Filters

Restricting End User Data Processing

Overview

Protecting End User Privacy with Branch’s SDK Privacy Controls

We take our customers’ privacy needs very seriously. To enable our customers to honor opt-out requests from their end-users or comply with laws that allow end users to restrict processing of their data, we provide mechanisms for disabling certain data collection features, which are identified below. This way, if a user indicates that they want to limit collection of their data on your app or website, or if you otherwise determine that a particular end user’s data should not be collected or otherwise processed, you can continue to make use of the Branch SDK (e.g. for creating and sharing Branch links to deep link end users) while not measuring attribution for that end user.

When to Use the SDK Privacy Controls

We collect limited device information to power our deep linking technology and to provide attribution and analytics services. You can learn more about the types of data that we need to collect through our services here: https://branch.io/policies/#privacy. We understand that some end-users would like to opt out of (or not opt into) this data processing. In other cases, legal requirements (or Branch’s policies) do not permit that certain types of personal data for certain end users be provided to Branch (for example, data relating to children under the age of 13). To address these needs, we have developed the SDK Privacy Controls feature.

Configuring Branch’s SDK Privacy Controls on an Opt-Out Basis

Branch’s SDK Privacy Controls can enable you to manage data processing on an opt-out basis, in which case data from website or app visitors will no longer be processed by Branch once you’ve affirmatively disabled tracking for such users using the configuration instructions below. Through the Branch SDK Privacy Controls, a customer running an app or website can request that Branch cease certain personal data processing for a particular end-user. Branch will immediately cease data processing for that end user. However, that user can still generate and share Branch links, and basic deep linking to route the end user to the right place in the app will continue to work.

Configuring Branch’s SDK Privacy Controls on an Opt-In Basis

Branch’s SDK Privacy Controls can also enable you to manage data processing on an opt-in basis, in which case data from website or app visitors won’t be processed by Branch until you determine that it is appropriate for Branch to process their end user data and you affirmatively enable tracking for such users.

To use the SDK Privacy Controls in this way, just initialize the Branch Web or App SDKs with tracking disabled (see snippets below), and only enable it when you determine that it is appropriate for Branch to process their end user data (for example, if the end user opts-in to having to data processing based on your app or website configuration).

Impact on Analytics

Note that while the essential deep linking functionality of the SDKs will continue to work when the SDK Privacy Controls are enabled, there are significant tradeoffs to analytics that you should be aware of.

Because Branch isn’t processing data for users for whom you’ve enabled our SDK Privacy Controls, you won’t see analytics for these users in the Branch Dashboard. We also won’t attribute their activity to any campaigns you may be running, send postbacks for these events to your ads partners, or send these events to Self-Attributing Networks like Facebook and Google. Depending on the scope of how you use the SDK Privacy Controls this can lead to significant drops in event counts and discrepancies with other analytics systems. This is particularly true if you enable these controls by default and only disable them when users opt into data processing, especially if your opt-in rates are very low.

Opt-in vs. Opt-out Data Processing

Different jurisdictions may have different requirements around consent for end user data processing. Branch provides tools like the SDK Privacy Controls to enable you to comply with these laws, but we cannot provide legal advice on the correct way for you to comply with each regulation or help interpret exactly how they apply to your business's use of our services. Please consult with your counsel to determine the right way for your business to handle end user data processing requests and other applicable requirements in each jurisdiction.

📘

End-User Opt Out

If you are an end user looking to opt out of the Branch Services, please visit Branch’s Opt-Out page for available methods.

Enabling / Disabling SDK Privacy Controls

If you would like to enable the SDK Privacy Controls for a particular user (for example, pursuant to a data subject request, or to comply with certain privacy laws), utilize this field to prevent Branch from sending most network requests. Note that there are two cases where the SDK will still send a network request.

  1. App opens driven by a direct deep link. Used purely to retrieve deep link data, does not result in any events being attributed for the user.
  2. Requests to generate short link URLs on iOS. Again, purely used to return a short Branch link URL for e.g. an in-app sharing link and does not result in any events being attributed for the user.

By default, tracking is enabled (opt-in).

Android SDK

Branch.getInstance().disableTracking(true);

iOS / tvOS SDK

Branch.setTrackingDisabled(true)
Branch.setTrackingDisabled(true)

Web SDK

NOTE: This state is persistent, meaning that it’s saved for the user across browser sessions for the web site. This setting can also be enabled across all users for a particular link, or across your Branch links.

branch.init( 'BRANCH_KEY',
    {
        ‘tracking_disabled’ : true
    }
);

MacOS SDK

Branch.sharedInstance().trackingDisabled = true
[Branch sharedInstance].trackingDisabled = YES;

Windows SDK

branchInstance->getAdvertiserInfo().disableTracking();
void DisableTracking(bool disableTracking);

Roku SDK

m.branchSdkObj.disableTracking(true)

📘

Impact on Journeys

To learn how these privacy controls impact our Journey’s product, please see Journeys & GDPR.