What is a Privacy Policy
A Privacy Policy is a legal agreement that you'll make available to your users. This agreement lets users know about your privacy practices including:
- What personal information your app collects
- Why you collect this personal information
- How you use this personal information
- How you keep personal information secure
- How a user can review the information you've collected and request or make changes
When talking about Privacy Policies, "personal information" is defined as any information about an individual that can be used to identify him/her.
Some common examples include:
- Email address
- First/last name
- Physical address
- Phone number
- Birthdate
- Financial information
Personal information also includes technical data that your app may collect, including:
- IP address
- Geolocation
- Data collected by cookies
Here's an example of a Privacy Policy Table of Contents from Smart-Tech so you can get an overall idea of what type of information gets included in these agreements.
Why You Need a Privacy Policy
If your app or website collects and uses any personal information from its users, a Privacy Policy is going to be very important to you for a number of reasons:
- It's required by law around the world
- Third party services (such as AdMob, Firebase Analytics, etc.) require it
- App stores require it
- Users expect it
A Privacy Policy is Required by Law
Chances are you're distributing your app to users around the world, or that it's at least accessible to users everywhere. This means that you need to consider privacy laws and their requirements on a global level.
The United States, Canada, Australia, the UK, the EU and a number of other countries require, at minimum, that you include a Privacy Policy when your app collects and uses personal information from their citizens.
The EU has even stricter requirements for EU developers or apps aimed specifically towards EU users under its Data Protection Directive and its Cookies Directive.
A Privacy Policy is Required by Third Parties
Chances are your app uses at least one third party service such as Google Mobile App Analytics or Mixpanel.
Most if not all of these third party services will have a Privacy Policy requirement in their Terms and Conditions or Terms of Use agreements.
For example, Google Mobile App Analytics requires that you post a Privacy Policy. Additionally, in your policy you must disclose that you're using Google Analytics and how it collects and processes data.
If you develop apps in Firebase or use other Google tools common to developers, the Google APIs Terms of Service requires you to provide a Privacy Policy. Your policy must let users know what information you collect, as well as how you use it and share it with third parties.
Because these third party services work by collecting and using personal information from app users - typically through cookies - they trigger the legal requirement of a Privacy Policy.
App Stores Require Privacy Policies
The Apple App Store, Google Play store and Windows phone store all require a Privacy Policy if your app collects and uses personal information from users.
Apple
Apple's App Store Review Guidelines states that if your app transmits user data, you must provide the user with access to information about how and where that data will be used.
If your app includes account registration or can access a user's existing account, you need a Privacy Policy or your app will be rejected by Apple.
Apps that may collect and use information from minors are required to have a Privacy Policy.
Apple's iOS Developer Program License Agreement requires that you put a link to your Privacy Policy in your app's app store listing.
According to the Google Play Developer Distribution Agreement, if your Android app collects and uses personal information, you're required to include a Privacy Policy in the Play Developer Console as well as within the app itself.
Windows
The Windows Phone Store Policies agreement states that if your app collects and uses personal information, you need a Privacy Policy both on the description page of your app in the app store and within your app.
Users Expect It
People care a lot about their privacy and are used to seeing Privacy Policy links within apps and on websites. Not including a Privacy Policy when you collect personal information is not only illegal, but it's very bad business practices and can cause some users to distrust you.
Even if you don't collect personal information, you should still include a Privacy Policy and make it accessible to your users, even if all it says is that you don't collect anything from them.
Done?
Read how to create a Privacy Policy for your mobile app.