Google Play Data Safety
Data Safety form mapping for the data the SDK generates
The Convert Android SDK collects no personally identifiable information on its own. The only identifier it generates locally is an app-scoped UUID v4 used for experiment bucketing, stored in the app's private SharedPreferences and lost on app uninstall. Events sent to Convert contain: the visitor id (the UUID), any segments you set, and experiment/goal identifiers. No device identifiers, no advertising id, no location, no contacts, no user-profile data.
This page maps the SDK's data behavior onto the Google Play Data Safety form. You remain responsible for declaring any user-derived data you pass into the SDK.
Data Safety form mapping
| Question | Answer | Notes |
|---|---|---|
| Does your app collect or share any of the required user data types? | Yes if you pass user-derived data via segments/attributes; otherwise No for the SDK itself. | The SDK collects only the app-scoped UUID plus whatever you pass to setAttributes / setDefaultSegments / setCustomSegments. |
| Is all user data collected by your app encrypted in transit? | Yes | HTTPS-only to the Convert endpoints. |
| Do you provide a way for users to request that their data be deleted? | User-controlled via app uninstall | The UUID and local queue are discarded on uninstall. Server-side deletion is handled via the Convert dashboard. |
Per-data-type declarations (SDK-generated data only)
| Data type | Collected | Shared | Purposes | Optional / Required |
|---|---|---|---|---|
| App activity: In-app actions (bucketing + conversion events) | Yes | Yes (sent to Convert) | Analytics, App functionality, Product personalization | Required for A/B testing to function |
| Device or other IDs | No | No | — | The SDK does not collect Android ID, Advertising ID, IMEI, or any hardware identifier. The visitor id is a locally generated app-scoped UUID v4. |
| Personal info | No | No | — | None. |
| Location | No | No | — | None collected by the SDK. Audience location rules use inputs you provide via setLocationProperties. |
| Financial info | No | No | — | None. Transaction values you attach via goalData (AMOUNT, TRANSACTION_ID) are aggregate analytics, not per-user financial records. |
| Contacts / Messages / Photos & videos / Audio / Files & docs / Calendar / Health / Web browsing | No | No | — | None. |
Data you pass in
If your app passes user-derived attributes (for example plan, country, accountAgeDays) into setAttributes, setDefaultSegments, or setCustomSegments, those values flow through to Convert. Declare them separately on the Data Safety form according to your own privacy posture and the meaning of the data you send.
The visitor id
The default visitor id is a version-4 (random) UUID generated on-device and persisted to the com.convert.sdk.visitor SharedPreferences file. It is a 122-bit random value with no correlation to the user's real identity, and it is discarded on app uninstall. If you supply your own explicit visitor id via sdk.createContext("your-id"), you control what that id reveals — declare accordingly.
Related pages
- Tracking Control — turn outbound tracking on or off for consent
- Visitor Context & Properties — the shared visitor-identity concept doc
- Segments — what segments are and how they are reported
Updated 2 days ago