Compliance

One Module. Every platform’s rules, mapped

AI Gateway is a consent-gated bandwidth-sharing Module. It touches three non-identifying network attributes, never reads personal data, and ships the consent and control mechanisms each platform requires. The foundation is constant, only the rules it maps to change.

The constant foundation

Three facts hold on every platform below

Each platform entry only shows how its specific rules map onto these. Read this once; the rest of the page assumes it.

1

What it touches

Three connection-level attributes

IP address — to route requests
Connection info — Wi-Fi or mobile, general region, type Random device ID — not tied to any identity

By design it cannot reach files, photos, messages, contacts, browsing history, cookies, keystrokes, screen contents, other apps, or user identity.

2

How it starts

Consent-gated at the Module layer

Opt-in is enforced before activation — the Module never starts before the user agrees. A single opt-out toggle in settings stops it immediately and persists across sessions.

3

How it’s shown

Disclosed in plain language

A plain-language consent screen states that spare bandwidth is shared to fetch public web pages, that no personal data is accessed, and that it can be turned off anytime. Benefit claims match actual behavior.

Where it runs

Six environments, three kinds of review

Not every platform reviews the same way. Grouping them by who decides keeps a legal reader from expecting an Apple-style review where none exists. Select a platform to see its rule-mapping.

Single-gatekeeper stores

One body certifies

Their published rules govern. Approval is discretionary and case-by-case.
5.1.1 (i)(ii)
Data collection & consent
Apple requires consent for data collection even where data is anonymous. Opt-in is enforced at the Module layer; the consent screen discloses that IP and connection data are shared for commercial public-web collection, that no personal files are accessed, and that it can be disabled anytime.

5.1.1 (v)

Data minimization
Collection is limited to three connection-level attributes — no account, contact, or identity data. Declining never disables core app functionality as punishment.
ATT
App Tracking Transparency
Not triggered: the Module routes read-only fetches, not ad attribution, and reads no identity or browsing history. Partner-governed: confirm your app doesn’t separately combine the device ID with advertising data.
Privacy Manifests
Required since May 1, 2024
AI Gateway furnishes a signed Module with an accurate privacy manifest declaring the three data points. You ensure the host app’s aggregate manifest and App Privacy label reflect it — request the current signed build before submission.

App Privacy labels

Nutrition label
Declare IP, coarse connection info, and device identifier. These are connection/identifier categories — not “sensitive” data, and not tracking as Apple defines it.

10.5

Personal information
A privacy policy must be linked in the Store listing metadata and collection must occur under a disclosed feature with consent. The attributes are connection-level — not the health/financial data Microsoft restricts.
Unwanted Software
Consent · Control · Transparency
Architected against all three failure modes: opt-in at the Module layer, a single toggle that stops it immediately and persists, and a plain-language consent screen plus published Data & Privacy page. Pen testing and real-time anomaly blocking reinforce the posture.
10.1
Distinct function & accurate representation
Benefit claims must match the experience; exaggerated or misleading claims are prohibited by the integration guidance.
10.8
Secondary / background software
Not secondary software installed behind the user’s back: a disclosed, consented component with no separate installer and nothing persisted on the device.
Performance
Background networking
Capped to a small fraction of unused bandwidth and idle CPU; backs off when the device is busy.
Privacy Policy URL

Seller Office requirement

Any app collecting personal information must register a Privacy Policy URL viewable on the TV. The published policy documents the connection-level data the Module collects; you register that URL at submission.
Consent — TV
Remote-friendly
No keyboard on a remote-controlled device, so the legal link is delivered as a scannable QR code. Opt-in is enforced before activation, with a settings toggle to disable anytime.
Signed app + privilege
config.xml
The host app declares only the internet privilege it already needs — tizen.org/privilege/internet. Nothing the Module does requires elevated or Partner privileges, keeping the privilege footprint minimal.
Accurate representation
No deceptive behavior
Benefit claims match the actual experience; the bandwidth-sharing nature is disclosed up front.
Performance & stability
Common TV rejection area
Capped and backs off when busy, so it should not degrade the on-screen experience Samsung’s testers evaluate on constrained hardware.

