« go to the main website

iubenda blog

iubenda's blog, privacy policy generator for websites and apps

Posted on by Simon Schmid


Surely by now this comes as no surprise to most (and even less to people who follow this blog closely):

a survey of over 1,200 mobile apps made by 26 privacy regulators from across the world has shown that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used.

The above paragraph is posted verbatim from the news release published by the ico., the UK's data protection authority. The survey has been a conducted as a result of the work done by the GPEN, a body that incorporates several privacy authorities from across the world. I had priorly reported about the "mobile apps sweep day" by the GPEN, now the results are out.

The main takeaways are:

  • 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information.
  • More than half (59%) of the apps left users struggling to find basic privacy information.
  • Almost 1 in 3 apps appeared to request an excessive number of permissions to access additional personal information.
  • 43% of the apps failed to tailor privacy communications to the small screen, either by providing information in a too small print, or by hiding the information in lengthy privacy policies that required scrolling or clicking through multiple pages. .

The release also shows what the regulators consider good practice:

The research did find examples of good practice, with some apps providing a basic explanation of how personal information is being used, including links to more detailed information if the individual wants to know more. The regulators were also impressed by the use of just-in-time notifications on certain apps that informed users of the potential collection, or use, of personal data as it was about to happen. These approaches make it easier for people to understand how their information is being used and when.

It's not hard to do better than 85% of these app owners. One tip is to get your privacy policy out there in front of people's eyes.

  1. Into the app's settings
  2. Onto the app store
  3. Onto the app's promotional site

Also you can easily generate a privacy policy with the help of iubenda's mobile app privacy policy generator.

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


Apple has just released a new page to remind developers of the most commonly cited reasons for app rejections.

Among these reasons Apple has also found a spot for reminding developers of the binding inclusion of a privacy policy for apps for kids: "and if you're offering auto-renewable or free subscriptions or your app is in the Kids Category, you must also provide a link to your privacy policy."

Yet, this page should change fairly soon with the release of iOS 8, when Apple will broaden the set of apps that go from "recommended privacy policy" to "required privacy policy". 

As iubenda has reported before the privacy policy requirements for iOS 8 will likely look like this:

  • Apps that link against HealthKit
  • Apps that link against HomeKit
  • Third party keyboards
  • Kids

So far, unsurprisingly, the Firefox OS store seems to be the most strict about including privacy policies into your apps.

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

Google is pushing Google Analytics users to update to their Universal Analytics implementation so it's time to take a quick look into the changes that are coming with it in regards to privacy regulation compliance. Universal Analytics will eventually replace the prior technology.

How to set up Universal Analytics

Here's a basic guide on how to set up Universal Analytics by Google. What we are interested in is the User ID part. User ID is core to the new possibilities in Universal Analytics. Universal Analytics allows the connecting of various sessions to one user and therefore allows you to track the activity on your property more accurately. 

Google explains it like this: 

The User ID is a Universal Analytics feature that you can use to associate multiple sessions (and any activity within those sessions) with a unique ID. When you send an unique ID and any related engagement data to Google Analytics, all activity is attributed to one user in your reports. With the User ID, you can get a more accurate user count, analyze the signed-in user experience, and get access to the new Cross Device reports. Learn more about the User ID.

In the first step of the setup flow you will find a toggle and you'll switch it to ON to indicate that you’ve read and agreed to the User ID PolicyThis enables the User ID feature in your account.

Security and privacy in Universal Analytics (source)

Google stresses the fact that it hasn't changed its privacy stance. The existing safeguards like IP masking, the Google Analytics browser opt-out add-on, data confidentiality, and security still work on the new analytics.js. Additionally, the information stored in the local first-party cookie is reduced for the new analytics.js, the snippet can be implemented without a need for a cookie at all.

About User ID and privacy

The User ID feature processes pseudonymous data which presumably in many cases will only be legitimate in the case that the particular user had not objected to that kind of processing priorly. The user needs to be advised on their right to opt-out from this sort of data processing.

Google themselves impose the following requirements onto the user:

You will give your end users proper notice about the implementations and features of Google Analytics you use (e.g. notice about what data you will collect via Google Analytics, and whether this data can be connected to other data you have about the end user). You will either get consent from your end users, or provide them with the opportunity to opt-out from the implementations and features you use.

You will not upload any data that allows Google to personally identify an individual (such as certain names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), even in hashed form.
Since Google's own opt-out link only opts you out from the specific device you are on, you will have to implement another manual way for people to opt-out. The easiest way to do this is to implement a process in which people can opt-out via email.

What are the steps included?

Quick Start Guide

  • Have a privacy policy in place and tell users about your use of Google Analytics and User ID;
  • Tell them that they can oppose to the collection in that way;
  • Do not send Google any data that allows them to personally identify your users;
  • Check out the other guides below for Google Analytics and Google Analytics in Germany

iubenda and Universal Analytics/User ID

We have introduced a slightly changed clause for the use with User ID soon allowing you to use this feature along with Google Analytics. The clause is called "User ID extension" and can be added to your iubenda privacy policy from the iubenda dashboard.


Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

Brazilian privacy policy launch

Today we are launching a localization in Brazilian Portuguese. 

Until this day our privacy policy framework could be generated in 5 languages: English, Italian, German, French and Spanish. Today we’re adding an often requested 6th language on top of this: Brazilian Portuguese

How can you use our languages?

Iubenda's languages can be used individually (French, English, Italian, Portuguese...), or they can be combined if your site runs in more than one language (English & Brazilian Portuguese). In that case you start your privacy policy - let's say in Brazilian - and then you add a second language on top. The generator will automatically take all of the work you've done with your first policy and duplicate it into the second language (here in this example it's English).

How do you generate your Brazilian privacy policy?

Note about Brazilian: Since Portuguese and Brazilian Portuguese are rather far apart, this localization means it will be understood and correct only by Brazilian ears and grammar standards.

Note about iubenda: iubenda is based on European data protection laws (which are known for their strict rules). Here and there we've added in additional clauses for you to choose from. Among them there's some wording for the US COPPA for example (Children's Online Privacy Protection Act). Iubenda's privacy policy generator is meant to help you out a great deal on the way to privacy compliance both on the web and mobile apps.

If you are new to iubenda you can generate your Brazilian Portuguese privacy policy for your website, Facebook application or mobile application via our website. Sign up for an account, log in and then in your dashboard find a green button saying "generate privacy policy". Follow the simple instructions to get you all set up.


How do you add a política de privacidade to an existing privacy policy?

add Brazilian Portuguese

If you already have a site with a privacy policy in another language: log in to your account, select the site you would like to add a Portuguese privacy policy to and then choose "Add language" in the sidebar of your dashboard. This will guide you through the end of your process.

Launch discount

To introduce the Brazilian localization of our privacy policy framework we're giving off 50% for 48 hours after the publication of this post. 

Blogger discount

If you are a tech blogger who wants to take the product for a spin, you can use it for free for one year. We're happy to talk about this at [email protected]

Affiliate possibility

If you have any friends that may be able to get some use out of iubenda, send them a personalized link (or share the link on your social networks). To do that simply follow this process:

You’ll find a link in your dashboard’s “Love and Rewards” tab. Share it and profit.


By visiting your sharing page you will find a couple of pre-crafted sharing possibilities. Instead of these options you can also simply copy paste the provided link and share it with whoever you like.


If you need more details about this, you'll be able to find out more in a recent post "How to make money by referring iubenda".

Generate a Brazilian Portuguese Política de Privacidade

Posted on by Simon Schmid | Posted in Category | Tagged , , ,


Posted on by Simon Schmid

Twitter's lead generation cards are a very interesting way of collecting email addresses/users. One thing Twitter wants you to do however before you're good to go, is to provide a privacy policy. 

Well of course that's an annoying additional requirement I bet you were not thinking about before. That's where (obviously) iubenda comes in handy. Iubenda can craft that much needed privacy policy for your Twitter Lead Generation cards.

Twitter Lead Generation cards privacy policy requirement

Since you are collecting email addresses and names for a certain goal Twitter requires you to provide a privacy policy. When you find the card creation interface in Twitter's ads section, you'll click on the Lead Generation radio button.



Next, you will fill all the details needed for the lead generation until you'll see a form labeled "Privacy policy URL" and small copy saying "Your privacy policy must explain how user data is being used."


The question mark reveals more: You must provide a link to your privacy policy on your site in order to use the Lead Generation card.

Iubenda helps a great deal with this. By signing up and telling us what the data is exactly that your site collects, your privacy policy comes out generated on the other side. Then the privacy policy can be embedded onto your site or you can just use the direct link provided as well.

Generate a privacy policy for your Twitter Lead Generation card now

About the implementation of the privacy policy link

Then, when you're done with creating your card, you'll see how it looks:


The privacy policy will be displayed right there on the card. What Twitter also tells you is to link to a privacy policy that originates on your site. 

If you therefore implement the privacy policy onto your site, make sure to include it in the footer because that's where people look first and data protection authorities want it.

Now that you've mastered the part of the privacy policy, take a look what other people can teach you about the lead generation cards:

  • How to Generate Twitter Leads With Their New Lead Generation Cards - Social Media Examiner
  • Twitter Introduces Lead Generation 'Cards' to Collect Leads From Tweets - Hubspot
  • Connect Twitter Lead Generation Cards to Campaign Monitor - Campaign Monitor

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

We have added 7 new services for inclusion with your privacy policy. They're services from across the SaaS spectrum, therefore let's look at each of them:

Now go and make something great with the time you've saved yourself by not making a privacy policy from scratch. 

Posted on by Simon Schmid | Posted in Category

Leave a comment