There are two main reasons for this:
- Privacy laws
- App store requirements
You'll also likely have to use the app store's in-app payment functions for all in-app payment processing, billing and purchases that you allow your users to do.
As mentioned earlier, there are two main reasons for this. First, let's look at the laws that require this.
Privacy is a global concern, which means a number of countries have laws in place to protect the privacy of their citizens.
In the US, the National Conference of State Legislatures (NCSL) has created a resource guide to privacy laws in all 50 states and the US territories. The guide explains state laws for online privacy policies, including for mobile apps.
In 2013, the state of California was the first state to enact a specific privacy law. The California Online Privacy Protection Act of 2003 (CalOPPA) affects operators of commercial websites and online services around the world that collect personally identifiable information about Californians.
The GDPR extends to all companies collecting personal data from anyone located in the EU, regardless of whether the processing of the information takes place in the EU or not, or whether the company is an EU-based company.
Google's Developer Policy includes a Payments section that requires apps with in-app payments to use the Google Play payment system:
As you can see, when your app offers in-app payments, the app store you distribute it on is likely going to :
- Require you to use their in-app payment processing functionality
Examples of In-App Payments Clauses in Privacy Policies
Let's take a look at a few examples of apps that offer different in-app payment features and functionalities, and how this is addressed in the related Privacy Policies.
In-app payments are very common with app games, whether you're spending real money on fake game currency to advance your gameplay, unlocking new levels or unlocking an ad-free version of a game.
Gardenscapes is a popular game from Playrix. While the game itself is free to download and play, it offers a variety of paid features to enhance gameplay:
When a user clicks "Buy Now" the App Store platform will open to confirm the purchase:
The clause goes on to say that the app itself cannot access the credit card information, and that the e-commerce provider handles and secures the personal information:
The third party referenced here is the app store.
The Information Collection and Use clause lets users know that credit card or bank information may be collected, but it isn't stored:
Spotify offers both a free and paid premium service with its music streaming app:
This clause also mentions that payment processors may provide Spotify with some limited information about users. This information includes unique tokens that enable users to make purchases using the information the payment processor has stored, the credit card type, expiration date and limited digits of the card number.
Audible's mobile app allows users to purchase and download books. Because Audible is an Amazon company, you can purchase books for the app through both Audible and Amazon.
Because Amazon owns Audible, the Amazon Privacy Notice will apply here. When you navigate to the Privacy Notice from within the Audible app, the Amazon Privacy Notice opens from within the app:
The Privacy Notice lets users know that Amazon/Audible employs companies to perform functions on its behalf, including the processing of credit card payments. These third parties will have access to personal information needed to perform such functions.
This lets users know that a third party will receive credit card information for in-app payments.
The Lyft mobile app lets users pay through the app for rides they receive from Lyft drivers. From within the app, you can see the price for the ride as well as the last 4 digits of the credit card information you have on file for payment:
In its Payment Method clause, users are told that when credit cards and payment information is added to a Lyft account, a third party handles that payment and receives the payment information.
Lyft does not have access to full credit card information like the third party does:
While your mobile app may not actually store or collect financial information from users, if you're offering in-app purchases you're allowing a third party to collect and use this information.
If your app offers in-app payments:
- Read the Terms and Conditions and Developer Agreements for the app stores you distribute your app on. It's very likely that they'll require you to:
- Use their payment processing system
- That your app collects or may collect financial information for purchases,
- Whether or not your app/business stores this information when collected,
- That you share this information with third parties for payment processing