GDPR & Consent
This public guide explains how Attriax handles GDPR consent state, when tracking is held, and where each SDK exposes the same regulation-scoped helper.
How the shared GDPR flow works
The goal is to keep one consent model across Flutter, web, React, and Unity so teams do not need different product rules per platform.
Waiting for consent
Use this state to keep attribution, analytics, and ad-event work local until your consent UI resolves the decision.
Granted or denied by category
Attriax applies the analytics, attribution, and ad-event values you store through the shared GDPR helper surface.
Not required
Use the explicit not-required path when GDPR does not apply for the current user or session.
Recommended flow
- Enable the regulation-scoped GDPR helper in your SDK configuration before you present the privacy sheet or onboarding consent step.
- Read the local state first so the UI can decide whether it still needs a GDPR answer for this device or session.
- Persist the final decision with the GDPR helper instead of inventing your own shadow consent store for Attriax.
- Re-open the same helper from settings when the user changes their privacy decision later.
Runtime behavior
- While the decision is still pending, GDPR-gated tracking stays local instead of being dispatched immediately.
- A granted decision unlocks the categories you approved and keeps denied categories blocked.
- If GDPR is not required for the current user or session, mark that explicitly so normal delivery can continue without guessing.
Public SDK entry points
Each public SDK guide goes deeper on initialization, but the consent model below stays aligned across the runtime surfaces.
Flutter
Flutter is the reference runtime. Start here when you need the clearest view of the shared consent model.
Dart
1final needsConsent = await attriax.consent.gdpr.needsConsent(
2 localOnly: true,
3);
4
5if (needsConsent) {
6 attriax.consent.gdpr.setConsent(
7 analytics: true,
8 attribution: true,
9 adEvents: false,
10 );
11} else {
12 attriax.consent.gdpr.setNotRequired();
13}Web / JS
The browser SDK keeps the same nested consent.gdpr helper and decision model as the mobile reference path.
TypeScript
1const needsConsent = await attriax.consent.gdpr.needsConsent({
2 localOnly: true,
3});
4
5if (needsConsent) {
6 attriax.consent.gdpr.setConsent({
7 analytics: true,
8 attribution: true,
9 adEvents: false,
10 });
11} else {
12 attriax.consent.gdpr.setNotRequired();
13}React
React keeps the browser-runtime consent surface and is best suited for routed SPA flows with a shared provider.
TSX
1const { attriax } = useAttriax();
2
3async function resolveConsent() {
4 const needsConsent = await attriax.consent.gdpr.needsConsent({
5 localOnly: true,
6 });
7
8 if (!needsConsent) {
9 attriax.consent.gdpr.setNotRequired();
10 return;
11 }
12
13 attriax.consent.gdpr.setConsent({
14 analytics: true,
15 attribution: true,
16 adEvents: false,
17 });
18}Unity
Unity mirrors the same GDPR flow under Attriax.Consent.Gdpr with C# naming and async checks.
C#
1var needsConsent = await _attriax.Consent.Gdpr.NeedsConsentAsync(localOnly: true);
2
3if (needsConsent)
4{
5 _attriax.Consent.Gdpr.SetConsent(
6 analytics: true,
7 attribution: true,
8 adEvents: false);
9}
10else
11{
12 _attriax.Consent.Gdpr.SetNotRequired();
13}Where to go next
Use the public docs when you need the shared model, then open the project workspace when the answers become project-specific.
Public docs are best for
- Choosing the right SDK surface before implementation starts.
- Understanding when Attriax buffers or resumes GDPR-gated work.
- Sharing a lightweight consent overview with product, QA, or legal stakeholders.
Project workspace is best for
- Project-specific disclosure work, diagnostics, and exact release settings.
- Validating how your enabled modules affect privacy and store-submission answers.
- Reviewing the richer signed-in GDPR guide beside your project configuration.