Follow the 3-step guide
(put the privacy policy in 1. App, 2. App Store, 3. Web site)
1. Add a Privacy Policy within the App
Why you'll want a privacy policy in the app
USA & more: California law requires mobile apps that collect personal information to have a privacy
policy. This requirement extends to anyone who sells to Californian consumers. California AG recommends you to "Make your general privacy policy readily accessible from within the app".
Read more · Read more about Australia · Read more about Canada
European countries: Europe's data protection think tank says that the relevant information about the data processing must also be accessible from within the app, after installation. That way you make sure that the user does not have to search for it anywhere else.
Read more
Read more about HOW to add a privacy policy into the app
Follow core principles
A good privacy policy and app honors a set of core principles I, II:
- Obtain and process information fairly
- Keep it only for one or more specified, explicit and lawful purposes
- Use and disclose it only in ways compatible with these purposes
- Keep it safe and secure
- Keep it accurate, complete and up-to-date
- Ensure that it is adequate, relevant and not excessive
- Retain it for no longer than is necessary for the purpose or purposes
- Give a copy of his/her personal data to an individual, on request
And then do it...
Your privacy policy must be understandable and easily accessible. It informs users at a minimum about the following:
- who you are (identity and contact details),
- what precise categories of personal data the app wants to collect and process,
- why the data processing is necessary (for what precise purposes),
- whether data will be disclosed to third parties (not just a generic but a specific description to whom the data will be disclosed),
- what rights users have, in terms of withdrawal of consent and deletion of data;
Keep in mind that writing privacy policies for apps is special because of the small screen. Therefore you should:
- use a format that makes the policy readable, such as a layered format;
- use plain, straightforward language. Avoid technical or legal jargon.
As a last integration step into the app you may want to think about the special circumstances of the mobile ecosystem and bake in "enhanced measures".
It means that you will build in processes that enhance the visibility of your privacy practices and your privacy policy. They're "special notices" to draw users’ attention to data practices that may be unexpected at the time when the app tries to access that data.
Screenshots/examples of a privacy policy that is easy to find:
Screenshots/examples of a privacy policy that is easy to read:
When done, move to 2), the privacy policy on the app store.
2. Add a Privacy Policy on the App Stores
Why you'll want a privacy policy on the app store
Europe: The essential scope of information about data processing must be available to the users before
app installation, via the app store according to Europe's privacy think tank, Article 29 Working Party.
Read more
USA & more: The principles [California law regarding mobile apps that collect personal information] include making an app’s privacy policy available to consumers on the
app platform, before they download the app.
Read more
App stores: The app stores themselves require privacy policies more and more often. This is part of a push by California's AG to get Amazon, Apple, Google, Hewlett-Packard, Microsoft, RIM and Facebook to improve the privacy situation in the mobile sphere.
App Store Review Guidelines · Google Play Developer Distribution Agreement · App Certification Requirements for the Windows Store · Amazon Appstore App Distribution Agreement · Firefox Marketplace Review Criteria
Read more about HOW to add a privacy policy onto the app store
The app stores provide special spots to show your privacy policy link. The guides below will help you find your way on the respective app stores.
Where the privacy policy can be found on the app store pages:
When done, move to 3), the privacy policy on the site.
3. Add a Privacy Policy on the Promotional Site
Why you'll want a privacy policy on the site
The Article 29 Working Party (Europe's privacy think tank) recommends that information about personal data processing is also
available, and easy to locate, such as within the app store and preferably on the regular
websites of the app developer responsible for the app.
Read more
Websites in general: website owners are often required to have a privacy policy when they either collect personal data (visitors filling in web forms, feedback forms, etc), use cookies or covertly collect personal data (IP addresses, e- mail addresses).
Often, the requirement for a privacy policy is only triggered by the commercial nature of the site/app (see California's Business and Professions Code "An operator of a commercial Web site (...)").
Read more about HOW to add a privacy policy onto the website
On websites privacy policies usually go in the footer, where it can be accessed from every page.
P.S. It makes sense to include both the website's and the mobile apps data processing into the same policy in this case.
Screenshot/example:
This is a great article, if you need inspiration for privacy policy designs on the web.