« go to the main website

iubenda blog

iubenda's blog, privacy policy generator for websites and apps

Posted on by Simon Schmid


We've recently integrated BuySellAds with our privacy policy generator. Today I'd like to announce iubenda's integration with SponsorPay. You can therefore now browse the collection of services/clauses and find & use SponsorPay in your privacy policies.


Add a SponsorPay clause to your privacy policy

What is SponsorPay?

SponsorPay is a big player in the app-monetization space. They make it very easy to monetize by including mediation, an ad marketplace and ad serving capabilities. This allows developers to integrate, manage and optimize all sources of ad revenue.

SponsorPay is one of Berlin's successful companies along with SoundCloud and others. They also have offices in San Francisco, New York, Los Angeles, London, Paris, Istanbul, Shanghai, Seoul and Tokyo.

Why include a privacy policy for SponsorPay?

SponsorPay uses cookies and usage data to provide their service. The personal data collected and used is something that should be addressed in a mobile privacy policy.

By using iubenda for your site this becomes as easy as choosing the SponsorPay clause and adding it to your privacy policy. Let us help you with it.

Generate Privacy Policy for SponsorPay

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

This is a quick reminder that the changes to Australia's Privacy Act 1988 have gone into effect yesterday, 12 March 2014. The Office of the Australian Privacy Officer also published a media statement on Tuesday announcing the important change:

The new laws require businesses and Australian Government agencies to be more transparent about how they handle personal information. Entities need to have a clearly expressed and up to date privacy policy about the way they handle personal information.

As always we will be monitoring the changes that the amendment brings and will react accordingly.

In the meantime here are a few interesting documents published by the OAIC:

However, most small businesses will not have to comply with the Privacy Act 1988 (Privacy Act). A small business with an annual turnover of $3 million or less will only have to comply with the Privacy Act under certain circumstances that you can read up here.
Generate your privacy policy with iubenda

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


We've recently integrated BuySellAds with our privacy policy generator. This means you can now easily browse our ever growing collection of services/clauses and find & use BuySellAds in your privacy policies.


Add a BuySellAds clause to your privacy policy.

What is BuySellAds?

For most people, BSA needs no introduction. For ages (2008), BuySellAds has helped bloggers and sites to monetize their passions on the web by making it easy for them to - sell and accept ads. They have a great pool of advertisers and nice network of sites.

Why include a privacy policy for BuySellAds?

BuySellAds uses cookies and usage data to make their magic happen and deliver a world-class service to you as a publisher. The data collection happening is therefore something that should go into a privacy policy.

By using iubenda for your site this becomes as easy as choosing the BuySellAds clause and adding it to your privacy policy. Let us help you with it.

Generate Privacy Policy for BuySellAds

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

We've published a couple of guides on the subject of adding your privacy policy to the app stores, but the fact that you can only see the privacy policy link on the app store page within iTunes is something we haven't written about before.

The app stores have only relatively recently begun to focus on privacy regulation compliance (it's the developers problem after all), so this is something that may still change. I don't see a good reason for it to stay like this.

So if you are looking for your privacy policy link on Apple's App Store page, then it will not be shown on the web, here https://itunes.apple.com/en/app/xy/idxXyetc...



...but only on the page within iTunes, when the user clicks on "View In iTunes".


For information regarding the creation and inclusion of the privacy policy in your app, consider reading our guides:

Or generate a privacy policy for your app with us.

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


The mere fact that privacy policies should not a be simple afterthought for developers and app owners has probably sunken in with most people by now. There are various reasons why you should add a privacy policy to your app, many of which can be traced back to California's Attorney General and her efforts to do something about the situation for privacy in apps.

Where I still see a lot of potential for improvement at the moment is the way the privacy policy is displayed for an app. I always rejoice when I see a product using our policies in an efficient and fine way. Therefore, I am now publishing a quick guide to showcase how you could effectively embed a privacy policy in your app.

To illustrate this guide I am going to use Wordbase, an app that recently started using iubenda and made a good impression with their implementation practices.

Minimal theory about privacy policies in apps

Data protection authorities have been working on improving the privacy situation in apps for a good while now. There's a fair amount of guidance and documentation to be found about that fact. This should not be a surprising development, mobile phones are becoming devices with access to our most intimate details. This trend will continue.

The basic premise is that when the use of your app involves processing of personal data of individuals, privacy laws will kick in. One of the consequences is the required disclosure of your data processing to your users and that information should be made readily available before a mobile app is downloaded.

How should you link to your privacy policy in your app?

So let us move to this article's main question: how should you link your privacy policy for your app?

To illustrate that, I will use a quote from Europe's Article 29 Working Party which is a sort of think tank regarding European data protection practices (emphasis added, you can view the paper in full here and mainly under 3.7.2 the form of the information):

The essential scope of information about data processing 1) must be available to the users before app installation, via the app store. Secondly, the relevant information about the data processing 2) must also be accessible from within the app, after installation.

As a joint controller with the app developers with regard to information, app stores must ensure that every app provides the essential information on personal data processing. They should check the hyperlinks to included pages with privacy information and remove apps with broken links or otherwise inaccessible information about the data processing.

Make sure your users can view the policy before the installation. They should also be able to view the "relevant information about the data processing" from within the app.

The Working Party recommends that information about personal data processing is also available, and easy to locate, such as within the app store 3) and preferably on the regular websites of the app developer responsible for the app. It is unacceptable that the users be placed in a position where they would have to search the web for information on the app data processing policies instead of being informed directly by the app developer or other data controller.

Make your policies available where people are viewing your app.

At the very least, every app should have a readable, understandable and easily accessible privacy policy, where all the above mentioned information is included. Many apps do not meet this minimum transparency requirement. According to the June 2012 FPF study, 56% of the paid apps do not have a privacy policy, and almost 30% of the free apps.

