What do you do if your app isn't making as much money as you'd like it to?
One option is to join forces with a marketing analytics agency. This will help you gain a better understanding of what motivates your users. An example of this kind of agency is OneAudience.
But to become a OneAudience partner, you'll need a Privacy Policy, and that policy must include some specific information.
- 1. What is OneAudience?
- 2. What is a Privacy Policy?
- 2.1. What Counts as Personal Information?
- 2.2. Is a Privacy Policy Required By Law?
- 2.2.1. USA
- 2.2.2. Canada
- 2.2.3. Europe
- 3. What are OneAudience's Requirements?
- 3.1. Provide legally adequate notice of a Privacy Policy
- 3.2. Explain how you collect information
- 3.3. Explain how you use information
- 3.4. Explain how you share information
- 3.5. Disclose your relationship with OneAudience
- 3.6. Direct your users to OneAudience's own Privacy Policy
- 3.7. 8c. Compliance with laws
- 4. How Can I Make Users Read My Policy?
- 4.1. Layout
- 4.2. Formatting
- 4.3. Tone
- 5. Conclusion
What is OneAudience?
OneAudience is a mobile intelligence provider that connects app developers, publishers and advertisers to their target audiences.
They collect data from your app's users and combine it with their own demographic and lifestyle data to create unique consumer profiles and detailed audience segments.
This allows you to get a clearer picture of who's using your app so you can better serve your users and make your app more appealing to advertisers, earning you more revenue.
One of the conditions of becoming a OneAudience partner, as outlined in Section 8 of their Developer Agreement page, is that you must have a Privacy Policy.
If you don't know what a Privacy Policy is or how to write one, don't worry. We'll explain everything and give you some examples you can use as a guide.
What is a Privacy Policy?
A Privacy Policy is a document that tells your app's users how you collect, use, manage and share their personal identifiable information (PII).
Think of it as a way to build trust with your users. You'll be reassuring them that you process their data according to the law, keep it safe, and don't do anything unethical with it, such as gather more information than you need or sell it on to third parties without users' consent.
What Counts as Personal Information?
Personally identifiable information (PII) is any information that can be used to identify an individual user and de-anonymize anonymous data. This includes a person's:
- Name
- Address
- Date of birth
- Payment details
- Social security number
- Biometric information
- Medical information
There are two types of PII: sensitive and non-sensitive.
Sensitive information is data that could cause harm to an individual if it were to be leaked, such as banking details. You should always encrypt this data, both when it's in transit and at rest.
Non-sensitive information is information that you can find in the public domain, in places like phone books, public records, corporate directories and websites.
Is a Privacy Policy Required By Law?
Yes. Most countries have some form of privacy legislation that you'll need to follow when processing personal data.
USA
In the US, there's no specific federal law on privacy policies. However, there are various laws that require them in some circumstances.
These include the:
- Children's Online Privacy Protection Act (COPPA)
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability Act
- California Online Privacy Protection Act (CalOPPA)
Some states also have stricter rules on privacy than others. For example, the California Online Privacy Protection Act (CalOPPA) states that websites and apps that collect PII from residents of California must have a prominent Privacy Policy that outlines what data they gather and who they share it with.
Canada
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) requires websites and apps that gather data from Canadian citizens to make public their personal information management policies and practices.
Europe
In the European Union, the set of laws that covers personal data is the General Data Protection Regulation.
Articles 12, 13 and 14 of the GDPR lay out the rules on making privacy information available to data subjects.
The EU's privacy laws are some of the most detailed in the world. For example, they require you to write your Privacy Policy in clear and plain language.
What are OneAudience's Requirements?
You'll find OneAudience's Privacy Policy requirements in Section 8 of their Developer Agreement, entitled 'End-User Privacy; Compliance.' The first three parts of this section are related to your Privacy Policy.
Let's take a closer look:
Summary - Before you allow users to install your app, OneAudience requires you to:
- Provide legally adequate notice of a Privacy Policy.
- Explain how you collection information.
- Explain how you use information.
- Explain how you share information.
- Direct your users to OneAudience's own Privacy Policy.
- Disclose your relationship with OneAudience.
Now let's see what each of these mean for you and your app.
Provide legally adequate notice of a Privacy Policy
In legal terminology, the word 'notice' refers to the requirement that a party - in this case, your users - be made aware of the laws that affect their rights, obligations or duties.
This means that you need to create a thorough Privacy Policy and make it easy for your users to find. In other words, try not to bury your policy under layers of pages.
Most websites put a link to their Privacy Policy at the bottom of the homepage. On an app, you could include it in your Settings page.
For example, you can find Twitter's Privacy Policy on their mobile app by going to Settings and Privacy > About Twitter > Privacy Policy.
As you can see, Twitter has also included an introduction that explains why it has a Privacy Policy. While you could just jump straight into your policy, an introduction like this is a great way to let your users know that you value their privacy.
