Data safety

Google Play has a data safety section for developers to disclose their apps' data collection, sharing, and security practices. To help you complete the data safety section requirements, you can use the information below on how the Play Integrity API handles data.

The Play Integrity API is a runtime interface with the Google Play Store. As such, when you use Play Integrity in your app, the Play Store runs its own processes, which include handling data as governed by the Google Play Terms of Service. The information below describes how the Play Integrity API handles data to process specific requests from your app.

Data collected on usage	Always collected: App-provided information in the request including the `requestHash` and `nonce` fields App metadata including package name, version number, and signing certificate The app's Google Play license status for the signed in user accounts on the device Device information including a key attestation certificate and a device attestation token generated by Google Play services Only collected when the requesting app is opted in to receiving environment details: App activity information used to determine if apps are running that can capture the screen or control the device Device information used to determine the status of Google Play Protect
Purpose of data collection	The data collected is used to verify the application integrity, the licensing status, environment details, and the device integrity.
Data encryption	Data is encrypted.
Data sharing	Data is not transferred to any third parties.
Data deletion	Data is deleted following a fixed retention period.

While we aim to be as transparent as possible, you are solely responsible for deciding how to respond to Google Play's data safety section form regarding your app's user data collection, sharing, and security practices.