# SDK PII Inventory (/docs/trust/sdk-pii)



## Always collected (default) [#always-collected-default]

| Field                 | Notes                                                               |
| --------------------- | ------------------------------------------------------------------- |
| `anonymous_id`        | Opaque UUID assigned by the SDK.                                    |
| `timestamp`           | Event time.                                                         |
| `event_id`            | UUID for dedup.                                                     |
| `event_name`          | e.g., `purchase`.                                                   |
| `properties`          | Your event-specific payload. Audit what you send.                   |
| `app_id`              | Your Layers app ID.                                                 |
| `context.os`          | iOS / Android / Web.                                                |
| `context.osVersion`   | e.g., `17.4`.                                                       |
| `context.appVersion`  | Your app's semver.                                                  |
| `context.deviceModel` | `iPhone15,2` or equivalent.                                         |
| IP (server-side)      | Resolved to country/region at ingest, then dropped — not persisted. |
| User agent (web only) | Parsed at ingest; raw UA not persisted.                             |

## Opt-in (you choose to send) [#opt-in-you-choose-to-send]

| Field         | Format             | How it's sent                                                                                         |
| ------------- | ------------------ | ----------------------------------------------------------------------------------------------------- |
| `user_id`     | Your platform's ID | Plaintext — stored as-is.                                                                             |
| `email`       | Raw                | Normalized (lower-cased, trimmed) and SHA-256 hashed at ingest before persistence or CAPI forwarding. |
| `phone`       | Raw                | Digits-only normalization, then SHA-256.                                                              |
| `external_id` | Your ID            | Plaintext — stored as-is.                                                                             |

Raw email and phone values are **never persisted** — hashing happens
in the ingest process and only the hash is written to `sdk_events` or
forwarded to Meta / TikTok / Apple Search Ads.

## Retention [#retention]

| Data                                        | Retention              | Notes                                                                     |
| ------------------------------------------- | ---------------------- | ------------------------------------------------------------------------- |
| SDK events                                  | 400 days               | 52-week lookback for attribution. Reducible on request; floor is 30 days. |
| Event warehouse                             | 2 years                | Aggregated analytics.                                                     |
| Hashed PII (`email_sha256`, `phone_sha256`) | Same as event envelope | Tied to the row, not stored separately.                                   |
| IP                                          | Not persisted          | Dropped at ingest after region resolution.                                |
| Raw email / phone                           | Not persisted          | Hashed at ingest.                                                         |

## Deletion [#deletion]

Server-side DELETE removes `sdk_events` for a matching `user_id` or
`anonymous_id`. Materialized aggregates are not per-user; they aren't
rewritten on individual deletion.

See [DSAR](/docs/trust/dsar).

## Access [#access]

Engineering access to `sdk_events` is role-gated and logged.