Mobile SDK Data Disclosure Sheet

Last updated: June 1, 2026

Summary

This sheet helps customers describe the TrueClara React Native/Expo SDK in their own privacy notices, App Store privacy labels, and Google Play Data Safety forms. It is not a substitute for customer-specific legal review. Customers control their apps, end-user notices, consent flows, store declarations, and whether the SDK is enabled.

1. What the SDK collects

The mobile SDK may collect or generate:

• funnel node or screen/node name;
• previous funnel node, if available;
• timestamp;
• project and environment identifiers;
• device identifier generated or supplied for the app;
• authenticated reference if the customer calls identify;
• runtime version;
• EAS update identifier, if available;
• idempotency key;
• SDK version and delivery metadata; and
• local queue metadata needed to flush events reliably.

Customers must not configure funnel node names, authenticated references, device references, or event metadata to include sensitive personal data, secrets, payment instrument data, protected health information, precise geolocation, or data about children unless separately agreed in writing with TrueClara.

2. Purpose

The SDK data is used to provide deploy-attributed revenue-regression detection, mobile funnel regression detection, delivery reliability, abuse prevention, debugging, customer dashboards, alerts, and support.

The SDK is not used for advertising, retargeting, cross-app tracking, or cross-context behavioral advertising.

3. Linked to identity

By default, mobile funnel events may be linked to an app-scoped device reference. If the customer calls identify, events may also be linked to a customer-controlled authenticated reference. TrueClara ingestion hashes device/auth references where supported before warehouse storage.

Customers decide whether and when to call identify and are responsible for describing that choice in their own privacy notices and store declarations.

4. Tracking posture

The SDK is observer-mode only. TrueClara does not use the mobile SDK data to track end users across apps or websites owned by different companies for advertising or data-broker purposes.

The SDK does not access payment instruments, App Store billing, Google Play billing, or RevenueCat purchase APIs from the device. Revenue correlation is server-side through supported revenue-event integrations or manual revenue/funnel-event submission.

5. On-device storage and flush behavior

The SDK stores queued events in an on-device SQLite queue so events can flush after backgrounding, process restarts, or temporary offline periods. The queue is used for delivery reliability. It is not browser localStorage, not a cookie, and not used for advertising or tracking across apps.

Queued events are sent to TrueClara when the SDK can flush under its configuration. Customers can configure SDK behavior according to the published package documentation.

6. Store-declaration starting points

Customers should review their own implementation before submitting store declarations. As a starting point:

7. Customer responsibilities

Customers are responsible for:

• providing required end-user notices and consent choices;
• completing App Store privacy labels and Google Play Data Safety forms accurately for their full app, not only the TrueClara SDK;
• ensuring SDK configuration matches the disclosures they make;
• avoiding sensitive data in funnel node names, identifiers, metadata, and revenue/funnel events; and
• disabling or reconfiguring the SDK where required by law or platform policy.

8. Related documents

• Privacy Policy
• Data Processing Agreement
• Acceptable Use Policy
• Subprocessors
• Cookie Policy

9. Contact

Privacy: privacy@trueclara.com Legal: legal@trueclara.com Security: security@trueclara.com

trueclara.com