- Well, that depends on what the app is doing. But consider the fact, that you can never be wrong including a link or a full page view of your privacy policy. It is however very likely that you are required by law to include a privacy policy into your Windows Phone creation. Easy CHECK: Am I collecting/storing/sharing personal information like email, names or sensitive data like payments info or using a third party service that accesses my info?
- You are likely using a third party service in your app that requires you to add a privacy policy to your app. Additionally to a legal requirement it is often an additional prerequisite to use a specific service. Check in your service provider's terms. A very popular third party service that requires you to post a privacy policy in their TOS is Google Analytics (they also have a mobile solution).
- For now (posted 14.6.2013) this is not the case. There is no requirement for a privacy policy to be included for the app to be accepted to be listed. This does not however excempt you from any of your obligations privacy-compliance obligations:
- From the App Developer Agreement: "If your app enables access to and the use of any Internet-based services, or otherwise collects or transmits any user’s personal information, you must maintain a privacy policy. You are responsible for informing customers of your privacy policy (including by submitting that policy to us for display to customers). Your privacy policy must (i) comply with applicable laws and regulations, (ii) inform users of the information collected by your app and how that information is used, stored, secured and disclosed, and (iii) describe the controls that users have over the use and sharing of their information, and how they may access their information. You must also provide access to your privacy policy in the app’s settings as displayed in the Windows settings charm".
- From App policies for Windows Phone: The privacy policy of your app must inform users about how location data from the Location Service API is used and disclosed and the controls that users have over the use and sharing of location data. This can be hosted within or directly linked from the app. The privacy policy must be accessible from your app at any time - (2.7.2).
- Same App policies I (2.7.4): If your app publishes or makes available location data obtained from the Location Service API to any other service or other person (including advertising networks), your app must implement a method to obtain opt-in consent. To "implement a method to obtain 'opt-in' consent," the app must:
- provide your privacy policy, which must be persistently accessible from within the app (and may also be made available in app details by populating the Privacy URL field in Dev Center) and must describe how the location information will be accessed, used or shared;
- Same App policies II (2.8): If your app (a) accesses or uploads a user's Contacts, Photos, Phone number, SMS history, Browsing history or any other data reasonably considered personal in nature, or if your app shares any of the foregoing information with third-party services or individuals, or (b) shares any unique device or user IDs, combined with user information, with third-party services or individuals, the app must implement a method to obtain the user’s "opt-in" consent. To "implement a method to obtain 'opt-in' consent," the app must:
- provide your privacy policy, which must be persistently accessible from within the app (and may also be made available in app details by populating the Privacy URL field in Dev Center) and must describe how the information will be accessed, used or shared;
- The California Attorney General is working on making all apps privacy regulations compliant and working on this with the big platform providers like Microsoft. This situation could therefore change down the road.
- Log into your Windows Phone Dev Center account
- Next, add the link to your privacy policy in the Privacy URL field
- Done.
CalOPPA minimum requirements:Provide info about the personally identifiable information (PII) like:
- a description of the types of PII collected and disclosed by the operator;
- a description of the process by which a consumer can access and request changes to his or her PII, if available;
- a description of the process by which the operator will notify consumers of material changes to the privacy policy; and
- an effective date.[5]
- who you are (identity and contact details),
- what precise categories of personal data the app wants to collect and process,
- why the data processing is necessary (for what precise purposes),
- whether data will be disclosed to third parties (not just a generic but a specific
description to whom the data will be disclosed), - what rights users have, in terms of withdrawal of consent and deletion of data
Helpful docs:
1. Privacy on the Go
2. Article 29 Working Group
Our Approach of Generating a Windows Phone Privacy PolicySo here's where iubenda's privacy policy generator will come in very handy:
1) define the services and categories of data collection your app is making use of.
2) add the services (and categories of data collection like "access to address book") you are using to your policy and it will generate the full text privacy policy in a condensed easily scannable fashion as well as an entire document your users can read if they want.
3) You can either link to your policy or embed the text into your app.