Mobile App Privacy Policy 101

How to Create Privacy Policy for Your Mobile App

You can use the Privacy Policy Generator from TermsFeed to create a custom Privacy Policy in just minutes. Just answer a few questions about your business and the Generator Wizard will create your Policy.

After you have your Policy, you can download it in an HTML and TXT format. You can also host your new Privacy Policy for free at TermsFeed.


Where to Add the Privacy Policy

Once you have your Privacy Policy, it's time to add it to:

  • Your app's store listing page, and
  • Within your app

1. App Store Listing Page

App stores require that if your app collects and uses personal information, you include a link to your Privacy Policy on the app's store listing page.

Groupon App listing page with Privacy Policy link

This is easy to do through app store developer platforms when you're adding in the rest of your app's information.


2. Within Your App

You have a number of options with where you add your Privacy Policy within your app.

Remember that it needs to be easily accessible and noticeable to your users.

Here are a few of the most common ways that businesses present their Privacy Policies within their apps.


2.1. Log-in/Sign-up Screen

When users first download your app and create an account, present them with your legal agreements, including your Privacy Policy.

You'll most likely be asking users to agree to your Terms when signing up, so this is a great time to show them your policies and get them to agree to the terms within them.

LinkedIn's mobile sign-up screen with Privacy Policy link

If you combine your log-in and sign-up page, users will have access to your Privacy Policy every single time they start your app. While this isn't necessary, it makes sure that your policy is very accessible.

Instagram's mobile log-in and sign-up screen with Privacy Policy link

However, a lot of apps use an automatic log-in function so this page will be skipped by users after they log in once.

In this case, you can always include your Privacy Policy link at initial sign-up and then add it somewhere else within your app.

In fact, you should add your Privacy Policy link to one of the following places even if it's included in your log-in/sign-up screen just to make it more generally accessible to users once they're in your app.


2.2. Options Menu

Users will look to your Options menu for things like account settings and important information, such as your legal agreements.

You can add a link to your Privacy Policy to this menu.

Instagram app links its Privacy Policy to its Options menu


2.3. Legal Menu

If you have a Legal menu, this is a great place to add your Privacy Policy as it's a legal agreement and your users will think to look there for it.

Example of a mobile app's Legal menu with agreement links


2.4. Settings Menu

If you have a Settings menu, your Privacy Policy can be added here.

Plants Versus Zombies: Privacy Policy link in Settings


2.5. Combined Menus

If you prefer to combine menus using sub-headings like in the example below, add your Privacy Policy under an appropriate heading, such as "Legal."

Audible app's Settings menu with Legal section including Privacy Policy



Clauses and What to Keep in Mind

In addition to the standard information included in your Privacy Policy, such as what personal information you collect, how you use and and how you keep it secure, there are additional clauses, disclosures and information that you'll need to include in some circumstances.

1. User Accounts

If you use account information publicly, share it with third parties, or do anything else with it that a user would be concerned about for privacy, disclose this.

This information is typically included in your clause that covers how you use information you collect.

Here's how Google lets users know that they display profile names, photos and actions taken by a user in public ways.

Google's mobile Privacy Policy: Clause on how information is used

2. Email Communication

Your app may send notifications, updates and communications to users via email. If it does this, disclose this.

This information can typically be found in a clause that covers how you communicate with your users.

Amazon app: Privacy Policy clause about email communications

Keep in mind that there are additional laws that cover commercial email communications with requirements such as always providing an unsubscribe method in every email.

3. Push Notifications

If you use push notifications in your app, you should let users know about this somewhere in your Privacy Policy.

Mobile App Push Notification

It's commonly seen under a section on communication, or on how personal information is used by your app.

PopSugar: Privacy Policy section with push notifications

Let users know that they can opt out of receiving push notifications, even if they've approved this in the past.

You can include this in a section where you present users with options and choices for how you use their personal information.

Here's how REI does it:

REI's Privacy Policy: Mobile push notifications clause

4. Payments

Apple, Google other app stores are behind the billing and processing of payments for in-app purchases. Your users might not know this and may come to you about billing and refund issues. They also might think that you're the party keeping their financial information secure when really it's the app store.

To avoid this confusion and let users know who is handling their financial information and keeping it safe, include a billing section in your Privacy Policy that references app stores.

Here's how Hasbro lets users know that a third party will process in-app purchases.

Hasbro Privacy Policy: In-app purchases are processed by third parties

Here's how Platonic Games does it in a short and simple Billing clause that links to app stores.

Platonic Games: Billing clause in Privacy Policy

5. Ads

If your app uses ads to make money and/or promote your business, such as with remarketing, retargeting and behavioral advertising, you need to disclose this to your users.

There are a number of mobile app advertising platforms, including:

These third parties - as well as laws - require that you let your users know that your app shows interest-based ads and does so by collecting and using some personal information.

You can specifically name the services you use, or you can go a more general route and just note that you use third parties for advertising:

Ebates: Mobile app Privacy Policy behavioral targeting clause

The choice is up to you, so long as you let users know that you do engage in this practice.



Clauses for Third Party Services

It's common for apps to use third party services for advertising and other services. These third parties tend to have Privacy Policy requirements.

Here are a few examples of requirements and clauses from popular third party services.

1. AdMob

AdMob Logo

AdMob - Google's platform for advertising, promoting and monetizing mobile apps - requires through its AdMob Policies agreement that an app's Privacy Policy is updated to reflect the use of interest-based advertising through its service.

Interest-based policies in Google AdMob SDK

Here's how Peaksel's Privacy Policy includes a section on Automatic Data Collection and Advertising where it describes the third party advertising and interest-based ads process. It then specifically mentions AdMob and links to AdMob's Privacy Policy.

Peaksel Privacy Policy: Automatic Data Collection and Advertising clause

Dreamon Studios' Privacy Policy mentions that its mobile apps use third party SDKs for uses including advertising, then only mentions AdMob in a separate section on third party SDKs in use.

Dreamon Studio's Privacy Policy disclosing use of third party advertising services including AdMob

2. Firebase Analytics

Logo of Firebase

This is another Google service that's commonly used for app analytics.

If you use it, you must adhere to its Terms of Service agreement that requires developers to have a Privacy Policy that lets users know that Analytics is used, that cookies are in use, and lets users know how the app collects and processes data.

Google Firebase Analytics' Terms of Service requires a Privacy Policy and disclosures

Here's how LiveChart.me's Privacy Policy lets its app users know that Firebase Analytics is in use and what that means for them.

LiveChart Privacy Policy: Firebase Analytics is used

3. Mixpanel

Logo of Mixpanel

Mixpanel - another popular analytics service - requires in its Terms of Use agreement that you "provide appropriate notices" to your app users about the information you collect and use.

You can provide this notice via a Privacy Policy.

Mixpanel's Terms of Use requires a Privacy Policy

Here's how Gmelius mentions Mixpanel in its Privacy Policy.

Gmelius Privacy Policy: Third Party Analytics Services clause

If your app uses a third party service that collects and uses data for anything, the Terms of Use of that third party most likely will require that you disclose this to your users in your Privacy Policy.



Done?
Go through the best practices for your mobile app Privacy Policy.