After Apple has put renewed emphasis on subscriptions for apps it can also be observed that this comes with requirements by Apple that many may ignore: auto-renewing subscriptions need a privacy policy.
You can find some of that wording under: “Providing Access to Privacy Policies for Subscriptions” in the In-App Purchase Configuration Guide for iTunes Connect.
It reads:
If your app collects user or device-related data, iTunes Connect asks for a URL linking to a privacy policy that applies to your app. Privacy policy URLs are required for apps that offer auto-renewable subscriptions, or as required by law. Supply a privacy policy in each language in which your app displays on the App Store.
You will notice that subscriptions/payments statements are only a small part of the whole policy, and that, the rest of the statements are likely not describing your own app very well.
At iubenda we offer the privacy policy generation and management as-a-service, but we also like to point to resources and explain what the basics of privacy requirements are.
Here are some basics elements for a privacy policy (this is from a guide of the Attorney General’s office in California, therefore remember that European rules are stricter than this and will grow stricter when the so-called GDPR comes into force):
- The types or categories of personally identifiable data collected by the app.
- The uses and retention period for each type or category of personally identifiable data.
- Whether your app, or a third party, collects payment information for in-app purchases.
- The categories of third parties with whom the app may share personally identifiable data. Such third parties include advertising networks and analytics providers. Provide a link to third parties’ privacy policy statements, where available.
- The choices a user has regarding the collection, use, and sharing of user information, with instructions on how to exercise those choices.
- The process for a user to review and request corrections to his or her personally identifiable information maintained by the app, if available.
- A means for users to contact the app developer with questions or concerns.
- The effective date of the privacy policy and the process for notifying users of material changes to it.
In order to fulfil Apple’s requirements (and of course international privacy rules) you’ll need to outline what data you require for the payments in the privacy policy, depending on the complications you outline all the payment terms in a terms document (for instance, the auto-renewing nature is something that feels more at home in a terms document).
Of course iubenda is more than happy to provide the basics of your privacy policy wording and the hosting, management and translation needs.
- You can read more about privacy policies for iOS and the App Store here.
