Cross-device consent sharing

Premium Feature

Cross-device consent sharing is a Premium Feature that is only enabled on request. Please reach out to your Customer Success Manager for more information.

CCPA/CPRA and US frameworks (VCDPA, CPA, CTDPA, UCPA) are not supported

Cross-device consent sharing is not supported for CCPA/CPRA and US frameworks. The consent collected for these frameworks is only meant for the device the consent was given in.

Restore user session

Overview

Restoring a user session means you retrieve and use user consents that were previously granted on a different device. This is ideal for scenarios where users switch between devices, such as moving from a web interface to a smartphone.

The Usercentrics Apps SDK allows only a one-time restoration. This means that you can restore consents only once from another system.

Examples of use cases

• User switching devices: A user grants consent on a web application and later accesses the mobile app. Using 'Restore User Session', the consents are carried over, eliminating the need for re-consent on the mobile app.

• Login Process: Integrate the 'Restore User Session' feature during the user login routine to seamlessly transition consents across different sessions or platforms.

Implementation

Prerequisites

• Consistent use of the same Settings ID across your systems.

• Secure storage of the Controller ID provided by Usercentrics.

Quick overview of the implementation steps

1. Retrieve and store controllerID: Save the controllerID that Usercentrics provides. This ID is crucial for identifying the user session across different platforms.

2. User login: When a user logs in into your application, you should match the user's id with the previously stored Usercentrics controllerID.

3. API invocation: Call the restoreUserSession API immediately after initializing the SDK and checking if it's ready,

4. Session restoration callback: After invoking the API, verify if the session was successfully restored. If the restoration fails, prompt the user to provide their consents again.

The steps are described in detail in the following sections.

Retrieving the controllerID

When a user submits consent within your mobile application, their individual consent state is stored locally and remotely secured. This information is accompanied by a randomized, unique, anonymous, and encrypted key, referred as the controllerID. This key serves as the identifier for the user's privacy choices.

At the moment that the consent is given, the controllerID can be obtained through the callbacks of showFirstLayer(...) or showSecondLayer(...) methods.

banner.showFirstLayer(...) { userResponse in
    let controllerID = userResponse.controllerId
}

banner.showFirstLayer(...) { userResponse ->
    val controllerId = userResponse?.controllerId
}

final userResponse = await Usercentrics.showFirstLayer(...);
val controllerId = userResponse?.controllerId

import { Usercentrics } from '@usercentrics/react-native-sdk';

const userResponse = await Usercentrics.showFirstLayer(...);
const controllerId = response.controllerId;

Usercentrics.Instance.ShowFirstLayer(<UsercentricsLayout>, (userResponse) => {
    var controllerId = userResponse.controllerId;
});

or right after the SDK initialization through the getControllerId() method:

let controllerID = UsercentricsCore.shared.getControllerId()

val controllerId = Usercentrics.instance.getControllerId()

final controllerId = await Usercentrics.getControllerId();

import { Usercentrics } from '@usercentrics/react-native-sdk';

const controllerId = await Usercentrics.getControllerId();

Usercentrics.Instance.GetControllerID();

Additionally, it is important to note that when our second layer is presented to users, they will have the ability to view and copy their current controller ID. This functionality is essential because users can leverage the controller ID to inquire about the specifics of their consent, its acquisition process, and to initiate data deletion requests. For further guidance, the Article 29 Data Protection Working Party has released updated 'Guidelines on consent under Regulation 2016/679' on April 10, 2018.

API invocation

You can restore a user session in another Usercentrics-supported platform (iOS, Android, TV, Web or Unity) by using the method restoreUserSession and passing the controllerID immediately after initializing the SDK and checking if it's ready.

