--- title: Privacy - Android description: Configure privacy settings and user consent management in your Android app with the CSQ SDK to ensure regulatory compliance lastUpdated: 23 October 2025 source_url: html: https://docs.contentsquare.com/en/csq-sdk-android/experience-analytics/privacy/ md: https://docs.contentsquare.com/en/csq-sdk-android/experience-analytics/privacy/index.md --- Customers (“Customer(s)”, “you,” or “your”), as app developers and/or publishers, shall ensure compliance with applicable data privacy laws and regulatory guidelines while using Contentsquare SDK for your app. This section explains the data processing involved in the use of Contentsquare SDK and provides information to help you comply with data protection laws, including the GDPR, e-privacy directive, and the [French Data Protection authority (CNIL) guidelines on mobile applications ↗](https://www.cnil.fr/sites/cnil/files/2025-05/recommendation-mobiles-app.pdf). This section is for informational purposes only and is not legal advice. If you are not sure of how to comply with data protection laws that apply to you, refer to legal counsel. To learn about Contentsquare privacy practices, see our [Privacy Center ↗](https://contentsquare.com/privacy-center/) and [Privacy Policy ↗](https://contentsquare.com/privacy-center/privacy-policy/). ## Purpose of processing and categories of personal data processed ### Purpose of processing The Contentsquare SDK is designed to collect personal data from end-users interacting with your app to analyze their digital behavior, visualize their journey, and improve digital user experience and your app performance. ### Categories of personal data collected By default, the SDK processes the following categories of personal data: * **Online identifier**: Contentsquare user ID * **Behavioral data**: touch gestures (taps, swipes), user journey (pages visited), time of engagement, transactions, and so on. * **Technical data**: device information (such as operating system, resolution, time zone, or language), API error messages and crashes Additional types of personal data may be processed (such as username, email address, customer ID, account number), depending on your configuration of the SDK and the applicable order form you signed with Contentsquare. Note Contentsquare is not designed to collect sensitive personal data (e.g., health, financial, or racial data). It is your responsibility to prevent any sensitive data from being sent to Contentsquare. If you accidentally send sensitive data, contact your customer success manager to immediately delete them from Contentsquare servers. ## User identifiers ### Contentsquare User ID The SDK generates a randomized hash unique user ID (UUID) that is specific to each end-user on a given device. Contentsquare cannot identify an end-user across devices with this UUID. This UUID is not persisted when the app is deleted and re-installed. The SDK generates a new UUID after install or re-install. ### "User identifier" feature Contentsquare provides the ability to search for session(s) associated with a specific visitor, based on an identifier provided by the customer. See [User identifier feature](../../experience-analytics/session-replay/#send-user-identifier) for more information. ### Usage of App Set ID Contentsquare does not use App Set ID. ## Data retention and storage location ### Data retention By default, end-users personal data are kept for 13 months. The retention of end-users personal data collected via the Session Replay is customizable by customers, from 3 to 24 months. ### Storage location End-users personal data are stored in Europe or in the US, depending on your location. For more details on applicable hosting locations, refer to our [subprocessors list ↗](https://contentsquare.com/privacy-center/subprocessors/). ## Informing your end-user The Contentsquare SDK collects end-user’s personal data on your app. As a data controller, app developers, or app publishers, it is your responsibility to provide appropriate information to your end-users on how their personal data is handled when using the CSQ SDK, for example via a privacy policy or cookie banner. Contentsquare provides a sample [description of the services ↗](https://contentsquare.com/privacy-center/sample-cookie-description/) (including Experience Analytics and Product Analytics) to help customers meet their transparency obligations. This description is for information only and is not legal advice. ## Handling User Consent Contentsquare collects usage data on your app. **By default, the SDK will consider every new user to be opted-out.** To start tracking, the SDK [Opt-in API](#opt-in) must be called. You are responsible for handling the UI asking end-users for their consent and allowing them to manage their privacy settings. Use the following APIs to pass the user decision to the Contentsquare SDK. Note If data protection laws that apply to you do not require end-user consent for your app, discuss it during implementation with your Contentsquare contact. ### Opt-in Use the Opt-in API to get user consent. Calling this API will generate a user ID and initiate tracking. * Kotlin ```kotlin CSQ.start(context) // ... val optinButton: Button = ... optinButton.setOnClickListener { CSQ.optIn(it.context) // Then finish initialization and move to the next screen... } ``` * Java ```java CSQ.start(context); // ... Button optinButton = ... optinButton.setOnClickListener(view -> { CSQ.optIn(view.getContext()); // Then finish initialization and move to the next screen... }); ``` ### Opt-Out When this API is called, tracking stops immediately, all settings are reset (Session number, Page number, and so on) and all files and directory including personal data collected via the SDK created by Contentsquare are deleted. This means that the user ID is deleted. The SDK will never track and collect any data from the user’s phone unless the Opt-in API is called again. * Kotlin ```kotlin import com.contentsquare.CSQ // To opt-out of CSQ Tracking CSQ.optOut() ``` * Java ```java import com.contentsquare.CSQ; // To opt-out of CSQ Tracking CSQ.optOut(); ``` ### Get Contentsquare User ID Since Contentsquare SDK does not collect by default any directly identifiable personal data about your end-user, we cannot help you respond to an end-user’s data subject request without their Contentsquare User ID. Use this API to get the Contentsquare User ID of your end-user and forward the end-user’s data subject request (such as data deletion or data access request) via Contentsquare’s [portal ↗](https://contentsquare.com/privacy-center/data-subject-request-portal/). * Kotlin ```kotlin import com.contentsquare.CSQ // Get CSQ User ID val userId = CSQ.metadata.userId ``` * Java ```java import com.contentsquare.CSQ; // Get CSQ User ID String userId = CSQ.metadata.getUserId(); ``` ### Pause / Resume Tracking Use pause and resume tracking APIs to completely pause data collection of your end-users on your app. When pause is called, the Contentsquare SDK pauses all tracking (Analytics, Session Replay, Errors) of your end-users. When resume is called, the Contentsquare SDK resumes all tracking (Analytics, Session Replay, Errors) and starts collecting your end-users personal data again with the same Contentsquare user ID. * Kotlin ```kotlin import com.contentsquare.CSQ // Pause tracking CSQ.pauseTracking() // Resume tracking CSQ.resumeTracking() ``` * Java ```java import com.contentsquare.CSQ; // Pause tracking CSQ.pauseTracking(); // Resume tracking CSQ.resumeTracking(); ``` Note As this mechanism pauses the tracking, make sure that you call resume once your user exits the sensitive screen. Best practice would be to link these method calls to lifecycle events on activities/fragments. ### Stop automatic gesture tracking End-users' personal data, including behavioral data (such as taps, scrolls, swipes) are collected automatically by the Contentsquare SDK. In specific cases, you might want to stop the tracking of individual Views. To do so, use the following API: * Kotlin ```kotlin CSQ.ignoreInteractions(view) ``` * Java ```java CSQ.ignoreInteractions(view); ``` In case you still need to track these Activities or Views but the automatic gesture tracking does not work, we offer the possibility to do this manually by capturing and sending the gesture events via our public API method: * Kotlin ```kotlin class MainActivity : AppCompatActivity() { // ... override fun dispatchTouchEvent(motionEvent: MotionEvent): Boolean { CSQ.trackMotionEvent(motionEvent) return super.dispatchTouchEvent(motionEvent) } } ``` * Java ```java public class MainActivity extends AppCompatActivity { // ... @Override public boolean dispatchTouchEvent(MotionEvent motionEvent) { CSQ.trackMotionEvent(motionEvent); return super.dispatchTouchEvent(motionEvent); } } ``` ### Disable user tracking across sessions If you don't want to link the different sessions of a user to the same userID, reset the userID at each app start: * Kotlin ```kotlin class MyApplication : Application() { override fun onCreate() { super.onCreate() // Start Contentsquare SDK CSQ.start(this) CSQ.optOut() CSQ.optIn(this) } } ``` * Java ```java public class MyApplication extends Application { @Override public void onCreate() { super.onCreate(); // Start Contentsquare SDK CSQ.start(this); CSQ.optOut(); CSQ.optIn(this); } } ``` Starting the SDK manually using `start()` will ensure that opt-out is called right after the start of the SDK (no event tracked in between). Calling `optOut()` will delete the previous userID. Calling `optIn()` will set a new one. Note If you are monitoring the network requests, you may see event requests being sent at app start. This is expected as there may be events from the previous session that haven't been sent yet. The opt-out API makes sure to send all data stored locally before stopping the tracking and wiping all data. ### Session Replay personal data masking mechanisms As part of Session Replay, Contentsquare provides masking mechanisms to prevent unwanted end-user’s personal data from the Session Replay module from being transmitted to Contentsquare. See [Session Replay Personal data masking](../../experience-analytics/session-replay/#personal-data-masking) for more information. ## Permissions The Contentsquare SDK requires technical permissions to operate properly. Some of these permissions involve read and write operations within the meaning of the e-privacy directive and article 82 of the French Data Protection Act, which may require the end-user’s specific consent. See [App permissions](../security/#app-permissions) for more information. ## Play Store Privacy Guidelines Compliance As customer app developers, it is your responsibility to comply with the [Play Store Privacy guidelines ↗](https://support.google.com/googleplay/android-developer/answer/10144311?visit_id=637574546075634450-3505282410\&rd=1).