Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Aarki is a mobile first programmatic advertising platform that uses machine learning to plan, deliver and measure user acquisition and retargeting campaigns for app publishers. The platform operates as a Demand Side Platform connected to mobile ad exchanges, fires tracking pixels, sets third party cookies on mobile web inventory and reads device advertising identifiers (IDFA, AAID), which qualifies it as a tracking technology under the ePrivacy Directive and as a personal data processor under the GDPR.
Aarki is a mobile first programmatic advertising platform that helps app publishers acquire and retain users through machine learning powered campaigns. It operates as a Demand Side Platform connected to leading mobile ad exchanges and supply side platforms, supports VAST and MRAID creatives and offers a Mobile Measurement Partner integration for attribution.
On mobile web inventory, Aarki sets a third party cookie holding a pseudonymous user identifier with a typical lifetime of 13 months and performs cookie syncing with partner SSPs. On in app inventory, Aarki reads the IDFA on iOS and the AAID on Android, plus the IP address, the user agent, the bundle ID, the campaign ID, click coordinates and engagement signals. These data points feed the bidding model and the retargeting audiences.
Aarki writes and reads identifiers on the user device, which falls within Article 5(3) of the ePrivacy Directive. Prior, free, specific, informed and unambiguous consent is required before any pixel or SDK call. Because Aarki participates in the open RTB ecosystem, the IAB TCF v2.2 signal must be passed in OpenRTB requests. On iOS, the App Tracking Transparency prompt is also required before reading the IDFA, in addition to GDPR consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Aarki is headquartered in California and processes data primarily on US infrastructure. The transfer relies on the EU US Data Privacy Framework when applicable, otherwise on Standard Contractual Clauses combined with a Transfer Impact Assessment that addresses the risk of access by US authorities under FISA 702. Operators must inform users in the privacy notice and document supplementary measures such as encryption in transit.
Block all Aarki tags and SDK calls until consent is granted, integrate a CMP certified for IAB TCF v2.2, route the TC string in every OpenRTB request, on iOS request App Tracking Transparency before reading the IDFA, sign a Data Processing Agreement and SCCs with Aarki, register Aarki in your record of processing activities and your privacy notice, and define a retention period and a process for forwarding data subject requests.
Contextual mobile advertising platforms, EU based DSPs that keep bid stream data inside the EEA, SKAdNetwork and Privacy Sandbox aggregated reporting are alternatives that reduce the reliance on persistent identifiers and on third country transfers, lowering the GDPR risk profile.
Websites using Aarki must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required because Aarki processes mobile advertising identifiers and IP addresses at scale, profiles users for retargeting, integrates with the open RTB ecosystem and transfers data to the United States. The DPIA must cover the legal basis, the bid stream flows, the role of Aarki as processor or joint controller, the SCC framework, the supplementary measures and the interaction with the Apple App Tracking Transparency framework on iOS and the Privacy Sandbox on Android.
Sample consent text
We use Aarki to deliver and measure mobile advertising campaigns. Aarki stores cookies and reads device advertising identifiers, shares pseudonymous identifiers with advertising partners and transfers personal data to the United States. You can accept, refuse or withdraw your consent at any time in our privacy preferences.
Third-party domains contacted
aarki.comrt.aarki.netsync.aarki.netcdn.aarki.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| aarki_uid | third_party | 13 months | Pseudonymous user identifier used to recognise the device on mobile web inventory for retargeting and frequency capping. |
| aarki_sync | third_party | 30 days | Cookie syncing handshake identifier exchanged with partner Supply Side Platforms. |
| aarki_session | third_party | 30 minutes | Short lived session cookie scoping the current advertising session. |
Aarki places tracking cookies for advertising — comply with GDPR using FlowConsent.
On mobile web inventory, Aarki sets a third party cookie aarki_uid holding a pseudonymous user identifier with a typical lifetime of 13 months and shorter cookies for cookie syncing with partner SSPs. On in app inventory, Aarki reads the IDFA on iOS and the AAID on Android, plus IP address and user agent. SKAdNetwork postbacks are also used on iOS for aggregated attribution.
Yes. Aarki writes and reads identifiers on the user device, which is regulated by Article 5(3) of the ePrivacy Directive. Prior, free, specific, informed and unambiguous consent must be obtained. On iOS the App Tracking Transparency prompt is also required before reading the IDFA, and the IAB TCF v2.2 signal must be passed in OpenRTB requests.
The legal basis is consent under Article 6(1)(a) GDPR. Legitimate interest is not appropriate for cross site advertising, retargeting and profiling. The consent must be granular and recorded in a TC string forwarded to Aarki via OpenRTB.
Yes. Aarki is headquartered in California and processes data primarily on US infrastructure. Transfers rely on the EU US Data Privacy Framework when applicable, otherwise on Standard Contractual Clauses with a Transfer Impact Assessment.
Yes. Large scale systematic monitoring of mobile users, automated bid logic, profiling and international transfers all trigger the DPIA obligation under Article 35 GDPR.
Block all Aarki tags and SDK calls by default, integrate a CMP for IAB TCF v2.2, request App Tracking Transparency on iOS, sign a DPA and SCCs, restrict purposes and vendors, document Aarki in your record of processing activities and your privacy notice and set up a process for handling data subject requests.
Contextual mobile DSPs, EU based DSPs that keep data in the EEA, SKAdNetwork or Privacy Sandbox aggregated reporting are alternatives that reduce reliance on persistent identifiers and US transfers.
List the Aarki cookies and the device identifiers used in app, with provider, purpose and retention. Mention the transfer to the United States and the legal mechanism. Increment the policy version and prompt for fresh consent.