> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kontext.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> OMID certification, IAB Tech Lab posture, privacy regulations, and platform policies.

Kontext is built to meet the standards that publishers, advertisers, and platform owners expect from a modern ad SDK. This page summarizes our current compliance posture and where each SDK stands.

## OMID and viewability

[Open Measurement (OMID)](https://iabtechlab.com/standards/open-measurement-sdk/) is the IAB Tech Lab standard for third‑party viewability and verification.

* **Swift SDK (iOS)** — IAB OMID certified.
* **Kotlin SDK (Android)** — IAB OMID certified.
* **React Native SDK and Flutter SDK** — certification in preparation, expected to be granted within 1–2 months.

If you need viewability for a specific platform sooner, reach out to [support@kontext.so](mailto:support@kontext.so).

## IAB Tech Lab

The SDK supports **IAB TCF v2.2**. It reads the TCF consent string automatically from the standard IAB‑defined storage location that every TCF‑compatible CMP writes to (`UserDefaults` on iOS, `SharedPreferences` on Android, `localStorage` on web). The publisher does not need to forward it manually.

## Privacy regulations

The SDK exposes a **regulatory object** on the session so publishers can forward consent and privacy signals to the ad server. All fields are optional — supply whichever applies to your user's jurisdiction.

* **GDPR (EU/UK)** — the TCF v2.2 consent string is collected automatically (see [IAB Tech Lab](#iab-tech-lab) above). You can also override it explicitly with `gdpr` (`1` / `0`) and `gdprConsent` (the TCF string) on the regulatory object.
* **CCPA / CPRA (US)** — pass the [IAB US Privacy](https://iabtechlab.com/standards/ccpa/) string in `usPrivacy`.
* **GPP (Global Privacy Platform)** — pass the GPP string in `gpp` and the applicable section IDs in `gppSid`.
* **COPPA (US)** — set `coppa` to `1` when the user is known to be under 13. The SDK and the ad server then treat the request as child‑directed.

## Data handling

The SDK collects only what is needed to serve a contextually relevant ad and report on its performance:

* The chat messages you pass to `addMessage` (used for contextual targeting).
* A platform advertising identifier when the user has granted permission (IDFA on iOS, GAID on Android).
* A first‑party `installId` generated by the SDK and persisted in app storage.
* The `publisherToken`, `userId`, and `conversationId` you supply.
* Standard device, app, and network attributes (model, OS version, app bundle, connection type).

Nothing else is collected. The full data processing terms are covered in our publisher agreement.

## Platform policies

* **Apple ATT (iOS 14+)** — the SDK requests App Tracking Transparency authorization before reading IDFA. The publisher app must declare `NSUserTrackingUsageDescription` in `Info.plist`.
* **Google AD\_ID permission (Android 13+)** — the SDK declares `com.google.android.gms.permission.AD_ID` via manifest merger.
* **SKAdNetwork (iOS)** — the publisher app must list all DSP `SKAdNetworkItems` in `Info.plist` for install attribution to work. The full list is provided during onboarding.
* **Web cookies** — the JavaScript and framework SDKs do not set tracking cookies of their own; ad creatives render inside an iframe sandbox.

For anything not covered here, contact [support@kontext.so](mailto:support@kontext.so).
