SDK PII Inventory
Every field the Layers SDK can collect. Default vs opt-in. Hashing behavior.
Always collected (default)
| Field | Notes |
|---|---|
anonymous_id | Opaque UUID assigned by the SDK. |
timestamp | Event time. |
event_id | UUID for dedup. |
event_name | e.g., purchase. |
properties | Your event-specific payload. Audit what you send. |
app_id | Your Layers app ID. |
context.os | iOS / Android / Web. |
context.osVersion | e.g., 17.4. |
context.appVersion | Your app's semver. |
context.deviceModel | iPhone15,2 or equivalent. |
| IP (server-side) | Resolved to country/region at ingest, then dropped — not persisted. |
| User agent (web only) | Parsed at ingest; raw UA not persisted. |
Opt-in (you choose to send)
| Field | Format | How it's sent |
|---|---|---|
user_id | Your platform's ID | Plaintext — stored as-is. |
email | Raw | Normalized (lower-cased, trimmed) and SHA-256 hashed at ingest before persistence or CAPI forwarding. |
phone | Raw | Digits-only normalization, then SHA-256. |
external_id | Your ID | Plaintext — stored as-is. |
Raw email and phone values are never persisted — hashing happens
in the ingest process and only the hash is written to sdk_events or
forwarded to Meta / TikTok / Apple Search Ads.
Retention
| Data | Retention | Notes |
|---|---|---|
| SDK events | 400 days | 52-week lookback for attribution. Reducible on request; floor is 30 days. |
| Event warehouse | 2 years | Aggregated analytics. |
Hashed PII (email_sha256, phone_sha256) | Same as event envelope | Tied to the row, not stored separately. |
| IP | Not persisted | Dropped at ingest after region resolution. |
| Raw email / phone | Not persisted | Hashed at ingest. |
Deletion
Server-side DELETE removes sdk_events for a matching user_id or
anonymous_id. Materialized aggregates are not per-user; they aren't
rewritten on individual deletion.
See DSAR.
Access
Engineering access to sdk_events is role-gated and logged.