Privacy & Data Handling
AppRefer is designed for privacy-first attribution. No IDFA required, no third-party SDKs, and all PII is hashed on-device.
No IDFA Required#
AppRefer does not use or request the Identifier for Advertisers (IDFA). Attribution works without the App Tracking Transparency (ATT) prompt.
On-Device Hashing#
All personally identifiable information (PII) is SHA256-hashed on the device before being transmitted to the AppRefer server. The server never receives raw PII.
| Field | Pre-Hash Format | Hash Input |
|---|---|---|
| user@example.com | SHA256(lowercase(trim(email))) | |
| Phone | +14155551234 | SHA256(E.164 format number) |
| First Name | John | SHA256(lowercase(trim(name))) |
| Last Name | Doe | SHA256(lowercase(trim(name))) |
| Date of Birth | 1990-01-15 | SHA256(YYYYMMDD) |
The same hashing is applied before forwarding to ad networks (Meta CAPI, Google Ads, TikTok), which require hashed PII for Advanced Matching.
IP Address Handling#
IP addresses are not retained long-term. Click records expire after 30 days.
Data Retention#
| Data Type | Retention | Purpose |
|---|---|---|
| Clicks | 30 days | Click-to-install matching |
| Attributions | 400 days | Device-to-campaign mapping (covers annual subscription renewals) |
| SKAN Postbacks | 90 days | Apple SKAN postback validation |
| Audit Log | 365 days | Compliance audit trail |
| Retry Queue | 30 days | Failed ad network forward retries |
| Webhook Events | 30 days | Webhook deduplication |
| Qualified Trials | 30 days | Trial qualification tracking |
Data is automatically expired via TTL policies. Historical analytics data persists for dashboard reporting.
Sandbox Isolation#
Events from pk_test_ keys are completely isolated from production. Sandbox events:
- Are never forwarded to ad networks
- Do not appear in production dashboard views
- Have separate attribution matching
- Can be freely used for testing without affecting real data
No Third-Party SDKs#
Both the Flutter and iOS AppRefer SDKs have zero external dependencies. No third-party code runs inside the SDK -- only standard platform networking and cryptography APIs are used. This eliminates supply chain risk and ensures full control over what data leaves the device.
Your Data, Secured