Skip to main content
MotiSig
Get Started
SDKsAndroid

Privacy and data

Data categories the MotiSig Android SDK may send or store for privacy disclosures.

This page summarizes what kinds of data the SDK is designed to send so you can complete your product privacy disclosures (Google Play data safety form, in-app privacy policy, GDPR/CCPA disclosures where applicable). It is not legal advice.

Data the SDK may send to your MotiSig backend

  • Credentials and routing: API key (X-API-Key), project id (X-Project-ID), and requests to your configured base URL.
  • User identity: The string id you pass to setUser, plus profile fields you send with updateUser (for example name, email).
  • Device and locale context: TimeZone.getDefault().id and Locale.getDefault().toLanguageTag() are included with registration and profile updates.
  • Push subscription: FCM device token with devicePlatform, pushType, optional permission (granted / declined), and customer enabled flag, sent to push-subscription upsert/patch/remove endpoints for the current user id.
  • Tags and attributes: Arbitrary strings and key-value attributes you supply.
  • Events: Event names and optional JSON-compatible payloads from triggerEvent.
  • Notifications: Payload-derived fields (such as messageId, title, body) for in-app handling; click tracking sends userId, messageId, and isForeground when the conditions described in Push notifications are met.
  • Heartbeat: A periodic foreground ping (POST /users/{id}/ping) for the current user.

The SDK does not collect device hardware ids, location, contacts, or any data outside the categories above.

Data stored on device

The SDK persists configuration-related state needed for operation in Storage (Storage.kt):

  • Current user id.
  • Last known FCM token.
  • Customer-controlled push enabled flag (survives logout()).

Storage is backed by SharedPreferences scoped to the app process. logout() clears the user id and FCM token but keeps the customer push preference.

Network exposure

All HTTP traffic uses HttpURLConnection (no third-party HTTP stack). The SDK does not hit any host other than the configured baseURL. There is no telemetry endpoint, no bug reporter, and no external analytics relay.

Your responsibilities as the app developer

  • Disclose to end users how MotiSig and your backend use the above categories of data.
  • Only pass personal or sensitive fields in attributes, events, or profile updates if your privacy policy and legal basis allow it.
  • Add the POST_NOTIFICATIONS runtime permission flow for Android 13+ before you expect notifications to appear.
  • Configure the Google Play Data safety form to match the data categories above for your specific use of the SDK.

Rich notification images

FCM notification vs data-only messages, BigPictureStyle, and the MotiSig image URL contract on Android.

Troubleshooting

Symptom-driven debugging for the MotiSig Android SDK.

On this page

Data the SDK may send to your MotiSig backendData stored on deviceNetwork exposureYour responsibilities as the app developerRelated