Data privacy

Read time 7 minutes

Privacy classes
Privacy classes

The following object classes contain the requesting app's COPPA compliance flag, GDPR compliance flag, CCPA compliance flag, and user consent flag.

Visit our legal site for more information on Unity's approach to privacy.

To ingest and act on bid requests based on the user's GDPR, COPPA, CCPA, and user consent status, Unity's Exchange provides updated OpenRTB specs to reflect the related changes to the bid request fields.

regs object and extensions
regs object and extensions

An object class that contains the requesting app's COPPA, GDPR, and CCPA compliance flags.

AttributeTypeExampleDescription
regs.coppa
int
"regs": 
{
  "coppa": 1
}

Flag indicating if the bid request is subject to the COPPA regulations established by the USA FTC.

  • 0 indicates no.
  • 1 indicates yes.
regs.ext.gdpr
int
"regs": 
{
  "ext": 
  {
    "gdpr": 1
  }
}

Flag indicating if the request is subject to GDPR.

regs.ext.us_privacy
string
"regs": 
{
  "ext": 
  {
    "us_privacy":"1YN-"
  }
}

Flag indicating consent for requests subject to CCPA regulations. The string format must follow the IAB's U.S. privacy specifications.

regs.ext.lgpd
string
"regs": 
{
  "ext": 
  {
    "lgpd": true
  }
}

Upon confirming opt-out from a LGPD-affected user, the request structure for that user's device sends a flag in the regs.ext.lgpd object with the integer value true. Unity also strips all personally identifiable information (for example: IDFA, AAID, and IP address) from the request.

user object extension
user object extension

An object class that contains the requesting app's user consent flag for data collection.

AttributeTypeExampleDescription
user.ext.consent
string
"user": 
{
  "ext": 
  {
    "consent": "1"
  }
}

Flag indicating if the end user has consented to data collection.

  • 0 indicates no. The device ID is changed to all zeroes, and the IP address is masked.
  • 1 indicates yes.