Blog

Privacy Policy for Mobile Apps with Examples

While each country has its own definition and interpretation of privacy, it is widely considered a fundamental human right and, while the right to privacy is not absolute, its importance is not up for debate.

Every day, people share information about themselves online and leave traces. If you have developed a mobile app, you are most likely collecting personal information about the people that download it.

You may even be using that information for more than just its essential and functional purpose, in order to target your users with personalized advertising, for example.

If you collect any kind of personal information about the people that use your app, read on, as you will need to have a legally compliant privacy policy in place.

What can be Considered Personal Information?

Generally, anything that could be used to identify an individual could be considered personal information. This may include names, addresses, dates of birth, IP addresses, geolocation, phone numbers, etc.

The exact definition will depend on the privacy laws that apply to your mobile application but, when in doubt, it is always safer to interpret the term “personal information” using a broader definition and to draft your privacy policy accordingly in order to both protect yourself and your users.

Expert tip: Take the hassle of writing a privacy policy for your mobile app away with our privacy policy generator. It will save you hours of work and possible costly legal mistakes.

What is a Privacy Policy?

A privacy policy is a document that sets out in detail what personal information and data you collect from the people that use your mobile application and how you store, use and manage that information.

Why do You Need a Privacy Policy for Your App?

Required by Law

The main reason why you need a privacy policy for your mobile app is that it is increasingly being required by laws across the globe. Not having one could, therefore, have some serious consequences.

And it’s not because your company is based in a certain country that doesn’t have privacy laws that you can go without, you need to consider where your current and potential app users are located.

European Union

The General Data Protection Regulation, better known as the GDPR, specifically addresses the need for a privacy policy in articles 12, 13, and 14.

Any company that processes the data of European users or that operates in Europe must have a “concise, transparent, intelligible and easily accessible” privacy policy that uses “clear and plain language”.

This privacy notice must be brought to the attention of users so that they can give their express consent before any personal data is collected and it must contain specific elements in order to be found GDPR-compliant.

United States

While there is no overarching privacy law at the federal level in the United States, the California Online Privacy Protection Act (CalOPPA) does state that any website or application that collects personal information from Californian residents must have a privacy policy in place that details how it is collected, used and shared.

If your app is available in the United States, you will want to have a privacy policy as it is likely that you will have Californian users - note that there are other additional requirements that must be fulfilled to be found compliant under the CalOPPA.

Other Countries

These two examples simply serve to demonstrate what some laws across the globe require but many other countries also have their own specific privacy legislation (Australia, for example, through its Privacy Act) - it is crucial that you make sure that you are complying with the sets of laws and regulations applicable to your mobile app.

Required by App Stores

The number one reason why you will need a privacy policy to go with your mobile application is that the popular app stores themselves require that you have one in order to showcase your app on their platform, as per their terms and conditions.

Apple App Store

Apple has set out detailed guidelines to be followed by developers creating apps for its App Store, one of which serves to reiterate the importance of user privacy.

While it leaves to the developers the responsibility of ensuring compliance with the legal requirements of each country in which the application is made available, Apple does state in section 5.1.1(i) that all apps must include a link to their privacy policy in the App Store Connect metadata field as well as have it be easily accessible within the app itself.

It even goes as far as setting out what that privacy policy should contain, namely:

Apple's detailed guidelines of their privacy policy to be followed by developers.

Apple also emphasizes that user consent for data collection must be obtained - the purpose of collection, as well as how and where it will be used, should be clear and users must be able to withdraw consent at any time.

Apple's permission for Apps that collect user or usage data must secure user consent for the collection

In addition to the above, some apps may have additional requirements either due to their nature or their target users - apps in the health, fitness, and medical industries, or apps intended for kids, for example.

Google Play Store

If you intend on making your app available to Android users through the Google Play Store, you will have to comply with the Google Play Developer Distribution Agreement.

Under section 4.8 of this Agreement, you must undertake to protect the privacy and legal rights of your users and thus make them aware that you will be using their personal information. Google specifies that this should be done through a legally adequate privacy notice - which is just another way of referring to a privacy policy. In other words, if you collect personal information from your users, you need to have a privacy policy.

