Data & Privacy
Privacy disclosures, consent controls, manifest permissions, and data handling behavior for the Zeta Android SDK.
This page is for developers and compliance teams evaluating or auditing the SDK's data practices before shipping to production.
On this page
- Google Play Data Safety
- Data subject rights (GDPR / CCPA)
- Manifest permissions
- Offline behavior and event queueing
- Error handling surface
- Secrets handling
- Privacy references
Google Play Data Safety
Google Play requires apps to disclose data collection and sharing practices. Review the guidance below when completing your Data Safety form:
For category-by-category details, see Privacy references at the bottom of this page.
The SDK collects user identifiers, event data, device identifiers (App Set ID, Advertisement ID if provided), push tokens, and location data (if provided by the host app).
Data subject rights (GDPR / CCPA)
The SDK exposes opt-in / opt-out as the primary mechanism for stopping data collection. See Getting Started / Tracking opt-in and opt-out.
- Calling
ZetaClient.optOutFromTracking(context)or initializing withoptIn = falseimmediately stops the SDK from sending any further data to the backend and clears any locally cached data. - Calling
ZetaClient.user.clear()clears the identity session on device.
For server-side profile deletion or data export requests, contact your Zeta account team.
Manifest permissions
The SDK declares the following permissions in its AndroidManifest.xml. These are merged into your app's manifest at build time.
| Permission | Purpose |
|---|---|
android.permission.INTERNET | Network communication with ZMP backend. |
android.permission.ACCESS_NETWORK_STATE | Detect connectivity changes for offline queue management. |
android.permission.POST_NOTIFICATIONS | Display push notifications (Android 13+ runtime permission). |
No other permissions are declared or required by the SDK. Location permissions, if needed, must be declared and requested by your app.
Offline behavior and event queueing
The Android SDK is built with an offline-first architecture:
- Local persistence — all events and user property updates are written to a local database before any network request is attempted.
- Background sync — the SDK schedules background sync jobs to deliver queued data when connectivity is available.
- Queue management — events that fail to deliver are retried with backoff. Events are expired and removed from the queue when they exceed the maximum retry count or the maximum expiry time.
- Connectivity awareness — the SDK observes
ACCESS_NETWORK_STATEto detect when the device regains connectivity and triggers a sync.
Events are never silently dropped due to transient network issues. They are persisted locally and delivered when the device is back online.
Error handling surface
| Feature | API style | Error surface |
|---|---|---|
| App Inbox | Callback-based (onSuccess / onError lambdas) | Errors are surfaced via onError callback with ZTException. |
| User, Event, Push, In-App | Non-throwing | The SDK logs failures via ZTLogger. Set ZTLogger.setLevel(ZTLogLevel.ERROR) or lower to surface them in Logcat. |
Secrets handling
clientSecret is passed into ZTConfig at initialization time or set later via ZetaClient.setClientSecret(context, "your-secret"). Do not hardcode it in your source code or commit it to version control. Load it from a secure source at app launch — Android Keystore, remote configuration, or build-time injection.
See the security callout in Overview / Quickstart.
Privacy references
- Android Data Collection — what the Android SDK collects.
- Google Play Data Safety — Google Play Data Safety form guidance.
- GDPR/CCPA Overview — regulatory compliance from a business perspective.
See also
- Getting Started / Tracking opt-in and opt-out
- Versioning & Support
- Platform support -- feature availability by platform and SDK version.