Privacy Compliance Guidelines

This document aims to help developers understand and comply with the privacy compliance requirements of the UJU Ad SDK, ensuring that applications integrate the ad SDK in accordance with relevant laws, regulations, and platform policies.

Legal and Regulatory Requirements

Domestic Laws and Regulations

• People's Republic of China Cyber Security Law
• People's Republic of China Data Security Law
• People's Republic of China Personal Information Protection Law
• Methods for Identifying Illegal and Irregular Collection and Use of Personal Information by Apps
• Administrative Regulations on Information Services of Mobile Internet Applications

Overseas Laws and Regulations

• European Union: General Data Protection Regulation (GDPR)
• United States: California Consumer Privacy Act (CCPA), Children's Online Privacy Protection Act (COPPA)
• Japan: Personal Information Protection Act
• South Korea: Personal Information Protection Act
• Other relevant laws and regulations in different countries and regions

UJU SDK Data Collection

Necessary Data

The UJU Ad SDK collects the following necessary data to implement ad functionality:

1. Device Identifiers:

   • Android: Android ID, OAID
   • iOS: IDFA
   • Other device unique identifiers

2. Network Information:

   • IP address
   • Network type (WiFi, mobile network, etc.)
   • Carrier information

3. Device Information:

   • Device model
   • Operating system version
   • Screen resolution
   • Device language

4. Location Information:

   • Rough location (based on IP address)
   • Precise location (only when authorized by the user)

5. Application Information:

   • Application package name
   • Application version
   • Application installation time

6. Ad-related Data:

   • Ad impression count
   • Ad click count
   • Ad conversion data
   • User interaction with ads

Data Usage

Collected data is mainly used for:

1. Ad Targeting: Displaying relevant ads based on user interests and behavior
2. Ad Effect Optimization: Improving ad click-through rate and conversion rate
3. Anti-fraud: Preventing ad fraud
4. Data Analysis: Providing ad performance reports
5. Compliance Requirements: Meeting legal and platform policy requirements

Privacy Policy Requirements

Content Required in Application Privacy Policy

1. Data Collection Statement:

   • Clearly state the types of data collected by the application through the UJU SDK
   • Explain the purpose and use of data collection
   • Explain data storage methods and duration

2. User Rights:

   • Right to know: Users have the right to understand data collection
   • Right to choose: Users have the right to choose whether to provide certain data
   • Right to access: Users have the right to access their data
   • Right to delete: Users have the right to request deletion of their data
   • Right to complain: Users have the right to complain about data processing

3. Cookies and Similar Technologies:

   • Explain the use of cookies and similar technologies
   • Explain their purpose and management methods

4. Third-party Services:

   • Clearly list third-party ad networks accessed through the UJU SDK
   • Provide links to third-party privacy policies

5. Children's Privacy Protection:

   • Special instructions if the application is aimed at children under 13
   • Explain how to protect children's privacy

Privacy Policy Example

The following is an example of content related to the UJU SDK in a privacy policy:

## Ad Services

Our application integrates the UJU Ad SDK to provide ad services. The UJU SDK may collect the following information:

- Device identifiers (such as Android ID, OAID, IDFA, etc.)
- Network information (such as IP address, network type, etc.)
- Device information (such as device model, operating system version, etc.)
- Location information (rough location based on IP address)
- Application information (such as application package name, version number, etc.)
- Ad-related data (such as ad impression count, click count, etc.)

This information is used for ad targeting, effect optimization, and anti-fraud purposes. The UJU SDK will transmit the collected data to its servers and may share it with third-party ad networks.

You can manage ad identifiers through device settings:
- Android devices: Find the "Ads" option in settings, reset ad ID or enable "Limit Ad Tracking"
- iOS devices: Enable "Limit Ad Tracking" in Settings → Privacy → Ads

UJU's privacy policy: [Link to UJU Privacy Policy]

Privacy Popup Requirements

Necessary Privacy Popups

1. First Launch Popup:

   • When the application is first launched, users must be shown a privacy policy summary
   • Clearly inform users about the data the application will collect
   • Start collecting data only after obtaining explicit user consent

2. Permission Request Popup:

   • Before requesting sensitive permissions (such as location, camera, etc.), explain the purpose to users
   • Request system permissions only after obtaining user authorization

3. Personalized Ad Popup:

   • Clearly inform users that the application will display personalized ads based on their interests
   • Provide an option to turn off personalized ads

Popup Design Requirements

1. Clear and Understandable:

   • Use simple and easy-to-understand language
   • Avoid using professional terminology
   • Highlight key information

2. Clear Options:

   • Provide clear "Agree" and "Disagree" options
   • Ensure users can easily find and use these options

3. Operability:

   • Popups must be closable by users
   • Provide links to view the complete privacy policy

4. Continuity:

   • When the privacy policy is updated, users must be asked for consent again
   • When the types of collected data increase, users must be asked for consent again

Compliance Implementation Steps

1. Preparation

1. Understand Applicable Laws and Regulations:

   • Determine the laws and regulations to be complied with based on the application's target market
   • Understand the specific requirements of each law and regulation

2. Update Privacy Policy:

   • Ensure the privacy policy complies with the latest legal requirements
   • Clearly explain the data collection behavior of the UJU SDK
   • Provide links to third-party ad network privacy policies

3. Design Privacy Popups:

   • Design first launch popups that meet requirements
   • Design permission request popups
   • Design personalized ad management popups

2. Technical Implementation

1. SDK Initialization Configuration:

   • Do not initialize the UJU SDK before obtaining user consent
   • Configure the SDK's data collection behavior based on user choices

2. Permission Management:

   • Reasonably request system permissions
   • Implement explanation流程 before permission requests

3. User Preference Settings:

   • Provide privacy settings page
   • Allow users to manage data collection preferences
   • Allow users to choose whether to receive personalized ads

4. Data Deletion Mechanism:

   • Implement user data deletion functionality
   • Respond to user data deletion requests

3. Testing and Verification

1. Compliance Testing:

   • Test first launch流程
   • Test permission request流程
   • Test privacy settings functionality

2. Functionality Testing:

   • Test normal SDK functionality after user consent
   • Test degraded SDK functionality after user rejection

3. Document Review:

   • Review privacy policy content
   • Review popup copy
   • Review app store description

Common Compliance Issues

Q: How to handle privacy compliance for children's applications?

A:

• For applications targeting children under 13, must comply with COPPA and other children's privacy protection regulations
• Do not collect children's personal information
• Set the application as "Children's Application" on the UJU platform
• Disable personalized ads, only display general ads

Q: How to handle GDPR compliance?

A:

• Obtain explicit user consent
• Provide concise and clear privacy policy
• Allow users to withdraw consent at any time
• Provide data access and deletion functionality
• Ensure data transmission security

Q: How to handle IDFA compliance?

A:

• In iOS 14.5+ systems, must obtain user authorization through the AppTrackingTransparency framework
• Explain the purpose of IDFA to users before requesting authorization
• Respect user choices, allow normal app usage even if user refuses authorization

Q: How to handle OAID compliance?

A:

• In Android 10+ systems, use OAID instead of IMEI
• Integrate the Mobile Security Alliance (MSA) OAID SDK
• Correctly obtain and use OAID

Technical Support

If you encounter problems during privacy compliance implementation, please contact our technical support:

• Email: marco@ujuad.com
• Website: https://www.ujuad.com
• Customer Service: +86 18825052976

Our compliance team will provide you with professional guidance and support.