▸Install the Swift (iOS) SDK
// Package.swift
dependencies: [
.package(url: "https://github.com/respectlytics/respectlytics-swift.git", from: "3.0.0")
]
// Or via Xcode → File → Add Packages → paste the URL above.The SDK ships only via Swift Package Manager. CocoaPods and Carthage are not published — fewer integration paths means fewer surfaces to keep audited.
▸Initialize Respectlytics in Swift (iOS)
import Respectlytics
@main
struct MyApp: App {
init() {
Respectlytics.configure(appKey: "<YOUR_APP_KEY>")
}
var body: some Scene { WindowGroup { ContentView() } }
}Call configure once at app launch — typically in your App struct's init. No Info.plist keys are required: the SDK does not call ATTrackingManager and does not request the IDFA, so NSUserTrackingUsageDescription should NOT be added.
✦Privacy & implementation notes
EU data residency is a frequent gating requirement for B2B SaaS sold to European enterprises and to public-sector buyers. Respectlytics's EU-default deployment + self-host fallback covers both "vendor must store EU data in EU" requirements and "no data leaves our infra" requirements without changing client code.
The Schrems II ruling (2020) significantly raised the bar for cross-border transfers from EU to non-adequate jurisdictions. EU-default storage avoids the question entirely — there's no transfer to a non-adequate jurisdiction because the data never leaves the EU. Consult your legal team to determine if this matters for your situation.
Apple rejected approximately 3% of apps in 2024 for incorrectly omitting NSUserTrackingUsageDescription when ATT was required by the SDKs they shipped. Respectlytics doesn't trigger ATT. The corollary is also true: do not add the key on Respectlytics's account — its presence implies you track across apps, even if your code never calls requestTrackingAuthorization.
Internally the Swift SDK uses Swift Concurrency: events are queued in an actor-isolated buffer (RAM-only), flushed on a 30-second timer and on UIApplication.willResignActiveNotification. Force-quit before flush drops queued events — by design. There is no UserDefaults or file backing.
⇋How this compares to other analytics SDKs
| Data residency | Firebase Analytics | Mixpanel | Amplitude | Respectlytics (cloud) | Respectlytics (self-hosted) |
|---|---|---|---|---|---|
| Default storage region | US | US | US | EU | Operator-chosen |
| Cross-border transfer mechanism | SCCs | SCCs | SCCs | No transfer (EU-to-EU) | No transfer (operator-internal) |
| Operator visibility on raw data | Yes | Yes | Yes | Limited | You control |
| Pin to specific country | Limited | No | No | EU regions | Any region operator chooses |
❓Frequently asked questions
Which EU country does Respectlytics's cloud use?
Currently Frankfurt, Germany (DigitalOcean's eu-central-1 region). The specific region is documented in the operational FAQ; if your compliance posture requires a specific country, the self-hosted option lets you pin to any region.
Does Respectlytics make any cross-border transfers of stored event data?
Stored event data: no. Operational metadata (admin user account info, billing) may be processed in regions outside the EU per the privacy policy; consult that for the authoritative breakdown. Stored event data from your apps stays in the EU on the cloud product.
What about backups and disaster recovery?
Backups are stored in the same EU region as the primary database, encrypted at rest. There is no cross-region replication on the cloud product.
How do we verify residency for an audit?
(a) The Respectlytics privacy policy + DPA states the storage region; (b) DigitalOcean's compliance pages list the data centre's certifications; (c) for self-hosted, you operate the database, so the audit happens against your own infrastructure documentation.