third-party party consent mechanism.

You must set the privacy options before creating the CAS Manager to disable the automatic CAS consent flow and advertising SDKs are initialized respecting the user's consent.

Consent in GDPR and Other regions

CAS shares these set consent values via adapters to supported mediation partners.

If the user consents to interest-based advertising, set the user consent ACCEPTED flag:

CAS.setUserConsentStatus(UserConsent.ACCEPTED);

If the user does NOT consent to interest-based advertising, set the user consent DENIED flag:

CAS.setUserConsentStatus(UserConsent.DENIED);

Once you set the consent value, CAS will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.

Multi-State Consumer privacy laws

California and Virginia laws may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in those states opt out of interest-based advertising or the sale or share of personal information for interest-based advertising.

If a user does NOT opt out of interest-based advertising, set the OPT_IN_SALE flag:

CAS.setCCPAStatus(CCPAStatus.OPT_IN_SALE);

If a user does opt out of interest-based advertising, set the OPT_OUT_SALE flag:

CAS.setCCPAStatus(CCPAStatus.OPT_OUT_SALE);

You do not need to set this flag for users who are outside California. If you do set this flag for such users, this will not impact how ads are served to them.

🔗 Done! What’s Next?