As per Microsoft’s app submissions guide, if your Windows 10 application or game accesses, collects or transmits any Personal Information, in order to publish your app on the Microsoft Store you need to provide a link to your privacy policy.
“You are responsible for ensuring your app complies with privacy laws and regulations, and for providing a valid privacy policy URL if required.
You must indicate whether or not your app accesses, collects, or transmits any personal information. If it does, a privacy policy URL is required. Otherwise, it is optional (though if we determine that your app requires a privacy policy, and you have not provided one, your submission may fail certification).
To help you determine if your app requires a privacy policy, review the App Developer Agreement and the Microsoft Store Policies.“
In short
- Platform requirements aside, under almost all global legislations – and particularly under the GDPR – privacy notices are legally required.
- If your app handles personal or sensitive user data, you need to add a valid privacy policy in two places: your App’s listing page (in the Microsoft store) and within your app.
- If applicable, you have to disclose how you treat sensitive user and device data.
- If your app processes personal data for reasons unrelated to its functionality, you must highlight – prior to the collection and transmission – how the user’s data will be used and collect user consent.
- If your app is likely to be used by kids, you are subject to additional safety requirements
- With iubenda you can create a privacy policy (and a Terms and Conditions document) for your app.
Privacy policy requirements for Windows apps
While it might seem like a convenient idea to reach for sample privacy policies for apps, or privacy policy templates – this is often a very risky idea. Consider that the exact required contents of a privacy policy depends upon the laws applicable to you and the specific processing activities of your app.
Failure to meet these critical legal requirements can end up costing you – so it’s always a good idea to ensure that your privacy documents are fully customized to your particular situation.
Furthermore, for example, if you have international customers, your privacy policy may need to address requirements across multiple geographical boundaries and legal jurisdictions. Therefore, it’s always advisable that you approach your (legally mandated) privacy policy with the strictest applicable regulations in mind.
What basic information should be included in a Windows app privacy policy?
Let’s start with the minimum legal requirements. These are the most basic elements that a privacy policy should have:
- Who is the app owner?
- What data is being collected? How is that data being collected?
- What is the Legal basis for the collection? (e.g. consent, necessary for your service, legal obligation etc.) – This is more specifically related to the GDPR and EU Law, however, even if you fall outside of GDPR obligations, under most countries’ legislations, you’ll still need to say why you’re processing the personal data of users.
- For which specific purposes are the data collected? Analytics? In-app advertising?
- Which third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook Connect)?
- What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data?
- Description of process for notifying users and visitors of changes or updates to the privacy policy
- Effective date of the privacy policy
Terms and conditions for mobile apps
Terms and Conditions (also called ToS – Terms of Service, Terms of Use or EULA – End User License Agreement) set the way in which your app or its content may be used, in a legally binding way. Not only are crucial for protecting you from potential liabilities, but (especially in cases where something is being sold to consumers) they often contain legally mandated information such as users’ rights, withdrawal or cancellation disclosures.
Some specific instances where they might be needed are where you:
- need to make legally required disclosures related to consumer rights (especially withdrawal and cancellation rights);
- have different user levels (eg. registered vs non-registered);
- your platform allows users to sell or trade with other users;
- facilitate or otherwise process payments and/or other sensitive user data;
- want to set the rules for user behaviour and state grounds for termination of accounts;
- participate in affiliate programs;
- provide a software or service which can potentially cause harm if misused;
- would like to have some legally enforceable control over, and set rules about, how your app may be used.
As an app owner, particular emphasis should be given to account termination clauses, payment conditions and the limitation of liability clauses (and disclaimers).
Our Term and Conditions Generator helps you to easily generate and manage documents that are engineered to meet the specific requirements of all major app stores and up to date with the main international legislations.
Example privacy policy for Windows apps
Here’s an example of privacy policy, created with our generator.
Article 10.5 of Microsoft Store Policies provides an overview of Microsoft’s privacy guidelines
“The following requirements apply to products that access Personal Information. Personal Information includes all information or data that identifies or could be used to identify a person, or that is associated with such information or data.
- If your product accesses, collects or transmits Personal Information, or if otherwise required by law, you must maintain a privacy policy. You must provide users with access to your privacy policy by entering the privacy policy URL in Partner Center when you submit your product.
- Your privacy policy must inform users of the Personal Information accessed, collected or transmitted by your product, how that information is used, stored and secured, and indicate the types of parties to whom it is disclosed.
- It must describe the controls that users have over the use and sharing of their information and how they may access their information, and it must comply with applicable laws and regulations. “
Sharing data with third parties
According to Microsoft:
“You may publish the Personal Information of customers of your product to an outside service or third party through your product or its metadata only after obtaining opt-in consent from those customers. Opt-in consent means the customer gives their express permission in the product user interface for the requested activity, after you have:
- Described to the customer how the information will be accessed, used or shared, indicating the types of parties to whom it is disclosed, and
- Provided the customer a mechanism in the product user interface through which they can later rescind this permission and opt-out.”
This means that, if you fall within the scope of the GDPR, you’ll likely also need to maintain valid records of consent.
How to add a privacy policy to your Windows App
Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.
The process is straightforward and intuitive, simply:
- Click to add your services
- Fill out your web/app owner and contact details
- Embed in your app
1. Add your services
- If you use Twitter or other auth (=OAuth) services for user management, then add the respective service by clicking “Add a service” then start typing the name of the service you’d like to add. Remember to include all services processing personal information. If you handle user registration yourself, don’t forget to add the “Direct Registration” service.
- Select each applicable service from the list of suggestions that show up and customize by simply adding the specific types of personal data you collect. Our lawyer-crafted clauses automatically include the relevant user-rights disclosures and service definitions based on your input here.
- If you’d like to add a custom service clause, simply click the “Create custom service” button and fill out the built-in form.
2. Fill out your app owner and contact details
Enter:
- name and full address;
- email address.
Congratulations! Your policy has been created. Simply check that all the details are correct, then embed.
3. Embed
As we said above, you have to include a link to your privacy policy within the app and in the Partner Center when you submit your product.
Within the app
For apps, direct link or direct text embedding methods are best. Microsoft specifically requires “a link” to the privacy policy, so the direct link method is sufficient in meeting Microsoft’s requirements, however if your app processes user data while offline, be sure to provide users with an in-app offline method of accessing the privacy policy in order to be legally compliant.
Whichever embed method you choose, remember that you’re required to choose a location that is easily accessible and visible to users.
Generate your privacy policy for the Microsoft Store
Start generating
See also