Google Play Developer Distribution Agreement when making an app available to Android user through the Google Play Store

Google furthers reemphasizes this requirement in its Play Console Developer Program Policy Centre, giving examples of what it considers personal and sensitive user data:

Google reemphasizes the requirement in its Play Console Developer Program Policy Centre with regards to personal and sensitive user data

According to the text above, your privacy policy needs to be displayed within the app itself as well as in the designated field in the Play Console.

Moreover, it sets out the circumstances under which an additional and separate in-app disclosure is required, namely when users may not be aware that their data will be collected, as well as confirms that this disclosure must be accompanied by a subsequent request for affirmative user consent. You should of course link to your complete privacy policy in that notice.

Google's prominent disclosure and consent requirement that sets out the circumstances under which an additional and separate in-app disclosure is required

Amazon Appstore

Like Google and Apple, Amazon includes a Privacy clause in its Developer Services Agreement.

Amazon Appstore's Privacy clause in its Developer Services Agreement.

As you can see, this means that an app that has access to personal user data and is to be made available on the Amazon Appstore has to have a privacy notice and obtain consent from the end-user in regards to the collection, use, transfer, and storage of this information, in addition to respecting applicable laws.

Required by Third-Party Services

If you are using any third-party tools or services on your app, you should look at what their specific requirements are when it comes to privacy.

Think for example of the following third-party services that are commonly used in mobile applications:

  • Google Analytics
  • Google AdSense and AdMob
  • PayPal
  • Stripe
  • And many more

Indeed, most of these tools will require that you have a privacy policy in order to be able to collect personal data and thus use their services. They may even have additional requirements such as asking you to include a section about your use of cookies in your privacy policy.

Contravening these requirements may result in not being able to use these third-party services, which are invaluable for app owners. Thus, it's important to study third-party requirements on a case-by-case basis before drafting your privacy policy.

What Should You Include in Your App’s Privacy Policy?

While the requirements may vary depending on the app store on which your product is available as well as the applicable laws in the countries in which you operate, there are some generally-recognized essential elements that should be included.

Information Collected

Your customers need to know the type of data that you collect about them when downloading and using your app and how you collect that data.

You should therefore be clear and break down what information they will be sharing with you: names, emails, location tracking, etc.

Collection Process

You should explain to your users how you are collecting their data on account creation, when completing in-app purchases, in the background, through cookies in an in-app browser, etc. This will help build a relationship of trust and cultivate a culture of transparency.

Purpose & Sharing

You need to tell your users why you need that information and what you are going to do with it, as someone may feel comfortable sharing personal information with your company for the purpose of using your app but not to be retargeted with ads later on.

You should therefore specify the purpose of collection as well as the legal basis for processing under the GDPR (if applicable) and indicate if you will be sharing that data with any third parties (such as advertisers, payment processors, authentication software service providers, etc.). This will ensure that you have your users’ clear and informed consent.

Data Storage and Protection

Privacy is a legitimate concern and no one wants their personal information readily available to everyone on the Internet.

You should reassure your users and explain how and where the personal information collected will be securely stored. This includes mentioning if you will be transferring, storing, or processing data in another country. It is always a good idea to let your users know that you take data privacy seriously and that you have strong measures in place to protect their data (such as encryption, restricted access, etc.).

You should also specify how long you will be holding on to that information and explain the process that they can follow to request a copy of the data that you have about them and/or request deletion.

Opting Out of Data Collection

Your users should know that they have data protection rights under applicable laws as well as the right to opt-out of data collection, you can explain how opting out may affect their experience on your app.

Contact Information

Your users should be able to contact you easily should they have any questions or concerns in regards to your data processing activities. It is good practice to include a contact form, email address, postal address, and phone number - this is also where you would include the contact information of your data protection officer under the GDPR.

These are the basic elements that are typically included in an app’s privacy policy. However, you will likely have to add on to this. If you process payments through your app, for example, you should explain how that information is processed and by whom.

We understand that this might be a lot to take on, which is why we have created a mobile app privacy policy generator to provide you with a policy that meets the strictest global guidelines and give you peace of mind.

Where Should You Display Your App’s Privacy Policy?

