We publish our SDK source code so you can verify exactly what data is being sent. Every Respectlytics SDK is publicly available on GitHub. You can read every line, trace every network request, and confirm there's no hidden tracking. Transparency isn't a marketing claim—it's code you can audit.
When an analytics vendor tells you their SDK "respects privacy" or "collects minimal data," how do you verify that claim? With closed-source SDKs, you can't. You have to trust their word.
We think that's backwards. Privacy claims should be verifiable, not just marketable. That's why we publish our SDK source code publicly.
🔍 Why Transparency Matters for Analytics
Analytics SDKs run inside your app. They have access to everything your app has access to. When you install a closed-source SDK, you're trusting that it does only what the documentation says.
But documentation can be incomplete. Marketing pages can be misleading. And you have no way to verify the truth—unless you can read the code.
💡 The Verification Advantage
With publicly available source code, your security team can review what runs on users' devices before you ship. Your privacy officer can verify data handling. Your developers can understand exactly what the SDK does. Transparency is a feature.
⚠️ The Problem with Closed-Source SDKs
When you integrate a closed-source analytics SDK, several things are hidden from you:
- ✗ What data is actually collected — Does it grab device identifiers? Location? Contacts?
- ✗ What gets transmitted over the network — Is it just what you track, or more?
- ✗ What's stored on the device — Are persistent identifiers written to disk?
- ✗ Whether behavior matches documentation — You simply can't verify it
Publishing source code changes this dynamic entirely. You don't have to trust claims—you can verify code.
| Verification Need | Closed Source | Public Source |
|---|---|---|
| Verify data collection | Trust documentation | Read the code |
| Security review | Request from vendor | Do it yourself |
| Confirm no device IDs | Hope they're honest | Search for storage APIs |
| Understand network requests | Reverse engineer | Read the HTTP client |
🔬 What You Can Verify in Our Code
Here's what you'll find when you review the Respectlytics SDK source code:
📊 Data Model (5 Fields Only)
The event structure is defined in code. You can verify we only capture:
-
1.
event_name— What happened -
2.
session_id— RAM-only identifier -
3.
timestamp— When it happened -
4.
platform— iOS, Android, etc. -
5.
country— Derived server-side from IP (IP never stored)
🔐 Session ID Generation
Look for the session management code in each SDK—typically in files like SessionManager. You'll see session IDs are random UUIDs stored only in memory—never written to disk. They rotate every 2 hours or on app restart.
🌐 Network Layer
The HTTP client is straightforward. You can trace every network request and see exactly what payload is transmitted. No hidden endpoints. No additional telemetry about your app or users.
💾 No Persistent Storage
Search for file I/O, database calls, or platform storage APIs. You won't find them. We don't write anything to disk—no fingerprinting, no tracking across app installs, no persistence of any kind.
Verification tip: Clone any SDK repository and run grep -r "UserDefaults\|SharedPreferences\|Keychain\|FileManager" to confirm no persistent storage is used.
📦 Where to Find Our Source Code
All SDKs are publicly available on GitHub:
Each repository includes:
- • Full source code — Nothing hidden, nothing obfuscated
- • Tests — Unit tests to verify behavior
- • README documentation — Setup guides and usage examples
- • Changelog — Version history and release notes
❓ Frequently Asked Questions
Why is publishing SDK source code important? ▼
Published source code allows developers to verify exactly what data is collected and transmitted. You don't have to trust vendor claims—you can read the code yourself and see precisely what runs on your users' devices.
Where can I find the source code? ▼
All Respectlytics SDKs are publicly available on GitHub at github.com/respectlytics. We publish Swift, Flutter, Kotlin, and React Native SDKs with full source code you can review.
How do I verify the SDK only collects what you claim? ▼
Review the source code on GitHub. The data model is defined in clear, readable code. You can trace exactly what fields are captured, how session IDs are generated (RAM-only), and what gets sent to the API. No hidden tracking.
Does the SDK collect device identifiers or fingerprints? ▼
No. You can verify this by searching the source code for storage APIs like UserDefaults, SharedPreferences, or Keychain. You won't find them. Session IDs are generated in RAM and never persisted to disk.
🎯 The Bottom Line
We publish our SDK source code because transparency builds trust. When we say our SDK collects minimal data and stores nothing on disk, you can verify that yourself.
For privacy-focused analytics, this matters. You're not just trusting a vendor's marketing claims. You're trusting code you can read.
Ready to verify? Start with any SDK repository on GitHub. Or read our SDK documentation for integration guides.
Related Resources
- Session IDs Are Not User IDs — Understanding the key distinction between session and user identifiers
- Why We Killed Custom Event Properties — Why architectural constraints make your analytics safer
- Privacy Disclosure — Exactly what data Respectlytics collects and why
- SDK Documentation — Integration guides for Swift, Kotlin, Flutter, React Native