UsercentricsCore.shared.restoreUserSession(controllerId: controllerId) { status in
    // This callback is equivalent to isReady API
    if status.shouldCollectConsent {
        // Collect Consent
    } else {
        // Session restored: apply consent with status.consents
    }
} onFailure: { error in
    // Handle non-localized error
}

Usercentrics.instance.restoreUserSession(controllerId, { status ->
    // This callback is equivalent to isReady API
    if (status.shouldCollectConsent) {
        // Collect Consent
    } else {
        // Session restored: apply consent with status.consents
    }
}, { error ->
    // Handle non-localized error
})

try {
  final status = Usercentrics.restoreUserSession(controllerId: controllerId);

  if (status.shouldCollectConsent) {
    // Collect Consent
  } else {
    // Session restored: apply consent with status.consents
  }
} catch (error) {
  // Handle non-localized error
}

import { Usercentrics } from '@usercentrics/react-native-sdk';

try {
  const status = Usercentrics.restoreUserSession(controllerId: controllerId);

  if (status.shouldCollectConsent) {
    // Collect Consent
  } else {
    // Session restored: apply consent with status.consents
  }
} catch (error) {
  // Handle non-localized error
}

Usercentrics.Instance.RestoreUserSession(<controllerId>, (status) => {
    if (status.shouldCollectConsent)
    {
        // Collect Consent
    }
    else
    {
        // Session restored: apply consent with status.consents
    }
}, (errorString) => {
    // Handle non-localized error
});

Graphical overview

Clear user session

Overview

This feature enables the clearing of previously granted user consents, which proves beneficial if your application offers a sign-out functionality.

By removing the consents granted by the user, this feature ensures a smooth transition for the next user, eliminating the necessity to reset and reinitialize the SDK.

Remote consents will not be deleted

This feature only clears the session stored on the local device; all user consents that can be retrieved using their controllerId will remain stored on our servers.

Examples of use cases

• Sign-out and sign-in flow: If a login occurs and the current user is not associated in your system with a controllerId (which would indicate that their consents can be restored), the Clear User Session function should be called

• Delete user data: If your app or game includes a feature to delete local user data, this method offers an optimized approach to clear user data while keeping the SDK prepared to collect new consents.

Implementation

Loaded Settings will be kept

Since this feature will not reinitialize the SDK, all the Settings loaded by the settingsId or rulesetId previously used will be kept.

Steps for implementation

1. Call the clearUserSession API to clear the user session.

2. Session cleanup callback: after invoking the API, verify the successful cleaning of the session. If the cleaning process fails, prompt the user to provide their consents again.

Clearing the user session

You can clear a user session in all Usercentrics supported platforms with the following code:

UsercentricsCore.shared.clearUserSession(onSuccess: { status in
    // This callback is equivalent to isReady API
}, onError: { error in
    // Handle non-localized error
}

Usercentrics.instance.clearUserSession({ status ->
    // This callback is equivalent to isReady API
}, { error ->
    // Handle non-localized error
})

try {
  final status = await Usercentrics.clearUserSession();
  // This callback is equivalent to isReady API
} catch (error) {
  // Handle non-localized error
}

import { Usercentrics } from '@usercentrics/react-native-sdk';
try {
  const status = await Usercentrics.clearUserSession();
  // This callback is equivalent to isReady API
} catch (error) {
  // Handle non-localized error
}

Usercentrics.Instance.ClearUserSession((status) => {
    // This callback is equivalent to isReady API
}, (errorString) => {
    // Handle non-localized error
});

Best practices

Avoid routine invocation

• Do not invoke the restoreUserSession method as part of regular operations. It's best suited for specific instances, like during the login process.

• Ensure this clearUserSession is called only when necessary, as invoking it excessively could burden your end-users' experience

• Within the context of signing in and out, you can eliminate the need to call this API by restoring a user session directly. Check out the graphical overview for more detailed instructions

Save controllerId only after user gave consent

The controllerId serves as a reference to the consents provided by the end-user. Therefore, it is recommended to store it on your premises only after the user has interacted with the banner and the consents are ready to be processed.

Single-use restoration

Remember that this feature is designed for a one-time restoration of user consents from another system. Repeated attempts to restore the session using the same controllerID will not be successful.

What happens if I call restoreUserSession repeatedly?

The SDK is designed to only restore the session once. Repeated calls, especially with the same Controller ID, will not initiate additional session restorations.