Star

Privacy policies for mobile apps are a pain. Dark as night for many a developer/designer.

Learn where & how to add a privacy policy to mobile apps

Follow the 3-step guide
(put the privacy policy in 1. App, 2. App Store, 3. Web site)

1. Add a Privacy Policy within the App

Why you'll want a privacy policy in the app

USA & more: California law requires mobile apps that collect personal information to have a privacy policy. This requirement extends to anyone who sells to Californian consumers. California AG recommends you to "Make your general privacy policy readily accessible from within the app".
Read more · Read more about Australia · Read more about Canada

European countries: Europe's data protection think tank says that the relevant information about the data processing must also be accessible from within the app, after installation. That way you make sure that the user does not have to search for it anywhere else.
Read more

Read more about HOW to add a privacy policy into the app

Follow core principles


A good privacy policy and app honors a set of core principles I, II:

  • Obtain and process information fairly
  • Keep it only for one or more specified, explicit and lawful purposes
  • Use and disclose it only in ways compatible with these purposes
  • Keep it safe and secure
  • Keep it accurate, complete and up-to-date
  • Ensure that it is adequate, relevant and not excessive
  • Retain it for no longer than is necessary for the purpose or purposes
  • Give a copy of his/her personal data to an individual, on request

And then do it...


Your privacy policy must be understandable and easily accessible. It informs users at a minimum about the following:

  • who you are (identity and contact details),
  • what precise categories of personal data the app wants to collect and process,
  • why the data processing is necessary (for what precise purposes),
  • whether data will be disclosed to third parties (not just a generic but a specific description to whom the data will be disclosed),
  • what rights users have, in terms of withdrawal of consent and deletion of data;

Keep in mind that writing privacy policies for apps is special because of the small screen. Therefore you should:

  • use a format that makes the policy readable, such as a layered format;
  • use plain, straightforward language. Avoid technical or legal jargon.

As a last integration step into the app you may want to think about the special circumstances of the mobile ecosystem and bake in "enhanced measures".

It means that you will build in processes that enhance the visibility of your privacy practices and your privacy policy. They're "special notices" to draw users’ attention to data practices that may be unexpected at the time when the app tries to access that data.

Screenshots/examples of a privacy policy that is easy to find:

Instapaper's about view

Screenshots/examples of a privacy policy that is easy to read:

iubenda's privacy policy implemenation

When done, move to 2), the privacy policy on the app store.

2. Add a Privacy Policy on the App Stores

Why you'll want a privacy policy on the app store

Europe: The essential scope of information about data processing must be available to the users before app installation, via the app store according to Europe's privacy think tank, Article 29 Working Party.
Read more

USA & more: The principles [California law regarding mobile apps that collect personal information] include making an app’s privacy policy available to consumers on the app platform, before they download the app.
Read more

App stores: The app stores themselves require privacy policies more and more often. This is part of a push by California's AG to get Amazon, Apple, Google, Hewlett-Packard, Microsoft, RIM and Facebook to improve the privacy situation in the mobile sphere.
App Store Review Guidelines · Google Play Developer Distribution Agreement · App Certification Requirements for the Windows Store · Amazon Appstore App Distribution Agreement · Firefox Marketplace Review Criteria

Read more about HOW to add a privacy policy onto the app store

The app stores provide special spots to show your privacy policy link. The guides below will help you find your way on the respective app stores.

Where the privacy policy can be found on the app store pages:

Wordbase on the App Store
Foursquare on the iPhone
Threes on the Play Store
Vevo on the Windows Phone Store
Firefox OS privacy policy location

When done, move to 3), the privacy policy on the site.

3. Add a Privacy Policy on the Promotional Site

Why you'll want a privacy policy on the site

The Article 29 Working Party (Europe's privacy think tank) recommends that information about personal data processing is also available, and easy to locate, such as within the app store and preferably on the regular websites of the app developer responsible for the app.
Read more

Websites in general: website owners are often required to have a privacy policy when they either collect personal data (visitors filling in web forms, feedback forms, etc), use cookies or covertly collect personal data (IP addresses, e- mail addresses).

Often, the requirement for a privacy policy is only triggered by the commercial nature of the site/app (see California's Business and Professions Code "An operator of a commercial Web site (...)").

Read more about HOW to add a privacy policy onto the website

On websites privacy policies usually go in the footer, where it can be accessed from every page.

P.S. It makes sense to include both the website's and the mobile apps data processing into the same policy in this case.

Screenshot/example:

WordBase promotional site

This is a great article, if you need inspiration for privacy policy designs on the web.

Other Helpful Resources


Theory

Tools

More

Proper Disclosure

This guide is the result of my work at iubenda, but is intended to serve more than just this company's interests. Also, please understand that this isn't legal advice or creating a client-attorney relationship. If you want to be completely sure about what you're doing, then hiring a good lawyer is always the safest option.

Nonetheless, I hope this guide helps you on your way to privacy related compliance. Feedback is very welcome.

Made by @s2imon · Privacy Policy