Privacy Policies for Mobile Apps

If you run a mobile app that collects personal information from the app users, you need a Privacy Policy to comply with legislation around the world.

Even if your app doesn't directly collect personal data, you may still need a Privacy Policy if you utilize a third-party tool such as Google Analytics to collect data on your behalf.

Personal data can take many forms. It could be the user's name, email address, telephone number or physical address. It can also be less obvious types of data such as IP addresses, log data and information collected through cookies.

In this article, we'll look at what the requirements are, how to add a Privacy Policy to your mobile app, and provide examples of where to display your Privacy Policy within your app.

Privacy Laws Around the World

There are many privacy laws around the world that set forth requirements if you collect or use personal data.

The United States is one of the few countries without a policy at national or federal level mandating a Privacy Policy.

However, the California Online Privacy Protection Act (CalOPPA) states that if your app or website collects personally identifiable data from residents of the state of California, you must have a Privacy Policy.

Given that it is highly likely your website/app could be used by a resident of California regardless of where in the world you're personally located, CalOPPA ends up having a very wide reach.

In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the requirements for how organizations must handle personal information of Canadian residents.

Introduced in 2018, the European Union's General Data Protection Regulation (GDPR) is one of the strongest laws to protect the personal information of individuals and also has global reach.

Japan has strong protection for individuals. The Act on the Protection of Personal Information law which came into effect in May 2017 contains similar provisions to those outlined in the GDPR.

Australia's Privacy Act of 1988 protects the personal data of Australian citizens.

Even setting aside the legal responsibilities listed above, it is simply good for transparency and your organization's reputation to have a Privacy Policy clearly setting out how you use the personal data of your users.

What Needs to be Included in a Privacy Policy?

Your Privacy Policy will need to inform your users about:

• What forms of personal information you collect
• How the user's personal information is collected
• How users can request more details on the information that is collected
• What you intend to use personal information for
• Any third parties that you allow to collect personal information via your website/app

On the final point, many third-party apps insist that you disclose that your app utilizes them and that this means personal data will be collected.

For example, here's how Google Analytics requires its users to do this in its Terms of Service:

Conduct a privacy law self-audit so you know exactly what privacy practices your business engages in and what information you need to disclose to your users.

App Store Requirements

In addition to laws, you must also abide by the requirements of app stores.

The Apple App Store, the Google Play store and others have Terms and Conditions you'll need to comply with if you wish to list your app on these stores.

Let's take a look at the Privacy Policy requirements of each of the major app stores and how to comply with them.

At the end of the article, we'll show you how to create a Privacy Policy for your mobile app.

Privacy Policies for iOS Apps

NOTE: Effective October 3, 2018, Apple has confirmed that all new apps or updated apps will require a Privacy Policy regardless of whether or not the app collects personal information.

If your mobile app is listed on Apple's App Store, you must abide by Apple's App Store Review Guidelines.

This document for developers explicitly requires that all apps have a Privacy Policy. It also has requirements for exactly what should be included in that Privacy Policy:

Adding a Privacy Policy to Your iOS App

Once you have a Privacy Policy for your iOS app, you need to add the URL to your App Store listing. To do this, follow these simple steps:

1. Open My Apps in App Store Connect, then click on your app.
2. Under App Store, click on App Information.
3. Add your Privacy Policy link for iOS apps and click Save.

When a user views your app on the App Store, the Privacy Policy link will be visible in the Information section:

The link to your Privacy Policy will also be available when the app listing is viewed from a non-mobile browser:

Privacy Policies for Android Apps

The Google Play Developer Distribution agreement states that if you make your product/app available through the Google Play store, you must:

• Protect the privacy and legal rights of users
• Make users aware that personal information will be used by your app
• Provide legally adequate privacy notice and protection for those users

A "legally adequate privacy notice" is a Privacy Policy, so if your app collects personal information about its users, you need one according to Google.

Google's Developer Policy Center includes a Privacy, Security and Deception section that also explicitly requires a Privacy Policy:

Adding A Privacy Policy to Your Android App

You need to include a link to your app's Privacy Policy in your listing on the Google Play store. You can do this by following these steps:

1. Go to the Google Play Console.
2. Select your app.
3. Select Store Listing.
4. Add your Privacy Policy link for Android apps and click Save.

Your Privacy Policy will now be visible in your app's Google Play store listing, as in the below example from the Dark Sky app:

Examples of Mobile App Privacy Policy

Here are a few examples of how different apps link and display their Privacy Policies in a legally compliant and visually appealing way.

The music discovery app Shazam links its Privacy Policy to its App Store listing:

After downloading and opening the Shazam app, users can navigate to the Privacy Policy by going to Settings, then About, and selecting Privacy Policy:

This ensures Shazam complies with the App Store guidelines to include the policy both within the App Store listing, and the app itself.

Domino's Pizza includes a link to its Privacy Policy in the bottom of its mobile app homepage. This is similar to how websites include footer links to legal agreements:

This unique but common sense placement works well and makes the Privacy Policy easily noticeable from within the app.

When the Privacy Policy link is tapped, the policy opens directly within the app as opposed to opening a website in a browser:

Other places within your app where you should link your Privacy Policy include:

Where you ask for permission to use your users' personal information:
On log-in or account sign-up screens:
On checkout or financial transaction screens:

Summary

If your mobile app collects personal information from your users, you need a Privacy Policy to comply with legislation around the world.

Not only this, but app stores such as Google Play and Apple's App Store are now insistent on developers including Privacy Policies in their app store listings as well as within their apps.

Having a Privacy Policy is also good practice for transparency and to show your customers that you care about keeping their personal data safe and secure. When you update your Privacy Policy with material changes, you can send Update Notices to be even more transparent and compliant.

Include your Privacy Policy:

• In your app store listings
• In a Legal or About menu within your app
• Throughout your app at places where your privacy practices should be disclosed such as:
• When you request permission to use personal data for something
• Account sign-up and login pages
• Checkout or payment pages