Privacy Policies for Mobile Apps
Personal data can take many forms. It could be the user's name, email address, telephone number or physical address. It can also be less obvious types of data such as IP addresses, log data and information collected through cookies.
- 1. Privacy Laws Around the World
- 3. App Store Requirements
- 3.1. Privacy Policies for iOS Apps
- 3.2. Privacy Policies for Android Apps
- 5. Summary
Privacy Laws Around the World
There are many privacy laws around the world that set forth requirements if you collect or use personal data.
Given that it is highly likely your website/app could be used by a resident of California regardless of where in the world you're personally located, CalOPPA ends up having a very wide reach.
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the requirements for how organizations must handle personal information of Canadian residents.
Introduced in 2018, the European Union's General Data Protection Regulation (GDPR) is one of the strongest laws to protect the personal information of individuals and also has global reach.
Japan has strong protection for individuals. The Act on the Protection of Personal Information law which came into effect in May 2017 contains similar provisions to those outlined in the GDPR.
Australia's Privacy Act of 1988 protects the personal data of Australian citizens.
- What forms of personal information you collect
- How the user's personal information is collected
- How users can request more details on the information that is collected
- What you intend to use personal information for
- Any third parties that you allow to collect personal information via your website/app
On the final point, many third-party apps insist that you disclose that your app utilizes them and that this means personal data will be collected.
For example, here's how Google Analytics requires its users to do this in its Terms of Service:
Conduct a privacy law self-audit so you know exactly what privacy practices your business engages in and what information you need to disclose to your users.
App Store Requirements
In addition to laws, you must also abide by the requirements of app stores.
The Apple App Store, the Google Play store and others have Terms and Conditions you'll need to comply with if you wish to list your app on these stores.
Privacy Policies for iOS Apps
If your mobile app is listed on Apple's App Store, you must abide by Apple's App Store Review Guidelines.
- Open My Apps in App Store Connect, then click on your app.
- Under App Store, click on App Information.
Privacy Policies for Android Apps
The Google Play Developer Distribution agreement states that if you make your product/app available through the Google Play store, you must:
- Protect the privacy and legal rights of users
- Make users aware that personal information will be used by your app
- Provide legally adequate privacy notice and protection for those users
- Go to the Google Play Console.
- Select your app.
- Select Store Listing.
Here are a few examples of how different apps link and display their Privacy Policies in a legally compliant and visually appealing way.
This ensures Shazam complies with the App Store guidelines to include the policy both within the App Store listing, and the app itself.
- Where you ask for permission to use your users' personal information:
- On log-in or account sign-up screens:
- On checkout or financial transaction screens:
Not only this, but app stores such as Google Play and Apple's App Store are now insistent on developers including Privacy Policies in their app store listings as well as within their apps.
- In your app store listings
- In a Legal or About menu within your app
- Throughout your app at places where your privacy practices should be disclosed such as:
- When you request permission to use personal data for something
- Account sign-up and login pages
- Checkout or payment pages
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.