App developer? Here’s everything you need to understand and get started with GDPR and ePrivacy compliance.
👆🏼 But first, do privacy laws actually apply to you? And which one?
See which privacy laws actually apply to you. Take this free 1-min quiz →
💡 What you’ll need (and when you’ll need it)
Why? Under most countries’ laws it’s mandatory that you disclose details related to privacy and your data processing activities. Failure to do so can result in massive fines, app store/marketplace rejection, leave you open to litigation and negatively affect the credibility of your website or app.
When do you need it? Whenever processing personal data in any way (even ip addresses can be considered personal data).
Practical
Platform-specific guides
- Privacy policy for iOS and macOS apps ›
- Privacy policy for Android apps ›
- Privacy policy for Amazon Appstore ›
- Privacy policy for Facebook apps ›
Informative
Why? Many app developers use cookies either in-app or via the app website for everything from usage statistics to remarketing ads.
When do you need it? If you use cookies and you have EU-based users, you’re required by both by law and by law-abiding third-parties such as Google, Amazon, Apple, Facebook etc. to comply with legal requirements – in this case Cookie Law. This generally means having valid cookie policy and cookie management solution in place.
Practical
Did you know that we have a mobile SDK available for Cookie Solution? It’s fully customizable and available as a native component for both IOS and Android. You can contact us directly at info@iubenda.com to access all files and instructions needed for implementation.
- Getting started with the Cookie Solution ›
- Customize the Look & Behavior of the Cookie Banner ›
- How to Generate a Cookie Policy for the Cookie Banner ›
- Introduction to the Prior Blocking of Cookie Scripts ›
- How to Further Configure Your Cookie Solution (Advanced Guide) ›
CMS Plugins
These plugins allow you to set up quickly on the most popular platforms and automate much of the prior blocking process
WordPress Plugin Guide | Magento Guide | Joomla! Guide | PrestaShop Guide | PHP class Guide.
Drupal users, you can access the class via direct download or Packagist, and find full instructions in the PHP class guide linked above.
Informative
Why? Terms and Conditions (also called ToS – Terms of Service, Terms of Use or EULA – End User License Agreement) set the way in which your product, service or content may be used, in a legally binding way. Not only are crucial for protecting you from potential liabilities, but (especially in cases where something is being sold to consumers) they often contain legally mandated information such as users’ rights, withdrawal or cancellation disclosures.
When do you need it? In general, you’ll likely need to set Terms & Conditions if you have app which participates in some form of commerce (whether selling to users directly or facilitating trading). Additionally, some specific instances where they might needed are where you:
- need to make legally required disclosures related to consumer rights (especially withdrawal and cancellation rights);
- have different user levels (eg. registered vs non-registered);
- your platform allows users to sell or trade with other users;
- facilitate or otherwise process payments and/ or other sensitive user data;
- want to set the rules for user behavior and state grounds for termination of accounts;
- participate in affiliate programs;
- provide a software or service which can potentially cause harm if misused;
- would like to have some legally enforceable control over, and set rules about, how your app may be used.
Particular emphasis should be given to account termination clauses, payment conditions and the limitation of liability clauses (and disclaimers).
Practical
- How to generate terms and conditions
- How to integrate iubenda’s terms and conditions on your site and app
Informative
Why? The GDPR requires that you keep and maintain valid records of consent if processing user data based on consent. Without these records, the consent you collect is considered invalid.
When do you need it? When processing the personal data of EU-based users on the legal basis of Consent. Typical examples of this include collecting personal data via forms for newsletters, email lists, subscriptions etc. This does not typically apply to consent for cookies as cookies are still largely governed by the ePrivacy Regulation (Cookie Law).
Important
Note: GDPR requirements also apply if your base of operations is in the EU or if you simply offer goods or services to EU-based persons, even if that offer is free. Read more here.
Practical
- Maintaining valid records of Consent – iubenda Consent Database ›
- Consent Database Implementation – JS Method ›
- Consent Database Implementation – HTTP API Method ›
Informative
Why? The GDPR requires that you keep and maintain valid records of processing if processing the personal data of EU-based persons. Without these records, your processing activities would be in violation of the law.
When do you need it? If you fall under the scope of the GDPR and your processing activities are not occasional, could result in a risk to the rights or freedoms of others, involves sensitive data or if you have more than 250 employees — in short, it’s almost always required.
Practical
- Guide to the Register of Data Processing Activities›
- Register of Data Processing Activities Video tour and tutorial ›
Informative
Special Considerations
Planning to send emails or newsletters? Read this:
Target children or minors? Read this: