Privacy & Data
This page describes the data practices of the Hyperstone Unity SDK — what information is collected, how it is transmitted and stored, and what you need to disclose in your app’s privacy policy and store listings.
Data Collected by the SDK
Section titled “Data Collected by the SDK”User Properties
Section titled “User Properties”The SDK sends the following device and app metadata when fetching a configuration from the server:
| Property | Description | Example Value |
|---|---|---|
| SDK Version | Version of the Hyperstone SDK | 1 |
| Unity Platform | Active Unity build target | Android, IPhonePlayer, WindowsPlayer |
| Unity Version | Version of the Unity engine | 2022.3.20f1 |
| App Bundle ID | Your application identifier | com.example.mygame |
| App Version | Your application version string | 1.2.3 |
| Operating System | Device OS name and version | Android OS 14 API-34 |
| Device Model | Hardware model string | Samsung SM-S911B |
| Device Type | Computed device category | phone, tablet, desktop |
| System Language | Device locale / culture setting | en-US, de-DE |
| Time Zone | Device time zone | (UTC+01:00) Central European Time |
| Developer Flag | Whether this is a debug/editor build | true (only sent in development builds) |
All of these properties are non-identifying technical metadata used to segment users into groups for optimization. None of them can identify an individual user.
Automatically Tracked Metrics
Section titled “Automatically Tracked Metrics”The SDK automatically tracks the following behavioral metrics without requiring any additional code:
| Metric | Description |
|---|---|
| Session Count | Number of app sessions (new session after 30s+ background pause) |
| Engagement Time | Time spent with the app in the foreground (in minutes) |
| Retention Days | Number of distinct days the user has returned |
| Calendar Day Retention | Number of distinct calendar days played |
| Retention Streak | Consecutive calendar days played |
Developer-Reported Metrics
Section titled “Developer-Reported Metrics”When you call SDK methods like LogAdImpression, LogIapTransactionSuccess, or IncrementCustomMetric, the SDK collects:
- Ad metrics — impression counts, ad revenue amounts, ad request counts, error counts, with labels for ad platform, network, and format
- IAP metrics — transaction counts, revenue amounts, error counts, purchaser conversion flags, with labels for product ID and currency
- Custom metrics — whatever metric names and values your app sends via
IncrementCustomMetricorLogCustomEvent
Note: The content of developer-reported metrics is determined by your app’s code. If you pass sensitive data in custom metric names or labels, that data will be transmitted. Only send non-identifying, aggregate-friendly values.
Data NOT Collected
Section titled “Data NOT Collected”The Hyperstone SDK explicitly does not collect or transmit:
- ❌ Advertising identifiers — IDFA (iOS), GAID/ADID (Android)
- ❌ Device identifiers — IDFV, IMEI, serial number, Android ID
- ❌ MAC addresses or other hardware identifiers
- ❌ User names, email addresses, or phone numbers
- ❌ Location data — no GPS coordinates, no fine/coarse location
- ❌ Contacts, photos, files, or any on-device content
- ❌ Browsing history, search history, or installed apps
- ❌ Health, fitness, or financial data
Data Transmission
Section titled “Data Transmission”- All communication between the SDK and Hyperstone servers uses HTTPS (TLS encryption in transit).
- The SDK communicates with two endpoints:
POST /v1/c— fetches the optimized configuration (sends user properties)POST /v1/i— sends accumulated metrics
- Requests include your App ID and App Secret in HTTP headers for authentication. These are not user data — they are your app credentials from the Hyperstone Console.
- A randomly generated User ID (UID) is included in request headers to associate metrics with a configuration. This UID is generated server-side and has no correlation with any external identifier.
Local Storage
Section titled “Local Storage”The SDK persists the following data locally on the device using Unity’s PlayerPrefs:
| Data | Purpose |
|---|---|
| User ID (UID) | Associates metrics with a configuration across sessions |
| Cached Config | Allows the app to use the last-known config before fetching a new one |
| Accumulated Metrics | Buffers metrics locally so no data is lost on crashes or network failures |
| Session Metadata | Last session timestamp, retention day count, purchaser status |
All keys are namespaced by App ID (e.g., xp-uid-{appId}), so multiple Hyperstone integrations in the same app do not conflict.
To clear all locally stored data, call:
Hyperstone.ClearData();This removes the UID, cached config, all accumulated metrics, session history, and purchaser status from the device.
Server-Side Data Handling
Section titled “Server-Side Data Handling”IP Address Anonymization
Section titled “IP Address Anonymization”The server uses the request’s IP address only to derive coarse geographic information: country, region, city, and time zone. Before geo lookup, the IP address is anonymized by setting the last octet to zero (e.g., 192.168.1.42 → 192.168.1.0). The full IP address is never stored.
Data Retention
Section titled “Data Retention”Server-side data — including UIDs, user properties, and accumulated metrics — is retained for the duration of user activity plus 30 days. Each request from the SDK refreshes the TTL. If a user stops using the app, their data is automatically purged after 30 days of inactivity.
No Third-Party Data Sharing
Section titled “No Third-Party Data Sharing”Hyperstone does not transfer, sell, or share any collected data with third parties. All data remains within the Hyperstone infrastructure and is used exclusively for configuration optimization.
Data Deletion
Section titled “Data Deletion”As an app owner on Hyperstone, you have the ability to delete the entirety of your app’s data from the Hyperstone Console, including all UIDs, user properties, and accumulated metrics.
