A Privacy Policy is a legal requirement for all websites and apps that collect or use personal information from users. In fact, you won't be able to launch your app without one. That's because sites like Facebook and most app stores won't let you go live without a Privacy Policy URL.
The introduction of the General Data Protection Regulation (GDPR) in the European Union suggests that not only is privacy a major concern for regulators, but it's only going to become tighter. On the day the GDPR was enacted (May 28, 2018), tech giants Google and Facebook were slammed by $8.8 billion in GDPR lawsuits.
In other words, non-compliance is not cheap.
Putting together a Privacy Policy is straightforward. More importantly, you have plenty of options to choose from, including the option to self-host, to ensure your policy is compliant. Are you ready to launch your app but missing that Privacy Policy URL?
Read on and you'll have a live Privacy Policy in no time.
What is a Privacy Policy?
A Privacy Policy is a document or statement that outlines all the ways one party interacts with the data of customers and clients.
It looks at how the organization:
- Collects data
- Uses data
- Discloses or shares data
- Manages data (storage, deletion, security, etc.)
Each Privacy Policy is unique to the party that writes it because it must deal specifically with the data collected and methods used to collect, store, and share the information.
For example, Nordstrom's Privacy Policy considers the data gathered on its website, on its app, via the phone line, and in store:
A Privacy Policy isn't just a good business practice. It's also mandated by privacy laws in the United States, Canada, the EU, Australia and other countries around the world.
Personally Identifiable Information
Privacy Policies are concerned with what's called personally identifiable information (PII). PII is any identifying data that reveals something that can be used to identify a person. Safeguarding this information is paramount for both the privacy and security of the person it refers to.
The U.S. Department of Labor provides a helpful definition of personal identifiable information, stating it as
"Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media."
Why is PII so carefully guarded?
Losing or exposing PII leaves the individuals it relates to subject to substantial harm. The greatest concern is that of identity theft and fraud. Unfortunately, identity theft and fraud are pervasive in our culture. The Bureau of Justice Statistics reported 17.6 million U.S. residents were victims of identity theft in 2014 alone. That's the equivalent of 7 percent of the U.S. population over the age of 16.
Data from Javelin Strategy & Research shows the BJS figure isn't an anomaly. In 2017, the estimated number of individuals impacted was 16.7 million Americans who lost a total of approximately $16.8 billion in stolen funds.
Privacy Policy URLs
Privacy Policies are required for any app or website that collects data. Because the laws are so strict, there's no way around it even if you're working with another website that has its own Privacy Policy.
App developers who want to work with Facebook or other popular platforms are often required to enter the URL for their Privacy Policy when setting up the app.
Because of the privacy restrictions, Facebook and other sites mandate a Privacy Policy as part of their Terms of Use.
App stores also require a policy. Apple Developer notes that one of the most common reasons apps are rejected is a broken or missing Privacy Policy URL.
Your URL isn't for internal use only. The app store includes the link on your app's page within the store so potential users can navigate directly to it.
In most cases, you'll want to host your own Privacy Policy to easily update it and retain control over it. You can do it two ways:
- Adding it to the main navigation, or
- Placing a link in the footer.
Here are a few examples:
Candy Crush is an app downloaded independently from an app store or used on Facebook. To comply with privacy standards, it requires a Privacy Policy. The policy is hosted on its parent company King's website, which covers all of King's group companies.
King keeps the link to its Privacy Policy in the footer:
King's footer is a good example because the legal footer is kept separate from other links, which keeps it distinctive. You want your Privacy Policy to stand out at least as much as the other links you provide in your footer.
Emirates Airlines includes not one but two links to the Privacy Policy in quick succession. The first link is placed carefully under a call for data collection and the second is in the footer itself.
This really helps the Privacy Policy be conspicuous, which is a requirement of many privacy laws.
Instagram has become one of the top social media platforms and most downloaded apps across all mobile platforms.
Instagram hosts its own Privacy Policy on its browser version:
You'll see two links to the policy here. A full Privacy Policy URL is provided in the footer of the site, but links to portions of the policy are placed under the "Sign Up" button.
The links direct you to Instagram's "Help" section, which hosts the full Privacy Policy.
Mobile apps also incorporate a Privacy Policy URL into design and for compliance. While there isn't the same sort of thing as a footer with a mobile app, there are menus and links that are perfect for displaying your Privacy Policy URL.
Here's how the SpeedTest mobile app links its Privacy Policy to its mobile app in a Privacy Notice screen for first-time users:
A common place to include a Privacy Policy URL in a mobile app is in a Legal or About menu.
Here's how Instagram does it:
Your mobile app Privacy Policy URL can either open your Policy within your app, or open a mobile browser window and redirect the user outside of your app and to the web.
Where to Host Your Privacy Policy
Self-hosting is the most common way of hosting a Privacy Policy because it demonstrates a clear correlation between your app or website and your Privacy Policy.
If you're an app developer, you may not already have a dedicated company website. Setting up a simple website to host your Privacy Policy is a good way to go, but there are also other options.
GitHub allows users to host basic, text-only sites if you're uninterested in creating your own site. You can use this site to house your Privacy Policy text.
Google (sites.google.com) is another simple place to host a Privacy Policy.
How to Generate Your Own Privacy Policy with TermsFeed
Get started with your own Privacy Policy with TermsFeed.
Head over to the TermsFeed website and click on "Generate Privacy Policy" link and then click on "Start the Privacy Policy Generator."
In just a few simple steps you'll have both a Privacy Policy and the public link to it, which eliminates the need for self-hosting if you need a quick solution for the URL.
Privacy Policy for Mobile Apps
1. At step 1, select the Mobile App option and click Next step:
2. Answer the questions asked about your mobile app and click Next step:
3. Answer a number of questions related to your business-specific practices in step 3. When finished, click Next step:
4. Enter your email address, choose additional languages to translate your policy into and pay for your policy to instantly download and get a link to your new Privacy Policy:
Privacy Policy for Desktop Apps
Need a Privacy Policy for your desktop app or website? Our generator has you covered.
From the TermsFeed website, click on the "Generate Privacy Policy" link and then click on "Start the Privacy Policy Generator."
1. At step 1, select the Website option and click Next step:
2. Answer the questions asked about your website and click Next step:
3. Answer a number of questions related to your business-specific practices in step 3. When finished, click Next step:
4. Enter your email address, choose additional languages to translate your policy into and pay for your policy to instantly download and get a link to your new Privacy Policy:
Hosting on Facebook
Once you've got your mobile or desktop app URL, all you need to do is provide it to your host.
Login to your developer account and navigate to Settings > Basic. You'll head to the Privacy Policy URL field and then paste the link you generated from TermsFeed into the box.
Save your changes, and you're ready to go.
If you've developed an app, you'll login to your developer account and head to the App Details page and select Contact Info. The Privacy Policy for Login Dialog section is found here and you'll enter your URL here.
Here's a more detailed explanation of Privacy Policy URLs for Facebook apps.
Conclusion
Privacy is becoming a greater concern among both the public and legislative representatives. New comprehensive laws and massive lawsuits prove that privacy matters and failing to comply is costly.
Even if you've got a great app, every app store and site worth working with requires a Privacy Policy before approving your app.
Make sure you have a Privacy Policy that's easily accessible via a URL and add it to your app, website and any third party app store that requires you to provide it in your developer account.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.
