On this page

Data Privacy for Mobile

Data privacy considerations when using Statsig mobile SDKs, including handling of identifiers, opt-out mechanisms, and platform-specific requirements.

General

What data does Statsig collect from users of my app?

Statsig collects only the data that you configure to be sent to Statsig. This is typically the occurrence of feature flag evaluations (Feature Gates), experiment exposures, and custom events you log with the SDK.

Does that data include any personally identifiable information (PII)?

By default, Statsig uses randomly generated IDs as described in this article. You can also augment data sent to Statsig with additional context and metadata, including user names, email addresses, or custom attributes. This data, alone or in combination with other data, may constitute PII if it identifies an individual directly or indirectly.

Does Statsig use the device ID to identify a user?

No. Statsig on Mobile doesn't use device IDs such as Secure.ANDROID_ID or advertisingIdentifier on iOS. Instead, Statsig uses a StableID, which is randomly generated per device, per app, and per installation, and can't be used to identify a single device across installations. A new StableID is generated when an application is reinstalled. These IDs provide approximate statistical information as part of the application monitoring service, for example, for Crash Free Session and User Rates, and to indicate the impact of issues based on number of events versus affected users.

What does Statsig do with the data it collects?

Statsig processes the data you send to it to provide feature flag management, experimentation, and analytics services.

Apple App Store

Do I need to disclose the use of Statsig in App Store Connect on the Apple App Store?

Yes, Statsig is a third-party partner whose code (SDKs) you integrate in your app that collects data from users of your app.

What do I need to disclose to Apple?

Disclose all types of data you are collecting through your app, including data you are sending to Statsig. This may include "Contact Info" or "Identifiers" if you provide those in the StatsigUser object. Include any other categories of data you have configured the SDKs to send to Statsig.

How does Statsig use my data?

The standard data use cases for Statsig are "Analytics" and "App Functionality". Disclose to Apple any other ways in which you or your app use the data you collect.

Does Statsig use my data to track users?

Statsig doesn't use your data to track users. However, if you or your other third-party partners are tracking users, you still need to disclose this to Apple.

Does Statsig use the Advertising Identifier (IDFA)?

No. Statsig doesn't require IDFA.

Google Play

Does Statsig collect any PII from children?

If your app targets children and you configure Statsig to collect PII, Statsig collects the elements you have designated. You remain responsible for obtaining appropriate parental consents for the PII you collect from users and send to Statsig. You also remain responsible for declaring your app's target age group to Google Play.

Do Statsig SDKs cause my app to contain ads?

No. Statsig doesn't cause your app to contain any ads.

What do I need to disclose to Google Play?

Disclose in your app privacy policy all types of data you are collecting through your app, including data you are sending to Statsig.

Privacy Controls

What device and user metadata does Statsig automatically collect?

The Statsig SDKs automatically collect the following metadata for targeting and analytics purposes:

iOS SDK collects:

  • appIdentifier: Your app's bundle identifier
  • appVersion: Your app's version
  • deviceModel: The device model (e.g., iPhone14,3)
  • deviceOS: The operating system (iOS)
  • language: The user's preferred language
  • locale: The user's locale identifier
  • sdkType: The type of SDK (ios-client)
  • sdkVersion: The version of the Statsig SDK
  • sessionID: A randomly generated UUID for the current session
  • stableID: A persistent device identifier (see below)
  • systemVersion: The iOS version
  • systemName: The system name (iOS)

Android SDK collects:

  • appIdentifier: Your app's package name
  • appVersion: Your app's version name
  • deviceModel: The device model (e.g., Pixel 7)
  • deviceOS: The operating system (Android)
  • locale: The user's locale
  • language: The user's language
  • sdkType: The type of SDK (android-client)
  • sdkVersion: The version of the Statsig SDK
  • sessionID: A randomly generated UUID for the current session
  • stableID: A persistent device identifier (see below)
  • systemVersion: The Android API level
  • systemName: The system name (Android)

How can I limit the metadata collected by Statsig?

Both iOS and Android SDKs provide the optOutNonSdkMetadata option to limit the collection of device-specific information:

iOS SDK:

swift
let options = StatsigOptions()
options.optOutNonSdkMetadata = true
Statsig.start(sdkKey: "client-sdk-key", options: options)

Android SDK:

kotlin
val options = StatsigOptions(optOutNonSdkMetadata = true)

When optOutNonSdkMetadata is enabled, only the following core SDK metadata is included:

  • sdkType: The type of SDK
  • sdkVersion: The version of the Statsig SDK
  • sessionID: A randomly generated UUID for the current session
  • stableID: A persistent device identifier

All device-specific information (appIdentifier, appVersion, deviceModel, deviceOS, locale, language, systemVersion, systemName) is excluded from logs and targeting.

How does StableID work?

The StableID is a persistent identifier that Statsig uses to provide consistent user experiences and analytics:

iOS Implementation:

  • The StableID is stored in UserDefaults with the key "com.Statsig.InternalStore.stableIDKey"
  • When first generated, the StableID is created as a random UUID
  • The StableID persists across app launches but is regenerated when the app is reinstalled
  • The StableID can be overridden through the StatsigOptions.overrideStableID parameter

Android Implementation:

  • The StableID is stored in SharedPreferences
  • When first generated, the StableID is created as a random UUID
  • The StableID persists across app launches but is regenerated when the app is reinstalled
  • The StableID can be overridden through the StatsigOptions.overrideStableID parameter

The StableID isn't shared across different apps or websites and can't be used to track users across different applications or platforms.

How can I prevent sending sensitive user data to Statsig?

Use the privateAttributes field for sensitive data you want to use for targeting but not log:

iOS SDK:

swift
let user = StatsigUser(
    userID: "user-123",
    email: nil, // Not included at top level to keep private
    privateAttributes: ["email": "user@example.com"] // Used for evaluation but not logged
)

Android SDK:

kotlin
val user = StatsigUser("user-123")
user.privateAttributes = mapOf("email" to "user@example.com")

The SDK sends these attributes to Statsig servers during initialization for feature flag and experiment evaluation, but Statsig removes them before sending any event logs to Statsig servers. Use the attributes for targeting users with specific features or experiments, but they don't appear in your analytics data.

For more comprehensive privacy controls, use Client Bootstrapping to generate all assignments locally on your server, which eliminates the need to send any user attributes from the client device to Statsig.

Was this helpful?