Updating Your Privacy Policy
Section titled “Updating Your Privacy Policy”If your app uses the Hyperstone SDK, you should disclose this in your privacy policy. Below is example language you can adapt:
Analytics and Optimization
Our app uses Hyperstone, a configuration optimization service, to improve the user experience. The Hyperstone SDK collects non-personally-identifiable technical information, including:
- App version and bundle identifier
- Device type, model, and operating system
- System language and time zone
- Usage metrics such as session count, engagement time, and retention
- SDK version and Unity engine version
This data is transmitted securely over HTTPS and associated with a randomly generated identifier that has no connection to your identity or any advertising identifier. Your IP address is anonymized (last octet removed) before being used to determine approximate geographic location (country/region level). No personal information, advertising identifiers, or device identifiers are collected.
This data is retained on Hyperstone servers for up to 30 days after your last app session, after which it is automatically deleted.
You can request deletion of your data by contacting us at [your contact email].
Apple App Store — App Privacy Details
Section titled “Apple App Store — App Privacy Details”When submitting or updating your app on the App Store, you must complete the App Privacy questionnaire in App Store Connect. Here is how to fill it for the Hyperstone SDK:
Do you or your third-party partners collect data from this app?
Section titled “Do you or your third-party partners collect data from this app?”Yes — The Hyperstone SDK collects data as described below.
Data Types to Declare
Section titled “Data Types to Declare”| Data Category | Data Type | Collected? | How to Answer |
|---|---|---|---|
| Contact Info | Name, email, phone, etc. | ❌ No | Do not select |
| Health & Fitness | Health, fitness | ❌ No | Do not select |
| Financial Info | Payment, credit info | ❌ No | Do not select |
| Location | Precise / Coarse Location | ❌ No | Do not select |
| Sensitive Info | Religious, political, etc. | ❌ No | Do not select |
| Contacts | Contacts | ❌ No | Do not select |
| User Content | Photos, videos, etc. | ❌ No | Do not select |
| Browsing History | Browsing history | ❌ No | Do not select |
| Search History | Search history | ❌ No | Do not select |
| Identifiers | User ID | ✅ Yes | Select — the SDK generates a random anonymous user ID |
| Usage Data | Product Interaction | ✅ Yes | Select — session counts, engagement time, retention metrics |
| Diagnostics | Performance Data | ✅ Yes | Select — app version, SDK version |
| Other Data | Other | ✅ Yes | Select — device type/model, OS, language, timezone |
For Each Selected Data Type
Section titled “For Each Selected Data Type”You will be asked follow-up questions for each selected data type:
Is this data linked to the user’s identity? → No. The user ID is randomly generated and not linked to any account, name, email, or other identity.
Is this data used for tracking? → No. The data is not used to track users across apps or websites owned by other companies. It is not shared with data brokers.
What are the purposes of this data collection? → Select Analytics and App Functionality (configuration optimization).
App Tracking Transparency (ATT)
Section titled “App Tracking Transparency (ATT)”The Hyperstone SDK does not require an ATT prompt. ATT is only required when accessing the IDFA or linking user/device data across apps owned by other companies for advertising. The Hyperstone SDK does neither.
Google Play — Data Safety
Section titled “Google Play — Data Safety”When publishing your app on Google Play, you must complete the Data Safety form. Here is guidance for the Hyperstone SDK:
Does your app collect or share any of the required user data types?
Section titled “Does your app collect or share any of the required user data types?”Yes — The app collects data through the Hyperstone SDK.
Data Types to Declare
Section titled “Data Types to Declare”| Category | Data Type | Collected? | Shared? | Notes |
|---|---|---|---|---|
| Location | Approximate location | ❌ No | ❌ No | Server derives geo from anonymized IP, but the app does not collect location |
| Location | Precise location | ❌ No | ❌ No | |
| Personal info | Name, email, address, phone, etc. | ❌ No | ❌ No | |
| Financial info | Purchase history, credit info | ❌ No | ❌ No | |
| Health and fitness | Health, fitness | ❌ No | ❌ No | |
| Messages | Emails, SMS, other messages | ❌ No | ❌ No | |
| Photos and videos | Photos, videos | ❌ No | ❌ No | |
| Audio | Voice recordings, music files | ❌ No | ❌ No | |
| Files and docs | Files, docs | ❌ No | ❌ No | |
| Calendar | Calendar events | ❌ No | ❌ No | |
| Contacts | Contacts | ❌ No | ❌ No | |
| App activity | App interactions | ✅ Yes | ❌ No | Session counts, engagement time, feature usage |
| App info and performance | Diagnostics | ✅ Yes | ❌ No | App version, SDK version, OS, device model |
| Device or other IDs | Device or other IDs | ✅ Yes | ❌ No | Anonymous randomly generated user ID (not a device identifier) |
For Each Collected Data Type
Section titled “For Each Collected Data Type”Is this data processed ephemerally? → No — data is persisted locally and retained server-side for 30 days.
Is this data collection required or can users opt out?
→ Data collection is required for the SDK to function (configuration optimization). App developers may optionally call ClearData() to reset user data.
Why is this data collected? → Select Analytics and App functionality.
Data Sharing
Section titled “Data Sharing”For all data types, answer No to data sharing — Hyperstone does not share data with third parties.
Data Handling Practices
Section titled “Data Handling Practices”Is data encrypted in transit? → Yes — All SDK communication uses HTTPS.
Can users request data deletion?
→ Yes — App developers can delete all app data from the Hyperstone Console, and users’ local data can be cleared with ClearData().
Summary
Section titled “Summary”| Aspect | Details |
|---|---|
| PII collected | None |
| Ad identifiers | Not collected |
| Device identifiers | Not collected |
| User ID | Randomly generated, anonymous, non-correlatable |
| Transport security | HTTPS |
| IP handling | Anonymized before geo lookup, never stored |
| Server data retention | 7-day TTL from last activity |
| Third-party sharing | None |
| ATT required | No |
| Local data reset | Hyperstone.ClearData() |
| Server data deletion | Available from Hyperstone Console |