Privacy Policy

Submission expectation
Apps that collect user information must carry a privacy policy explaining what is collected. The published policy documents the IP, connection info, and random identifier — referenced in the submission.
UX scenario + self-checklist
webOS-specific artifacts
LG’s review hinges on a UX scenario and a completed self-checklist. The consent-and-opt-out flow maps cleanly: show the consent screen before activation and the opt-out toggle in settings; data-handling items answer directly from Module behavior.
Consent — TV
Remote-friendly
Like other CTV targets, the legal link is delivered as a scannable QR code. Opt-in enforced before activation; settings toggle to disable anytime.
Performance & stability
No special internet privilege needed

webOS grants outbound network access without a dedicated permission in appinfo.json. The Module is capped and backs off; well-behaved background networking fits webOS App Monitoring expectations.

No single gatekeeper

Obligations come from your channel

There is no universal Linux review. The rules follow the distribution channel you choose.

There is no Apple- or Microsoft-style review on Linux. Obligations come from the channel: Flathub / Flatpak, the Snap Store, or distro repositories (Debian-style).

Not unwanted software

The cardinal rule

The cardinal sin across Linux is undisclosed background network activity. Built directly against it: opt-in at the Module layer, revocable immediately, with persistent state.

Sandboxing
Flatpak / Snap least privilege
Both reward minimum permissions. The Module needs only outbound network — no home directory, files, or sensitive interfaces, because it cannot reach them anyway. A host app needn’t widen its sandbox to accommodate it.
Honest metadata
Flathub / packaging norms
Channel guidelines expect an accurate description. Benefit claims match behavior; the Data & Privacy page documents the bandwidth-sharing in plain language.
Licensing & placement
Debian-style
A packaging-placement matter, not a privacy one: a proprietary Module ships through the channel matching its license (Flathub, Snap, a non-free repo, or your own) rather than Debian main. The consent posture holds in all of them.

Engine, not a store

The real review is where you ship

Unity certifies nothing per-game. It adds one obligation: disclose the third party.

Unity is an engine, not a store — the real store review is wherever your game ships. Unity itself adds one duty: a third-party-data disclosure.

Third-party disclosure
The key obligation

List AI Gateway as a third party in your privacy policy and link its policy. This is the single most important Unity action item. The disclosure is small and accurate because the Module collects only connection-level data.

Content transparency
If distributed as a package
Not malware: consented, disclosed, read-only public fetching that persists nothing and cannot access personal data. Fully documented in the published materials.
Submission & docs
Asset Store guidelines
Ships with the integration guide and pre-built consent screen, giving Unity developers a documented setup path for the consent and opt-out flow.
Destination store governs
Per shipped build
Because a Unity game ships elsewhere, the operative review is the target platform’s — the Apple, Microsoft, Samsung, LG, and Linux entries above remain binding for each build. Unity does not replace them.

Where the obligation sits

Two sides, drawn precisely

We provide

The same across every platform above.

  • A signed Module with an accurate privacy manifest
  • The pre-built compliant consent screen template, including the TV / QR-code legal-link path
  • The published Privacy Policy and Terms
  • The binding legal documents for your legal team

You implement

Some items are platform-specific - noted in each entry.

  • The consent screen before activation (QR legal link on TV targets)
  • An easily located one-tap opt-out in settings, with persistent state
  • Correct privacy-label, manifest, or metadata entries for your platform
  • The distribution channel matching your license (Linux); a third-party listing for AI Gateway (Unity)
  • Age gating where applicable

What a reviewer can verify

Signals that hold under scrutiny

The market has trust baggage. We carry the standards that say we don’t. Below: the network at scale, then the attestations behind it.

GDPR & CCPA by design

A background revenue layer reduces the need to add interstitials or paywalls — the things that actually push users out.

Explicit, revocable consent

The in-app toggle provides immediate opt-out, persistent across sessions.

Real-time anomaly blocking

Misuse is detected and blocked as it happens, not after the fact.

KYC on every buyer

Every demand-side buyer is verified before access to the network.

Independent pen testing

Continuous testing by Blaze Infosec, reviewable under NDA.

Read-only, public only

Each node performs a single, public, read-only HTTP GET. Nothing is written to the device.

An honest caveat

This page argues integration-level compliance with each platform’s published rules. Store and channel review is discretionary and case-by-case — bandwidth-sharing components attract scrutiny.

A correctly integrated app following the legal integration guide is well-positioned. But no third party can guarantee an individual review outcome, and we won’t claim otherwise.

Binding documents

Partnership Terms of Service
End User Terms of Service
Privacy Policy
Data & Privacy overview

Evaluate your product’s monetization potential

Answer a few short questions — we’ll review your setup and follow up with a tailored recommendation.
Start assessment
I'll browse more