Bolt Image

Mobile App Privacy Policy Template

Christine Hennel

by Christine Hennel

December 6, 2021

Build My Privacy Policy
Mobile App Privacy Policy Template

Whether you have an iOS or Android app, you must keep your mobile application compliant with an app privacy policy. Keep reading to find out what they are, whether you need one, and the requirements for different platforms.

You can also download our FREE app privacy policy template or create your own with our state-of-the-art privacy policy generator.

Table of Contents
  1. Mobile Apps and Privacy Laws
  2. Current Applicable Laws for Mobile App Privacy Policies
  3. Privacy Policies for iOS and Android Apps
  4. General Requirements for Mobile App Privacy Policies
  5. Inform Mobile Users If They Are Being Tracked
  6. How to Give Users Access to Your App's Privacy Policy
  7. App Privacy Policy Examples
  8. Mobile App Privacy Policy Template for iOS and Android [Full Text and Download]
  9. FAQs About App Privacy Policies

1. Mobile Apps and Privacy Laws

Mandated by various laws around the world, privacy policies for mobile apps should clearly and explicitly detail which personal information (PI) is collected, why it’s collected, with whom it may be shared, and how users can control their data. In addition, a full copy of your privacy policy should be accessible at all times.

What is a Mobile App Privacy Policy?

A mobile app privacy policy is a legal statement that must be clear, conspicuous, and consented to by all users. It must disclose how a mobile app gathers, stores, and uses the personal information it collects from its users.

A mobile privacy app is developed and presented to users so that mobile app developers stay compliant with state, federal, and international laws. As a result, they fulfill the legal requirement to safeguard user privacy while protecting the company itself from legal challenges.

Whether you have an iOS or Android app, you must keep your mobile application compliant by using a privacy policy on your app.

Create a Mobile App Privacy Policy Using Termly

Here’s how you can use Termly’s generator to create a comprehensive and compliant privacy policy for your mobile app.

Step 1: Go to Termly’s privacy policy generator.

Step 2: Answer a few simple prompts and questions, and go through all of the steps until you reach “Final Details.”

privacy-policy-termly-final-step-screenshot

Step 3: Once you’ve filled in everything and you are satisfied with the preview, click “Publish.” You will then be prompted to create an account on Termly so you can save and edit your privacy policy further.

What is Personal Information (PI)?

Personal information is information you may use directly or indirectly to identify an individual. If separate and distinct items of data can be used in conjunction with other pieces of data to eventually identify a physical person, that is also considered personal info and must be protected.

Here are some examples of personal information:

  • Names
  • Phone numbers
  • Social Security numbers
  • Billing or shipping address
  • Email addresses
  • Birth locations
  • Geolocations
  • Medical records
  • Birthdays
  • License plate numbers
  • ID numbers
  • Data provided with voluntary consent
  • DNA/Genetic information
  • Biometric data (e.g., fingerprints, facial recognition)
  • Registration numbers (including vehicle registration)
  • Device data
  • IP addresses
  • Browsing history
  • Billing or shipping address
  • Credit card details
  • Automatic cookie data
  • Sensitive personal data (e.g., race, ethnicity, sexuality)

You should take special consideration when collecting personal information that the GDPR defines as “sensitive.”

Sensitive data includes information such as an individual’s race, ethnicity, sexuality, political beliefs, and biometric or genetic data.

How to Know if Your App Collects Personal Information

Once you know what data qualifies as PI, you must maintain legal compliance by implementing the appropriate measures for alerting users and protecting their data. Here are some tips for assessing whether you collect PI:

Conduct an Audit

As you look toward developing your own mobile app privacy policy, take the time to identify each possible step within your mobile app that requires collecting personal data, whether through a checkout process, an email signup form, or an account registration page. It’s possible that you, or the third-party services you use, may collect more PI than you realize.

As you conduct your audit, be clear on what you collect and make a note of:

  • Where it’s collected
  • Why it’s collected
  • How it’s stored
  • How it may be shared

Be sure to consider pseudonymous data. By itself, this is data that cannot be used to identify an individual but that can readily be linked to other data. The end result will deprive mobile users of their privacy by using disconnected bits of their personal information to identify them.

Consider Each Category Collected

It may be useful to structure the information you or a third party collects by separating the information into categories and showing where along the process it is collected.

