Privacy Policy for Firebase: How To Create One

If you use Firebase, Google’s web and mobile app developer platform, it might surprise you to learn that you must post a privacy policy.

Google requires anyone using Firebase to comply with applicable data privacy laws and have a privacy policy, as outlined in their Firebase Data Processing and Security Terms.

Whether you are a seasoned app developer or new to Firebase, read on to learn how to make a privacy policy for your app that complies with relevant privacy laws and Google’s requirements.

How To Make a Firebase Privacy Policy

You can create a compliant Firebase privacy policy in several ways, including using a privacy policy generator, a free template, or writing one yourself.\

Use a Privacy Policy Template

Some Firebase app creators may prefer our free privacy policy template — it takes a little more work than the generator, but it’s still very easy to use.

All you do is download the template and fill in the blank sections with details about your app.

Remove parts that don’t apply to you, and add or adapt any language as necessary.

Write Your Privacy Policy

You can also write your privacy policy, but you must have extensive legal and technical knowledge, or else you might be putting your app at risk.

Data privacy laws hold you responsible if you leave any relevant information out of these documents, even by mistake.

Use easy-to-read language so your users can understand what they’re agreeing to — for more information, check out our guide on how to write a privacy policy in nine easy steps.

What Is a Privacy Policy?

A Firebase privacy policy explains how your company collects, stores, uses, and shares visitors’ personal information when using the app and web developer program owned by Google.

It’s also standard to include a clause explaining your users’ rights over their data and how they can act on them.

Firebase may collect data from users that qualifies as personal information even if you don’t.

For app developers using the Firebase platform, your privacy policy must incorporate Google’s requirements and comply with relevant data privacy laws.

Which Privacy Laws Affect Firebase and How?

Several data privacy laws affect Firebase users, and you must comply with the ones that apply to your business — around the globe, 137 of 194 countries have adopted privacy legislation.

The following laws may apply to your business depending on factors like the location of your user base, how much data you process, and your gross annual income:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• California Online Privacy Protection Act (CalOPPA)
• Colorado Privacy Act (CPA)
• Virginia Consumer Data Protection Act (VCDPA)
• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Quebec’s Law 25

Additionally, you must consider whether your product targets specific demographics, such as children, in which case you’re subject to the Children’s Online Privacy Protection Act (COPPA).

As a Firebase product provider, you must stay current on evolving privacy laws worldwide.

Do You Need a Privacy Policy for Firebase Usage?

In their App Indexing User Data Policy, Firebase explicitly states that you must provide a link to your privacy policy in your app.

Even if you don’t actively process personal information, Google’s Firebase may collect your users’ data via Google Analytics.

Additionally, you must comply with applicable data privacy laws, most of which require a privacy policy or notice.

It’s important to note that claiming you’re unaware of user data collection is not an adequate defense under many privacy laws.

What Privacy Requirements Does Firebase Have?

You’re required to explain in your privacy policy how you gather, share, and use data with Firebase APIs.

You must also follow applicable laws and obtain user consent as necessary for sharing this information with Google.

Firebase also prohibits you from sending the following user data to them:

• Payment and financial data
• Children’s data
• Location data
• Authentication data
• Sensitive categories of data
• Criminal history
• Sexual history
• Health, genetics, or biometric data

What Are the Benefits of Having a Privacy Policy When Using Firebase?

Having a privacy policy when using Firebase benefits your business in the following ways:

What Do You Need to Cover in Your Firebase-Compliant Privacy Policy?

There are certain things your privacy policy must disclose to ensure compliance with Google’s Firebase requirements and data privacy laws, which I cover briefly in the following section.

Introduction

Your Firebase website’s privacy policy needs an introduction section.

It should include:

• Your full company name
• Details about who the policy applies to
• Definitions for applicable terms
• A table of contents

What Personal Data You Collect

You must include a clause in your privacy policy explaining what personal information you collect from users.

If you think you don’t collect any, remember that Google products like Firebase might, and you must disclose as much to your app users.

Why and How You Use the Data

You also must explain why you collect personal data from your app users and how that data gets used.

For example, under the GDPR, you must prove one of the following legal bases to account for data processing:

• Consent
• Fulfillment of a contract
• Legal obligation
• Vital interest of the data subject
• Interest of the public
• Legitimate interest

Uses of data might include:

• Enhancing your app’s services
• Research or marketing purposes
• User analytics

Children’s Data

You must include a clause in your privacy policy that addresses how you handle children’s data.

If you purposefully collect and process it, you’re subject to following additional, strict laws like the Children’s Online Privacy Protection Act (COPPA).

Otherwise, explain to parents and legal guardians how they can contact your team if they ever believe you accidentally collected information about their child.

Data You Share With Third Parties

Most data privacy laws require you to disclose:

• If you share user data with any third-party entities
• What categories of data you share
• The categories of the third parties themselves

If you use Firebase to develop your app, you share personal information about your users with at least one third-party — Google — making this a necessary clause.

Your Data Retention Policy

You’re required by laws like the GDPR to disclose how long you plan to retain personal data for.

Only retain it for as long as necessary to achieve the purposes you disclosed to users as written in your policy.

Safety and Security Measures

Your Firebase website privacy policy should explain what security measures you have in place to protect personal information from unauthorized access or other cyber crimes.

Data privacy laws require you to store this information in a safe way and hold you accountable if anything is ever compromised.

Your Use of Internet Cookies

Under privacy laws like the CCPA, internet cookies qualify as personal information.

You must explain if your Firebase website uses cookies and disclose what they are, their purpose, and what they do.

Users Rights Over Their Personal Data

Under most data privacy laws, you must list all rights your users have over their data in your privacy policy and explain one or more ways they can follow through on those rights.

Google’s Firebase terms also require you to include these details in your policy.

Consider using different clauses for each law that applies to you so users from those regions can easily find the information that applies to them.

Updates to Your Privacy Policy

A privacy policy is a living document you should change whenever your data processing activities do, so explain how you’ll communicate these updates to your users in a clause.

Some laws, like the CCPA, require you to update your privacy policy at least once yearly.

Contact Information

You must include your company contact information in your privacy policy in case a user has a question or concern.

Not only do some data privacy laws, like CalOPPA, require this, but it’s also necessary if you want your app to get published on the Google Play Store.

Where To Display Your Firebase Privacy Policy

Once you’ve made your privacy policy, you must display it in multiple locations to ensure compliance with the relevant laws, including:

• In your app footer or a static menu
• On any checkout pages or payment screens
• On a new user account or profile creation page
• Within other legal policies, like your terms and conditions or cookie policy
• On your Google Play Store or Apple App Store listing
• Within the Account Settings of your app
• If you also have a website, link it in the footer

Summary

If you use Firebase to develop web or mobile apps, plan to also put a privacy policy on your app store listing page and within the app itself.

Google requires one as part of their terms for app publishers, plus it helps you meet necessary legal requirements and shows users you’re honest about your data processing activities.

There’s no reason to reinvent the wheel — easily make a privacy policy for your Firebase app using our privacy policy generator.

More about the author

Written by Etienne Cussol CIPP/E, CIPM

Etienne is an Information Privacy professional and compliance analyst for Termly. He has been with us since 2021, managing our own compliance with data protection laws and participating in our marketing researches. His fields of expertise - and interest - include data protection (GDPR, ePrivacy Directive, CCPA), tracking technologies (third-party cookies, fingerprinting), and new forms of privacy management (GPC and the Google Privacy Sandbox). Etienne studied International Economic Affairs at the University of Toulouse, and graduated with a Masters in 2017. More about the author