- Platform requirements aside, under almost all global legislations – and particularly under the GDPR – privacy notices are legally required.
- If applicable, you have to disclose how you treat sensitive user and device data.
- If your app processes personal data for reasons unrelated to its functionality, you must highlight – prior to the collection and transmission – how the user’s data will be used and collect user consent.
- If your app is likely to be used by kids, you are subject to additional safety requirements
Failure to meet these critical legal requirements can end up costing you – so it’s always a good idea to ensure that your privacy documents are fully customized to your particular situation.
- Who is the app owner?
- What data is being collected? How is that data being collected?
- What is the Legal basis for the collection? (e.g. consent, necessary for your service, legal obligation etc.) – This is more specifically related to the GDPR and EU Law, however, even if you fall outside of GDPR obligations, under most countries’ legislations, you’ll still need to say why you’re processing the personal data of users.
- For which specific purposes are the data collected? Analytics? In-app advertising?
- Which third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook Connect)?
- What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data?
Terms and conditions for mobile apps
Some specific instances where they might be needed are where you:
- need to make legally required disclosures related to consumer rights (especially withdrawal and cancellation rights);
- have different user levels (eg. registered vs non-registered);
- your platform allows users to sell or trade with other users;
- facilitate or otherwise process payments and/or other sensitive user data;
- want to set the rules for user behaviour and state grounds for termination of accounts;
- participate in affiliate programs;
- provide a software or service which can potentially cause harm if misused;
- would like to have some legally enforceable control over, and set rules about, how your app may be used.
As an app owner, particular emphasis should be given to account termination clauses, payment conditions and the limitation of liability clauses (and disclaimers).
Our Term and Conditions Generator helps you to easily generate and manage documents that are engineered to meet the specific requirements of all major app stores and up to date with the main international legislations.
Article 10.5 of Microsoft Store Policies provides an overview of Microsoft’s privacy guidelines
“The following requirements apply to products that access Personal Information. Personal Information includes all information or data that identifies or could be used to identify a person, or that is associated with such information or data.
- It must describe the controls that users have over the use and sharing of their information and how they may access their information, and it must comply with applicable laws and regulations. “
Sharing data with third parties
According to Microsoft:
“You may publish the Personal Information of customers of your product to an outside service or third party through your product or its metadata only after obtaining opt-in consent from those customers. Opt-in consent means the customer gives their express permission in the product user interface for the requested activity, after you have:
- Described to the customer how the information will be accessed, used or shared, indicating the types of parties to whom it is disclosed, and
- Provided the customer a mechanism in the product user interface through which they can later rescind this permission and opt-out.”
This means that, if you fall within the scope of the GDPR, you’ll likely also need to maintain valid records of consent.
Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.
The process is straightforward and intuitive, simply:
- Click to add your services
- Fill out your web/app owner and contact details
- Embed in your app
1. Add your services
- If you use Twitter or other auth (=OAuth) services for user management, then add the respective service by clicking “Add a service” then start typing the name of the service you’d like to add. Remember to include all services processing personal information. If you handle user registration yourself, don’t forget to add the “Direct Registration” service.
- Select each applicable service from the list of suggestions that show up and customize by simply adding the specific types of personal data you collect. Our lawyer-crafted clauses automatically include the relevant user-rights disclosures and service definitions based on your input here.
- If you’d like to add a custom service clause, simply click the “Create custom service” button and fill out the built-in form.
2. Fill out your app owner and contact details
- name and full address;
- email address.
Congratulations! Your policy has been created. Simply check that all the details are correct, then embed.
Within the app
Whichever embed method you choose, remember that you’re required to choose a location that is easily accessible and visible to users.