Spotify’s privacy policy presents a sweeping model for how you could structure such a section and go further by offering details on when the data is collected and if it’s required or optional.

spotify privacy policy

Consider Third Parties

Even if your app doesn’t collect the data itself, you must include a mobile app privacy policy if you employ a third-party service provider that gathers user data. You are responsible for disclosing “what” and “how” user data is collected and used on your app.

The process works the other way around as well. Several third-party service providers already require that privacy policies be presented on your mobile app when you use providers such as Google Analytics, Google Maps, and Facebook Graph API.

With regard to cookies, be aware that third-party services regularly use cookies to gather and store personal information. It is your responsibility to know and understand whether these providers are engaged in those practices, and if they are, you must include an appropriate app privacy policy.

Simply notifying your users that third parties collect their information is not sufficient. If true, you must make it clear that you may not have control over third-party PI information that may be collected, sold, or traded.

Whatsapp is a popular messaging service application that is used worldwide. You can find a link to its privacy policy not only on the app profile page but also within the app. Furthermore, they openly display that they extend their privacy policy to third-party providers and require them to employ and handle user information in accordance with Whatsapp policies.

whatsapp privacy policy

Look in Specific Areas

When searching your mobile app for all the places and ways in which you collect PI, there are a few key areas to keep in mind:

  • Direct collection through forms: Signup forms commonly gather personal information entered by the user. However, you may be collecting user data without consent if the PI is collected whether or not the user actually completes and submits the form.
  • Cookies: In addition to your own mobile app, be alert for third-party services that use cookies to gather and store personal information. It is your responsibility to know if your app or any third-party service providers collect PI, ranging from user behavior to passwords to payment information. You must clearly address these practices in both your mobile app privacy policy and a dedicated cookie policy.
  • Geolocation targeting: Geolocation or geotargeting technology may collect a mobile app user’s general or exact location by monitoring their mobile device either by default or with permission. Note that if the mobile app location data is joined with another piece of PI, it could be used to identify a physical person.
  • Point of Sale systems (POS): Modern POS systems are often digital and are seen at the checkout page of an eCommerce or SaaS website. These systems collect customer information such as names, telephone numbers, email addresses, credit card data, and other payment information.
  • Customer relationship management software (CRM): Your sales and marketing teams will likely collect and store information on potential and current users. To maintain GDPR CRM compliance, you must directly notify mobile users of these practices.
  • Customer support: At a minimum, customer support collects data on names, phone numbers, addresses, and more. Your mobile app may use software to store this information and keep it on file. Figure this out and explain it to your users clearly and directly.

Consider Voluntary Consent

Voluntary consent is another means through which you can collect PI. If voluntarily provided, data can be shared for any purpose as long as the user is notified and consents by — for example, a checkmark — or they consent by continued use of the app.

The music listening service called Pandora provides additional privacy policy rules with regard to voluntary consent. It explicitly informs its users that any such information they choose to provide, including community posting, will be shared with others.

pandora privacy policy

Do You Need A Mobile App Privacy Policy?

The simple answer is yes; you need a privacy policy if your mobile app falls under the following situations:

  • Your app collects personal data
  • Your app uses a third-party service provider
  • The iOS or Android platform requires one
  • You want to reassure your app’s users
  • You want to err on the side of caution

A privacy policy for your app isn’t just a way to meet legal requirements; it’s a good way to:

Reassure Your Users

According to a survey done by the Pew Research Center, more than 57% of mobile app users have uninstalled or decided not to install an app due to concerns about the sharing of their personal information.

Including a mobile app privacy policy will ease your users’ concerns and give them confidence in your app by knowing that their personal information is safe.

Anticipate Changes

As privacy policies and data protection laws related to mobile applications continue to expand, the definition of PI can change. For example, ways to determine an individual’s identity through an IP address have progressed far enough that it was added to the GDPR’s list of protected personal information.

2. Current Applicable Laws for Mobile App Privacy Policies

United States Federal Trade Commission

United States Federal Trade Commission Seal FTC

The US Federal Trade Commission (FTC) emphasizes that mobile application developers in the United States or those who distribute applications to be used in the United States should include privacy policies in their applications.