Explain how you collect information
In this section, you should outline what kind of data you collect and all the ways in which you collect it.
How much detail should you go into? It depends on what your app does.
Uber includes the following broad categories of data in its Privacy Policy:
- Information you (that is, drivers and riders) provide
- Information created when you use our services
- Information from other sources
The policy then goes on to expand on each category. For example, Category 2 is subdivided into:
- Location information
- Transaction information
- Usage information
- Device information
- Communication data
These are then subdivided even further.
Because Uber has a lot of information in each section, a short summary written in plain English is included at the start of each one, like so:
This is handy for users who are only looking for an overview and don't want to read through the entire document.
A common problem that people run into when putting together a Privacy Policy, or any Terms and Conditions-style document, is the balancing act between making the document understandable to normal people, and not leaving out any important legal information. This is known as the transparency paradox.
Including a summary is a great way to get around this problem, because you can include both the full legal document and a shorter, more 'human-speak' version.
Explain how you use information
In this section, you'll explain what you do with your users' data once you've got it.
The most common (and obvious) purpose of gathering data is to deliver and improve the service(s) that users wanted when they downloaded your app in the first place.
Here's what Tinder has to say about how it uses information from users:
Here's an excerpt from AirBnB's Privacy Policy section on information use:
Just like the section on how you gather data, you can then go on to expand on each point in more detail.
Explain how you share information
Following the privacy scandal that engulfed Facebook in 2018 after it allowed third party apps to mine data without the consent of its users, people are more concerned than ever about how companies share their data with third parties.
By their very definition, most social networking apps need to share some user information - such as names and photos - with other users in the network. As Tinder puts it:
Social networking apps aren't the only ones who sometimes need to share information with third parties in order to work properly. Take Uber, for example. If you want to order a cab but then refuse to allow Uber to give your location and phone number to one of their drivers, it'll be quite difficult for them to pick you up.
This is your opportunity to reassure your users that you will only share their data with third parties in a way that benefits them, and only when they give you explicit permission to do so.
Disclose your relationship with OneAudience
You should let your users know that you're in partnership with OneAudience. Explain that OneAudience collect their personal data so your app can show them more personalized ads. In their own words...
Direct your users to OneAudience's own Privacy Policy
OneAudience's Privacy Policy goes into a lot more detail about how they collect and handle personal data.
Aside from being a requirement, including a link to their website will put your users' minds at ease that OneAudience is a legitimate business.
You need to inform your users that:
- OneAudience may collect, use and share their data, as specified in OneAudience's Privacy Policy.
- They can choose to opt out of OneAudience's data collection by uninstalling your app.
You must inform your users of both these notices in the app description that's shown immediately before a user installs your app, as well as in your Privacy Policy. Here's how a highly addictive mobile game called Hole.io does it:
8c. Compliance with laws
OneAudience also requires you to agree to comply with all applicable laws if you use their service, including privacy laws.
This means that you must follow all the laws of the state or country in which you operate.
In the case of privacy laws, this doesn't just apply to the place where you're based, but also to the place where your users are located.
For example, if some of your users live in the European Union, then you'll need to comply with the EU's General Data Protection Regulations (GDPR).
OneAudience can't be held liable if you don't follow these laws, so it's your responsibility to make sure you do.
Once again, OneAudience reminds you to make your Privacy Policy visible to your users.
How Can I Make Users Read My Policy?
It's a proven fact that most people don't like reading legal policies of any kind. A 2017 survey by Deloitte revealed that 90% of respondents in the US accepted legal Terms and Conditions agreements without ever reading them.
Why is this? Probably because most T&Cs consist of huge blocks of complicated words, strung together in sentences that seem to go on forever.
Here are a few ways you can make life easier for your users:
Layout
We've already looked at how Uber includes a simplified summary next to each point of its Privacy Policy.
Another idea is to have an interactive table of contents at the top or on the side of your main document. This allows users to get to the part that interests them without having to scroll down.
Once again, let's use Uber as an example:
Formatting
A Privacy Policy doesn't have to be an intimidating wall of text. There are little tricks you can use to move your reader along, such as:
- Using sub-headers to divide different sections.
- Breaking up long sentences into shorter ones where possible.
- Aiming for short paragraphs.
- Using bullet points to make lists easier to read.
- Using bold text to emphasize important parts.
Tone
It's inevitable that your Privacy Policy will contain at least some technical jargon. While you should definitely keep the tone professional on the whole, there's no harm in being conversational from time to time.
Remember that unless your app is highly specialized, your user base will consist of regular people who'll appreciate that you're speaking to them like a normal human being.
Conclusion
Creating a Privacy Policy may seem daunting, but if you break it down into small sections you should have no trouble putting it all together. And as we've seen, there are plenty of examples online that you can take inspiration from.
Remember that by partnering with OneAudience, your app could generate substantially more revenue. So it's worth following their terms to the letter, which means having a Privacy Policy.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.