Skip to main content

Privacy

SpendOwl is designed with privacy in mind. No IDFA is required, and a privacy manifest is included for App Store compliance.

Privacy Manifest

SpendOwl includes an Apple Privacy Manifest (PrivacyInfo.xcprivacy) that declares:
  • Data collected and its purposes
  • Tracking domains used
  • Required reasons API usage
The manifest is automatically bundled with the SDK.

Data Collection

What SpendOwl Collects

Data TypePurposeLinked to Identity
Device IDAnalyticsNo (anonymous)
Purchase HistoryROAS calculationOptional (if user ID set)
Attribution TokenCampaign trackingNo

What SpendOwl Does NOT Collect

  • IDFA (Advertising Identifier)
  • Location data
  • Contacts
  • Photos
  • Health data
  • Emails or messages

No IDFA Required

SpendOwl uses Apple’s AdServices framework for attribution, which doesn’t require IDFA or App Tracking Transparency (ATT) prompt. 
// No ATT prompt needed
SpendOwl.configure(apiKey: "your-api-key")
Users who enable “Limit Ad Tracking” may still have attribution data via AdServices, though with reduced accuracy.

App Store Privacy Questionnaire

When submitting to the App Store, you’ll answer privacy questions. Here’s how SpendOwl affects your answers:

Data Types

Collected: Yes (anonymous device ID for analytics) Linked to Identity: No (unless you call setUserId()) Used for Tracking: No
Collected: Yes (for ROAS calculation) Linked to Identity: Optional (if you set user ID) Used for Tracking: No
Collected: Yes (app install attribution) Linked to Identity: No Used for Tracking: No

Tracking Definition

Apple defines “tracking” as linking data with third-party data for advertising purposes. SpendOwl:
  • Does NOT link data with third-party advertising data
  • Does NOT share data with data brokers
  • Only uses data for your own analytics
Answer “No” to tracking questions unless your app has other tracking.

User Identity

Anonymous by Default

Without calling setUserId(), all data is anonymous: 
SpendOwl.configure(apiKey: "your-api-key")
// All data is anonymous

Identified Users

When you set a user ID, data is linked to that identity: 
SpendOwl.setUserId("user-123")
// Attribution and purchases linked to this user
Update your privacy policy if linking data to user accounts.

Data Retention

  • Attribution data: Stored indefinitely for ROAS reporting
  • Purchase data: Stored indefinitely for revenue analytics
  • Device IDs: Hashed before storage

Data Deletion

To request data deletion for a user:
  1. Go to SpendOwl Dashboard
  2. Navigate to Settings → Privacy
  3. Enter the user ID
  4. Click Delete User Data
Or contact [email protected].

GDPR Compliance

For GDPR compliance:
  1. Data Processing Agreement (DPA): Available upon request
  2. Data location: Processed in the United States
  3. User rights: Deletion requests honored within 30 days

CCPA Compliance

SpendOwl supports California Consumer Privacy Act (CCPA):
  • SpendOwl does NOT sell personal information
  • Users can request data deletion
  • SpendOwl acts as a “service provider” under CCPA

Privacy Policy Template

Add this to your app’s privacy policy:
Analytics and Attribution We use SpendOwl to measure advertising effectiveness. SpendOwl collects:
  • Anonymous device identifiers
  • App install attribution data
  • Purchase information (for analytics only)
This data is not used for advertising targeting or sold to third parties. For more information, see SpendOwl’s privacy policy at spendowl.io/privacy.

Required Reasons API

SpendOwl uses these APIs that require disclosure in the privacy manifest:
APIReason
NSUserDefaultsApp preferences (C56D.1)
File timestamp APIsApp functionality (DDA9.1)
These are already declared in SpendOwl’s bundled privacy manifest.

Questions?

Contact [email protected] for privacy-related inquiries.