The foundation of every privacy policy begins with the Fair Information Practice Principles. In 1998, the FTC found that there were five core principles of privacy protection that were common in privacy policies in most countries. These five principles are:

  1. Notice prior to collecting data
  2. The choice to agree to collection or opt-out
  3. Access data for accuracy and correction
  4. Security steps to protect user data and delete old data
  5. Enforcement to address and remedy privacy concerns

As a part of these five Fair Information Practice Principles, a site’s security measures should be specified in its own section. The required security measures you’ll need to have in place will depend on the amount of data you collect and its sensitivity.

For example, PayPal explains that they use technical, physical, and administrative security measures to protect your data and prevent data breaches, including firewalls, data encryption, and physical access controls.

paypal privacy policy

General Data Protection Regulation (GDPR)

GDPR seal

Since 2018, the General Data Protection Regulation (GDPR) has required that companies across the globe process the personal data of EU citizens with very stringent data security tools and data privacy measures in place. In addition, companies must present their data practices to the user in the form of a privacy policy.

If your app is available to those located in any EU country, you are subject to comply with the GDPR. Complying with the GDPR starts with a comprehensive mobile app privacy policy that details what, how, when, with whom, and where data is collected.

For example, if you operate a mobile app, you are likely to collect data such as geolocation and mobile device information from your app’s users. Therefore, you should be explicit in outlining all these potential avenues of data collection in your app’s privacy policy.

A look at Walt Disney’s GDPR compliance

Walt Disney is an example of a company in compliance with the rules of the GDPR. With an easy-to-navigate menu, you can see and easily understand:

  • How your data is being collected
  • Why it’s being collected
  • What type of data is being collected
  • How your data is being used
  • Where your data is being used
  • How you can revoke consent
  • Terms of the complete privacy policy

walt disney privacy policy

Here’s Google’s GDPR policy on deleting data

One of the GDPR’s most significant policies concerns giving users the capability to remove, revoke consent, or delete data. Google provides easily accessible methods for its users to export their data or delete it entirely. Clearly marked and separate signal buttons guide users through the process of exporting or immediately deleting all data.

google gdpr privacy policy

Accountability Principles of GDPR

Any mobile application that handles personal data from EU citizens is required to make certain declarations to those mobile users in the form of a privacy policy. In addition, users must give explicit and informed consent before a mobile app can process their information.

GDPR’s data protection and accountability principles must be followed:

  • Data processing must be fair
  • Data collected must be for specific and legitimate purposes
  • No more data is collected than what is needed
  • No storage of data longer than needed
  • Data must be accurate
  • Data collected to ensure security, integrity, and confidentiality
  • Demonstrated compliance with data principles

A fine could be levied up to 20 million euros or 4% of your mobile app’s annual global revenue. For more details on the key concepts regarding the requirements of the GDPR, refer to our GDPR overview.

The California Consumer Privacy Act of 2018 (CCPA)

ccpa 2018 logo

The California Consumer Privacy Act (CCPA) is a data privacy law that regulates how businesses worldwide are allowed to handle the personal information (PI) of California residents.

Under the CCPA, consumers now have rights such as the right to request their data be erased or not sold. Although it’s sometimes called a light version of the more comprehensive GDPR, the CCPA is the first law of its kind in the United States and one of the strictest privacy laws in US history.

All companies that serve California residents must comply with the CCPA if they:

  • Have at least $25 million or more in annual revenue
  • Collect, share, buy, or sell the personal data of 50,000 or more “consumers, households, or devices”
  • Collect more than half of their revenues from the sale of personal data from Californians

Unlike the GDPR, the CCPA expands privacy laws by:

  • Allowing users to request information on any data collected on them, not just PI
  • Granting users the right to refuse the sale of their personal information to third parties
  • Requiring that minors under the age of 16 be opted-out of the sale of their information by default

The CCPA carries fines of up to $7,500 per intentional violation, with unintentional violations costing $2,500 per violation if not remedied within 30 days.

Recently, the FTC fined TikTok, a popular social networking platform directed at kids, for violating the Children’s Online Privacy Protection Act (COPPA). TikTok was fined 5.7 million for illegally collecting children’s information without parental consent for the purpose of selling it elsewhere.

Now TikTok displays prominent notices regarding the data it uses to track users and the personal information it collects:

tiktok privacy policy

California’s Online Privacy Protection Act (CalOPPA)

CalOPPA logo

CalOPPA applies to any businesses running mobile apps. Failure to comply with CalOPPA could result in fines of up to $2,500 per user per violation. Fines of over a quarter of a million dollars can easily be levied against even a small mobile application company that reaches only 100 users per week.

