▸Install the Swift (iOS) SDK
// Package.swift
dependencies: [
.package(url: "https://github.com/respectlytics/respectlytics-swift.git", from: "3.0.0")
]
// Or via Xcode → File → Add Packages → paste the URL above.The SDK ships only via Swift Package Manager. CocoaPods and Carthage are not published — fewer integration paths means fewer surfaces to keep audited.
▸Initialize Respectlytics in Swift (iOS)
import Respectlytics
@main
struct MyApp: App {
init() {
Respectlytics.configure(appKey: "<YOUR_APP_KEY>")
}
var body: some Scene { WindowGroup { ContentView() } }
}Call configure once at app launch — typically in your App struct's init. No Info.plist keys are required: the SDK does not call ATTrackingManager and does not request the IDFA, so NSUserTrackingUsageDescription should NOT be added.
✦Privacy & implementation notes
Open-source SDKs are the ground truth for security audits — a closed-source SDK requires you to trust vendor claims about behaviour, while an open one lets your security team verify behaviour from source. For regulated industries, this is often a procurement-gating requirement.
MIT (SDK) + AGPL (server) is the same license split used by GitLab, Sentry, MinIO, and other source-available SaaS. The pattern lets you ship the SDK with maximum permissiveness (no obligations on the consumer) while protecting the server from being forked into closed-source competing services.
Apple rejected approximately 3% of apps in 2024 for incorrectly omitting NSUserTrackingUsageDescription when ATT was required by the SDKs they shipped. Respectlytics doesn't trigger ATT. The corollary is also true: do not add the key on Respectlytics's account — its presence implies you track across apps, even if your code never calls requestTrackingAuthorization.
Internally the Swift SDK uses Swift Concurrency: events are queued in an actor-isolated buffer (RAM-only), flushed on a 30-second timer and on UIApplication.willResignActiveNotification. Force-quit before flush drops queued events — by design. There is no UserDefaults or file backing.
⇋How this compares to other analytics SDKs
| SDK source availability | Firebase Analytics | Mixpanel | Amplitude | Respectlytics |
|---|---|---|---|---|
| Source publicly available | Partial | Yes (Apache 2.0) | Yes (MIT) | Yes (MIT) |
| Build artifacts match public source | Partial | Yes | Yes | Yes |
| Fork-and-modify allowed | Limited | Yes | Yes | Yes |
| Compile from source for audit | Limited | Yes | Yes | Yes |
| Public commit history | Limited | Yes | Yes | Yes |
❓Frequently asked questions
Where are the SDK repositories?
Each SDK has its own public repository under the Respectlytics organisation on GitHub. The repo URLs are linked from [/sdk/](https://respectlytics.com/sdk/). The repos contain source, tests, release tags, and CI configuration.
Are the published binaries reproducible from source?
Yes. Build instructions in each repo's README produce artifacts that match the published packages (CocoaPods/SPM/Maven Central/npm/pub.dev). The CI pipeline that publishes uses the same build commands. Reproducible builds are a goal we test against; if you observe a discrepancy, please file an issue.
Can we modify the SDK and ship our fork?
Yes — the MIT license allows it without restriction. Many enterprises fork to adjust logging, add internal tracing, or vendor the SDK into their build. The license covers this entirely.
What about the SERVER — is it also open source?
The server is AGPL-3.0 (a stronger copyleft license than the SDK's MIT). See the self-hosted-option page for details. SDK is MIT; server is AGPL — that's the standard split for source-available SaaS.