Requirement 2.7.2 The privacy policy of your application must inform users about how location data from the Location Service API is used and disclosed and the controls that users have over the use and sharing of location data. This can be hosted within or directly linked from the application.
Should you submit an application that uses Location Service API and do not provide a privacy policy you will get a friendly response from the certification something like this:
Fail: It appears the application uses location services but does not include a privacy policy describing how the application uses the Location Service API and what control users have over the usage and sharing of information obtained through that usage.
Did you know Microsoft employs more Attorneys than Developers? That’s totally not true! We have a platoon of attorneys and a battalion of developers. We’re a software company. But don’t screw with us! Just kidding – sort of.
Why do you need a Privacy Policy?
A Privacy Policy is necessary when you deal with personal information. A person’s current location (from the Location Services API) is considered personal information. And, of course, because the marketplace certification requirements say so.
What is a Privacy Policy?
Thank you wikipedia:
Privacy policy is a statement or a legal document (privacy law) that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to but including; name, address, date of birth, marital status, contact information, ID issue and expiry date, financial records, credit information, medical history, where you travel, and intentions to acquire goods and services. In the case of a business it is often a statement that declares a party’s policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises.
Could I get sued?
Are you kidding? We could all get sued – by anyone, for any thing, at any time. The better question is: “If I get sued am I in deep snow?” Well… every situation is different; should the plaintiff resurrect Jonny Cochran you might be up Snow Creek regardless of the details. But the purpose of a policy is to give your users options and give you guidelines. Just remember this: you need to obey your own privacy policy.
Here’s my Policy
I have an application in the Marketplace that uses the Location Services API. I needed a privacy policy. Here’s how I wrote it:
Imitation is the best compliment, right? So, let’s look at important parts of Microsoft’s Privacy Policy:
In order to access some Microsoft services, you will be asked to sign in.
Microsoft collects and uses your personal information to operate and improve its sites and services.
Personal information collected on Microsoft sites and services may be stored.
Except as described in this statement, we will not disclose your personal information outside of Microsoft.
We may also disclose personal information as part of a corporate transaction.
Microsoft is committed to protecting the security of your personal information.
You have the ability to accept or decline cookies.
If you have questions regarding this statement, you should first contact us