Apps which do not, or are not intended for the processing or personal data, should clearly state this within the privacy policy.

Therefore add your privacy policy to

  1. the app store page
  2. within the app, preferably in the main settings view
  3. and on your promotional site that is connected with the app

1) Privacy policy in the app

On websites a privacy policy belongs in the footer or any other main navigation that is easily available from virtually any page. For apps this is a bit more complicated because of space constraints, but mostly there will be a a great spot in a settings or navigation list.

Example Wordbase app:


I'm happy for this example, because I'd suggest a small improvement. The privacy policy is where it belongs, in the main settings view (or in other words, where you'd expect it). There is however no reason to tuck it away below the list (the reasoning may have been that the full phrase "Read our privacy policy" doesn't fit). A simple continuation in the list styling and adding "Privacy Policy" would've been better.

2) Privacy policy on the app store page

This one is important. Make the privacy policy available before the download on the app store. The stores have dedicated link forms for this. Iubenda makes this very easy, just grab the link for your generated privacy policy and paste it there.

Example Wordbase app on the App Store:


Since there are various app store systems out there, we've made a few guides to help you find your way around:

3) Privacy policy on your website

At last but not at least, make use of your online real estate and link to your privacy policy from your app's page as well.

Example website Wordbaseapp.com:


All of this is really just a consequence of informing your users before their usage of your app and shouldn't be too hard to do. Yet so many developers/app owners don't do this consequently. Don't be one of them, do it right.


Let us help you generate a privacy policy for your app

Posted on by Simon Schmid | Posted in Category, Privacy | Tagged , , , ,

Leave a comment

Posted on by Simon Schmid


This post mainly answers the question why you need to include a privacy policy on your website when you use KISSmetrics and how you can craft one using iubenda (or writing a privacy policy for use with KISSmetrics yourself) .

Let's assume you have a website, you run KISSmetrics on it and you are thinking about including a privacy policy. What gives?

Quick Start Guide

  • Sign up/Sign in and choose our clause called "KISSmetrics";
  • Generate the self-updating privacy policy with a few clicks;
  • Add the privacy policy to your site by embedding or linking to it;

1) Do I have to include a privacy policy when I use KISSmetrics?

There are two sides to this question from a legal perspective. But actually only one answer: YES.

  • There is the legal side of it: Depending on where you are you may fall under European, American (Californian) or Australian privacy laws. The list could go on since most countries have some sort of privacy regulations that extend onto the web - and hefty penalties for non-compliance.
  • For analytics services in general: analytical services collect some sort of personally identifiable information as a rule of thumb, which is why you have to disclose this fact to people via something like a privacy policy: More information about the legal framework can be found here.
  • There is the company policy side to it as well: Does Space Pencil, Inc., aka KISSmetrics require me in their terms to have a privacy policy when I use their service? See the answer in the next paragraph (2).

2) Am I required by KISSmetrics to post a privacy policy?

Yes. KISSmetrics requires their users to use a privacy policy. When you sign up for their service you consent to their terms that state the following regarding privacy policy:

By using the KISSmetrics Script implementing the use of such cookies, you represent and warrant that: (i) you will comply with all applicable laws relating to the placement of such cookies on Visitors' computers; (ii) you have posted (or you will post) a privacy policy on each website on which you use the Service, which clearly and conspicuously discloses the use of such cookies and (iii) you have obtained all required consents and authorizations from your website Visitors relating to the use of such cookies.


iii. you have posted (or you will post) a privacy policy on each website on which you use the Service, which contains a link to KISSmetrics' Privacy Policy and clearly and conspicuously states that:
a) you use third-party service providers to provide certain analytics services to you in connection with your operation of such website, including the collection and tracking of certain data and information regarding the characteristics and activities of visitors to such website;
b) Visitors may opt-out of this analytics service by using KISSmetrics' Opt-Out Feature;
c) you may disclose Visitor data, including Personally Identifiable Information, to certain such third-party services providers to obtain such services.

The most important parts in these terms regarding the privacy policy are:" (...) you have posted (or you will post) a privacy policy (...)".

3) How do I add a privacy policy?

Usually, to make a privacy policy legally effective and compliant, it has to be easily found. A best practice is to link to your privacy policy from your footer where your users or visitors can find it at any given time. It should also not be modified to look like you want to hide it (smaller type, light colors that make it literally indistinguishable from the background).

4) An example privacy policy for KISSmetrics?

A lot of people ask for sample privacy policies for their websites & KISSmetrics. In reality those samples don't do anyone much good because they're far too generic. Let's start with an enumeration of what needs to go into a privacy policy. Most countries' privacy laws require you to include the following information:

- What kind of personal data is collected
- Describe how this information will be used by the company.
- Describe how this information will be transferred to third party companies.
- Provide instructions on how users can modify or delete their personal information.
- Provide instructions on how users can opt-out of future communications.
- Identify its effective date and outline how you notify people of material changes to your privacy policy.

Ideally you would tell the users what the service does in general and how you are using it.

What do I do now?

You can either hire a lawyer, write your own policy or use iubenda's generator right away to make your policy. The KISSmetrics clause falls under our free limits.

Our Approach of Generating a KISSmetrics Privacy Policy

So here's where iubenda's privacy policy generator will come in very handy:

  1. Define the services and categories of data collection your app/site is making use of.
  2. Add the services (and categories of data collection like "have a contact form") you are using to your policy. iubenda now takes care of your policy and generates it for you.
  3. You can either link to your policy or embed the text into your app/site.

Generate a privacy policy for KISSmetrics

Posted on by Simon Schmid | Posted in Category, Privacy | Tagged , , ,

Leave a comment