How to write Privacy Policy for a mobile app

Privacy Policy for iOS Apps

Since we've launched our mobile apps privacy policy generator last week I've been wondering how good the documentation was out there regarding "privacy policy for an iOS app" or "privacy policy for an Android app" and "privacy policy for a Windows Phone app". Since googling the said terms reveals a rather sad picture of useless information I decided to fix it.

Let's say I want to include a privacy policy into my iOS application: what do I need to do?

In Short

1) Do I have to include a privacy policy in my iOS app?

  1. Well, that depends on what the app is doing. But consider the fact, that you can never be wrong including a link or a full page view of your privacy policy. It is however very likely that you are required by law to include a privacy policy into your iOS application. Easy CHECK: Am I collecting/storing/sharing personal information like email, names or sensitive data like payments info or using a third party service that accesses my info?
  2. You are likely using a third party service in your app that requires you to add a privacy policy to your app. Additionally to a legal requirement it is often an additional prerequisite to use a specific service. Check in your service provider's terms. A very popular third party service that requires you to post a privacy policy in their TOS is Google Analytics (they also have a mobile solution).

2) Am I required by Apple's App Store to post a privacy policy?

  1. For now (updated 15.8.2013) this is not the not entirely the case. The App Store is not requiring you to post a privacy policy as a prerequisite to have your app listed. BUT they do state that you should follow privacy related laws. See 3) & 4) & 5) & 6)
  3. From the Apple App Store Review Requirement Docs: "Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used" (Section 17.1 of the App Store Review Guidelines). So while they do not directly require you to conspicuously post a privacy policy in any case, there is a clear indication that you have to inform your users about data processing.
  4. From the Docs II: Developers must provide clear and complete information to users regarding collection, use and disclosure of user or device data. (Section 3.3.10 of the iOS Developer Program License Agreement)
  5. Apps should have all included URLs fully functional when you submit
    it for review, such as support and privacy policy URLs. (Section 3.12 of the App Store Review Guidelines)
  6. From the Docs III: "Apps that target minors for data collection will be rejected". (update 4.10.2013)
  7. From the Docs III: Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, persistent identifiers, the ability to chat, or other personal data) from a minor must comply with applicable children's privacy statutes
  8. The California Attorney General is working on making all apps privacy regulations compliant and working on this with the big platform providers like Apple's App Store. This situation could therefore change down the road.

Re: 7. This is a direct reference to COPPA (California's Children's Online Privacy Protection Act) by Apple.

3) How do I add/edit my privacy policy on the App Store?

This section is for the link to your privacy policy on the App Store and not in the actual app. There is a link form for privacy policy URLs when you submit your app for review. Fill that in.

When you visit the app page that the store generates for you, e.g.,

you will not find that privacy policy link (yet). This is only the case however, because Apple decided not to show it there yet, for some reason. You will find the link when opening the app in an iTunes window:


4) An example privacy policy for iOS apps?

A lot of people ask for sample privacy policies for apps. Let's start with the legal minimum requirements. A good starting point is the California Online Privacy Protection act (CalOPPA), and even better Europe's minimum requirements since they are more refined:

CalOPPA minimum requirements:

Provide info about the personally identifiable information (PII) like:

  • a description of the types of PII collected and disclosed by the operator;
  • a description of the process by which a consumer can access and request changes to his or her PII, if available;
  • a description of the process by which the operator will notify consumers of material changes to the privacy policy; and
  • an effective date

EU Privacy Directives minimum requirements:

Provide a readable, understandable and easily accessible privacy policy, which at a minimum informs users about:

  • who you are (identity and contact details),
  • what precise categories of personal data the app wants to collect and process,
  • why the data processing is necessary (for what precise purposes),
  • whether data will be disclosed to third parties (not just a generic but a specific
    description to whom the data will be disclosed),
  • what rights users have, in terms of withdrawal of consent and deletion of data

You can easily google for an example privacy policy for X but chances are you won't find anything ready-made that fits the bill.

Helpful docs:

1. Privacy on the Go

2. Article 29 Working Group

Our Approach of Generating an iOS Privacy Policy

So here's where iubenda's privacy policy generator will come in very handy:

1) Define the services and categories of data collection your app is making use of.

2) Add the services (and categories of data collection like "access to address book") you are using to your policy and it will generate the full text privacy policy in a condensed easily scannable fashion as well as an entire document your users can read if they want.

3) You can either link to your policy or embed the text into your app.

Try Our Mobile Privacy Policy Generator

Still need help? Contact Us Contact Us