CCPA

Overview

CCPA stands for “California Consumer Privacy Act.” From a consumer point of view, CCPA is about providing consumers more transparency about how consumer data is being used, about making it more obvious whether a consumer’s data is being sold, and making it easier for a consumer to opt-out of the sale of their data. CCPA stresses more prominent, easily visible, easy to understand disclosure, rather than require consumers to dig through a privacy policy for relevant information. CCPA also gives consumers additional rights with respect to their data.

Compliance Endpoint

As a partner of the NinthDecimal network, we will require all publishers to send us compliance flags via an API endpoint to make sure we have a documented audit trail for every piece of data we use in the platform, ensuring full compliance that every consumer was presented with a CCPA compliant data collection and data sharing notification, and a clear indication that the user has not opted-out of the sale of data.

POST /ccpaconsent/
Accept: application/json
Content-Type: application/json
Host: api.kiip.me

{
	"app”:{
		"app_key":<"app key found in Kiip dashboard">,
		"bundle_id":<"Apple App Store or Google Play bundle ID">,
		"dns_compliance": <true/false>
	},

	"user_consent_info": [
		{
			"device_id":<"The Advertising Identifier or MAID provided by the device">,
			"user_compliance": <true/false>,
			"state": <(optional) two character state code, e.g. "CA">
			"user_id":<(optional) "string">,
		},
		{...},
		{...},....

	]
}

JSON Payload Components

Below is a list of all the payload components.

app

  • app_key: NinthDecimal application key found in the dashboard
  • bundle_id: Apple App Store or Google Play bundle
  • dns_compliance: A boolean documenting whether they are CCPA compliant in terms of disclosures and DNS at the time the data was collected

An array of users objects containing:

  • device_id: The Advertising Identifier or MAID provided by the device
  • user_compliance: A boolean documenting whether the user has opted out of selling data
  • state: (optional) home state of the user, (e.g. CA for California)
  • user_id: (optional) A unique ID the publishers uses to identify the user in their app.

The publisher can call the API at a regular interval, or only call it when users change consent information or new users are acquired.

Alternative GET Method

Although the POST method is the recommended way, publishers can also use the GET method instead.

GET /ccpaconsent?info=<URL encoded stringified JSON>
Host: api.kiip.me