Most apps have a Legal section under Settings where users can find a Privacy tab - you could display the full text of your policy directly under that section. This makes it easily accessible for your users and improves transparency.

You could also choose to summarize your privacy policy directly in the app and include a hyperlink that opens up a web browser that leads to your website, where users can read through the full document.

You should also mention your app’s privacy policy in the app store as this is something that people browsing through apps may be looking for (not to mention that this is a requirement in order to be allowed to list your product on most app stores, as discussed above). Most app stores have a designated box in which you can simply paste your privacy policy URL when creating your app listing.

It is good practice to mention and link to your privacy policy every time you collect personal information, such as at the time of initial sign-up/account creation or during the checkout process.

Note that terms of use and privacy policies tend to interact, as they go hand in hand. You may wish to include a clause in your terms and conditions regarding privacy as well as a link so that you can have your users’ express consent to both your terms and privacy policy.

Last but not least, your app’s policy should be available on your website, whether it is identical or differs from your website’s privacy policy.

Mobile Apps Privacy Policies Examples

Spotify

Audio streaming platform Spotify’s privacy policy is accessible through the app by going in the “Settings” section, clicking on “About” and on “Show Privacy Policy”.

Spotify's privacy policy for mobile apps

By following the steps above, a new tab opens up directly in the app where the user has access to Spotify’s full privacy policy, which includes all major elements previously discussed in this article.

Before even downloading the app on Apple’s App Store, potential users are warned that Spotify handles personal data and have the option to click on a hyperlink that leads to their website (that same hyperlink is also included in the app’s description).

White background with 'App Privacy' for mobile app from Apple Store

Instagram

Instagram and Facebook have recently updated their privacy policy and terms of use. Users can access them through the app by going into their “Settings”, clicking on “About” and then on “Data Policy”.

Instagram shows where privacy policy is located for mobile apps.

They are then taken to the Privacy and Safety Center where Facebook, Instagram, and Messenger’s policy is consolidated. It notably goes through all the information that is collected by the three apps and addresses how it is shared with the user’s network, Facebook’s third-party partners, and within the Facebook group of companies.

Instagram's Privacy Policy for mobile apps.

Vestiaire Collective

Second-hand fashion platform Vestiaire Collective prompts app users to accept its terms of use and privacy policy at different milestones throughout the user journey.

It first asks potential users to consent to Vestiaire’s Terms and Conditions at the time of account creation. When the hyperlink is clicked, users are shown the terms of use, which refer to the organization’s Privacy Policy & Cookies document.

Potential users have to actively click on those words to be served with a PDF type document that holds the company’s data protection, privacy, and cookies policy.

Vestiaire Collective's shows where to locate its privacy policy for mobile apps

Existing users are prompted to confirm that they have read and accepted Vestiaire Collective’s General Terms and Conditions as well as its Privacy Policy during the checkout process. If users click on the privacy policy hyperlink, they are served with an in-app version of the privacy and cookies policy.

Vestiaire's payment option and privacy policy for mobile apps.

All of the companies mentioned above link to their respective privacy policies in their website footer, to make it easily accessible to potential and existing customers.

Instagram's website footer shows various legal website policies where users can find them.

Final Words

If you have developed a mobile application that collects personal data from its users - which likely is the case for most apps these days - you need to have a privacy policy.

As we have seen above, this is essential in order for you to be able to make your app available for download on the major app stores, such as the Apple App Store, Google Play Store, and the Amazon Appstore. Note that you don’t need to have a different policy to fit each app store’s requirements, you should instead aim to have one that covers all eventualities.

More importantly, having a privacy policy is legally required by many countries worldwide, most famously by the European Union through the GDPR - one of the strictest and most advanced pieces of the privacy legislation in the world. You will need to assess where your app will be made available and seek to comply with all applicable laws.

If you want a quick solution, click here to use our privacy policy generator for apps. In just a few minutes, you will have a custom legally compliant privacy policy that you will be able to include in your app store listing, on your website, and in the privacy section of your app.

Don't waste time writing legal documents. Create an attorney-drafted privacy policy for your mobile app in just a few minutes with our online generator and avoid costly mistakes.