-
Notifications
You must be signed in to change notification settings - Fork 0
DataSafety
The Convert Android SDK collects no personally identifiable information on its own. The only identifier it generates locally is an app-scoped UUID v4 used for experiment bucketing, stored in the app's private SharedPreferences and lost on app uninstall. Events sent to Convert contain: the visitor id (the UUID), any segments you set, and experiment/goal identifiers. No device identifiers, no advertising id, no location, no contacts, no user-profile data.
This page maps the SDK's data behavior onto the Google Play Data Safety form. You remain responsible for declaring any user-derived data you pass into the SDK.
| Question | Answer | Notes |
|---|---|---|
| Does your app collect or share any of the required user data types? | Yes if you pass user-derived data via segments/attributes; otherwise No for the SDK itself. | The SDK collects only the app-scoped UUID plus whatever you pass to setAttributes / setDefaultSegments / setCustomSegments. |
| Is all user data collected by your app encrypted in transit? | Yes | HTTPS-only to the Convert endpoints. |
| Do you provide a way for users to request that their data be deleted? | User-controlled via app uninstall | The UUID and local queue are discarded on uninstall. Server-side deletion is handled via the Convert dashboard. |
| Data type | Collected | Shared | Purposes | Optional / Required |
|---|---|---|---|---|
| App activity: In-app actions (bucketing + conversion events) | Yes | Yes (sent to Convert) | Analytics, App functionality, Product personalization | Required for A/B testing to function |
| Device or other IDs | No | No | — | The SDK does not collect Android ID, Advertising ID, IMEI, or any hardware identifier. The visitor id is a locally generated app-scoped UUID v4. |
| Personal info | No | No | — | None. |
| Location | No | No | — | None collected by the SDK. Audience location rules use inputs you provide via setLocationProperties. |
| Financial info | No | No | — | None. Transaction values you attach via goalData (AMOUNT, TRANSACTION_ID) are aggregate analytics, not per-user financial records. |
| Contacts / Messages / Photos & videos / Audio / Files & docs / Calendar / Health / Web browsing | No | No | — | None. |
If your app passes user-derived attributes (for example plan, country, accountAgeDays) into setAttributes, setDefaultSegments, or setCustomSegments, those values flow through to Convert. Declare them separately on the Data Safety form according to your own privacy posture and the meaning of the data you send.
The default visitor id is a version-4 (random) UUID generated on-device and persisted to the com.convert.sdk.visitor SharedPreferences file. It is a 122-bit random value with no correlation to the user's real identity, and it is discarded on app uninstall. If you supply your own explicit visitor id via sdk.createContext("your-id"), you control what that id reveals — declare accordingly.
- Tracking Control — turn outbound tracking on or off for consent
- Visitor Context & Properties — the shared visitor-identity concept doc
- Segments — what segments are and how they are reported
Copyrights © 2026 All Rights Reserved by Convert Insights, Inc.
Getting Started
Android SDK
- Quickstart
- Installation
- Initialization
- Configuration
- Return Types & Models
- Code Examples
- Offline Behavior
- Tracking Control
- Google Play Data Safety
- Java Interop
Core Concepts
- Experiences & Variations
- Feature Flags
- Bucketing Algorithm
- Rule Evaluation
- Segments
- Data Management
- Event System
- API Communication
How-To Guides
- Running Experiences
- Running Features
- Tracking Conversions
- Visitor Context
- Persistent DataStore
- Troubleshooting
Contributing