If your app collects personal information from your users it needs to have a Privacy Policy that's compliant with privacy laws.

Even if your mobile app doesn't directly collect personal information from users you'll still need a Privacy Policy if you're using a third-party advertising tool like Flurry or Google Analytics.

In addition, app stores are requiring apps to have Privacy Policies before they can be distributed through the stores.

What kinds of information are deemed "personal?" Any information that could be used to identify someone.

A few examples include:

  • Billing or shipping address
  • First name and family name
  • IP address
  • Email address
  • Credit card details

Regulations Governing Privacy Policies

A number of major, overarching privacy regulations have been made law in the last few years, and they're not restricted to single nations. One of these regulations covers 28 countries, some apply to two or three countries, and one was developed by one state (California) but manages to apply to the entire USA.

The most significant regulation is the EU's (European Union's) General Data Protection Regulation (GDPR), which came into effect in May of 2018 and quite rigorously secures the confidentiality of the personal information of all those in the 28 EU countries. It's 88 pages long and goes further than any other regulation to establish a safe online environment for consumers.

Australia's Privacy Act of 1988 was drafted before information technology was a major threat to personal privacy. However, its principles still apply today and the letter of the law has been updated to reflect current conditions.

CalOPPA in the United States is a regulation created by California which now serves as a privacy regulation for the whole country.

The Federal Trade Commission (FTC) in the USA requires app developers to have a clearly written Privacy Policy in place that's easy to access via app stores.

The Student Online Protection Act (SOPIPA) is a regulation protecting student data from third-party vendors (e.g. businesses that scan emails to collect information in aid of marketing initiatives). Since vendors often use mobile phone apps to scan the contents of smartphones, app developers are now required to strictly adhere to their own conspicuously placed Privacy Policies.

If your app targets users under the age of 13, COPPA (Children's Online Privacy Protection Act) requires that only certain information be collected from children, and with parental consent. An app developer would have to find a reliable means of verifying parental consent.

Other privacy regulations include PIPEDA in Canada and PDPA in Singapore and Malaysia.

All of the above regulations demand that consumers' personal data be protected and that websites and apps provide Privacy Policies when they collect personal information. Remember that your Privacy Policy must:

  • Be easy to understand
  • Be conspicuously posted
  • Clearly inform consumers of what information you collect, why you collect it, what you plan to do with it, and with whom you may share it

Third Party App Services Require a Privacy Policy

If your app uses Google Analytics, you'l need to have a Privacy Policy. The Analytics Terms of Service requires this:

Google Analytics Terms of Service Privacy clause excerpt about a required Privacy Policy

Flurry, which is owned by Yahoo and managed by the Yahoo Developer Network Terms of Use also requires a Privacy Policy if you use its services:

Yahoo Developer Network Terms of Use - Data Collection, Storage and Use clause excerpt

Many other common third-party app enhancements and services require a Privacy Policy. If your app uses third parties for anything from email newsletter distribution to payment processing, make sure you check the Terms and Conditions for the service to see what's required.

App Stores May Demand That Your App Posts a Privacy Policy

App stores have to be careful about the apps they allow to carry their brand, as indiscretions can destroy their reputation. At the same time they are legally required to demand compliance from every app developer they represent.

Here are a few examples of what the major app stores demand from developers.

From the Windows App Developer Agreement

Windows requires that your app maintains a Privacy Policy in a number of circumstances including if:

  • Your app accesses, collects or transmits any personal information either for you or for a third party,
  • You choose to receive App Analytics and Error Reporting Data with your app, or
  • You are required by law.

Windows App Developer Agreement Privacy Policy requirement clause

From Google Play's Developer Policy Center

Google requires that app owners be transparent in how they handle user data by disclosing the collection, use and sharing of data:

Google Play Developer Policy Center - Privacy, Security and Deception - User Data section

From the Apple App Store Review Guidelines

The Apple Developer Guidelines document requires that all apps must include a link to their Privacy Policy in the app store listing. Apps that collect user data or usage data must get consent from users to do so.

Apple uses best practices by demanding the developer ensure that any third party having access to personal data from the app will exercise the same or an equal level of privacy protection.

Privacy clause of the Apple App Store Review Guidelines document discussing data collection, storage and permissions.

Apps that utilize iOS platforms such as Healthkit and Homekit, which access and use sensitive personal information, may have further requirements.

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.

  1. Click on the "Free Privacy Policy Generator" button, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select platforms where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Enter the country and click on the "Next Step" button:
  7. FreePrivacyPolicy: Privacy Policy Generator - Enter the country - Step 2

  8. Continue with building your Privacy Policy while answering on questions from our wizard:
  9. FreePrivacyPolicy: Privacy Policy Generator -  Answer on questions from our wizard - Step 3

  10. Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.

    FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 4

    That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.


Four Ways to Display Your Mobile App's Privacy Policy URL

The URL for your app's Privacy Policy can be posted in any or all of the following ways:

  1. Embedded in the "legal" or "about" menu within the app

  2. Dropbox Android app menu for Legal and Privacy links

  3. Embedded in the screen where you log in or register

  4. Avast Mobile Security app sign-up screen with Privacy Policy link

  5. If it's an ecommerce app, during checkout

  6. Chewy ecommerce app checkout screen showing legal agreement links

  7. Hosted on your website, preferably in the footer of each page

  8. GitHub footer with website legal agreement links - 2018

To Sum it All Up: Three Considerations For Your App's Privacy Policy

If your app collects or uses personal information from its users, it needs a clear and prominently posted Privacy Policy.

Before you submit your app to an app store, be sure that you've carefully consulted and understood the Privacy Policy requirements of not only laws but the app stores themselves.

Some things to remember:

  1. Know the legal regulations that specifically protect the privacy of your potential customers, wherever they may be located
  2. Know the requirements of the app stores where your app will be listed
  3. Know the requirements of any third party tools your app uses