In addition to basic GDPR rules, other requirements must be satisfied for compliance with CalOPPA. The privacy policy for a mobile application must contain:

  • A link to the privacy policy from the website and mobile app’s homepage, which must contain the word “privacy”
  • Information about modifications and how they will be made
  • Third-party information regarding exactly who collects data

Children’s Online Privacy Protection Act (COPPA)

Childrens Online Privacy Protection Act logo

To help protect children’s privacy and keep them safe online, the FTC enforces the Children’s Online Privacy Protection Act (COPPA), which requires websites, mobile apps, and other online services to obtain consent from parents before collecting personal information from kids younger than 13.

‌COPPA is the reason that many websites and apps do not allow users under the age of 13 to access the content or register an account. Complying with the law is often seen as too difficult to merit the inclusion of children of that age.

In addition to requiring privacy policies, COPPA imposes fines on companies that fail to follow their guidelines for how online businesses and mobile apps should treat children’s information.

For example, in 2019, YouTube was issued a COPPA fine of $170 million for illegally harvesting children’s personal data and targeting ads at kids without their parents’ consent. In such a situation, direct notification by a privacy policy would have been insufficient to avoid fines as COPPA requires verifiable parental consent before proceeding with any sensitive distribution or selling of children’s information and, in some cases, is never allowed.

Privacy Rights for California Minors in the Digital World

Privacy Rights for California Minors in the Digital World logo

The Privacy Rights for California Minors in the Digital World Act (also called the Eraser Button Law) applies to websites and mobile applications that allow users under the age of 18 to register and post content.

The Eraser Button Law states that these websites and mobile apps must allow users under the age of 18 to remove the content or information they have contributed whenever they would like to. It also states that these users must be clearly informed of their rights and ability to do so.

Student Online Personal Information Protection Act

Student Online Personal Information Protection Act logo

The Student Online Personal Information Protection Act (SOPIPA) applies to the online collection of the personal information of K-12 student-users in California.

The law states that any information gathered from students cannot be used in targeted advertising toward them or their parents. The student data can also not be sold or disclosed without express authorization and only under specified circumstances.

3. Privacy Policies for iOS and Android Apps

Privacy Policy for iOS Apps

iOS is a mobile operating system created and developed by Apple for exclusive distribution on its hardware. Even before compliance with other privacy laws, mobile app developers are required to include a privacy policy in an iOS application.

Apple’s App Store requires a privacy policy if an app:

  • Collects user data
  • Is made for, or specifically directed, at kids
  • Offers automatically renewable in-app purchases
  • Allows for user registration
  • Accesses a user’s existing account
  • Offers free subscriptions
  • Is otherwise required by law

Privacy Policy for Android Apps

Android is an operating system developed by Google for use on mobile devices. Android apps can be purchased in the Google Play Store or other third-party marketplaces such as SlideME or the Amazon Appstore.

‌By April 22, 2022, every single application published by the Google Play Store will be required to have a privacy policy and declare how it collects, protects, and handles private user data.

The new safety section in the Google Play Console will inform users and help them understand:

  • What type of data an app collects
  • Why the app collects that data
  • Which data is shared with third-party providers
  • Whether users have control over their data
  • How the app uses security practices like encryption
  • If the data is optional or needed for app functionality

General Requirements for Mobile App Privacy Policies

To make your app’s privacy policy comprehensive and user-friendly, it should contain the following information:

Section 1: Explain the Type of Personal Information You Collect

Privacy policies almost always begin by explaining the types of data that a website or app may collect from users. It’s important that you are as detailed as possible about the data you collect.

Section 2: Define How You Use and Share Data

In addition to revealing the type of data you collect, you must explain how the data gets used and whether or not it gets shared with third-party services.

Section 3: Disclose Use of Third Party Services

Third-party tools and providers can enhance your mobile apps through content optimization, better customer service, data analytics, affiliate marketing, and lead generation.

If you share data with third-party services, your policy must reveal how and why.

As on many mobile apps, Google Analytics is mentioned by name as a service that receives user PI to perform statistical analysis regarding the use of an app.

Section 3 of Twitter’s privacy policy includes a paragraph on the kinds of data they share and the types of service providers they use and also name Google Analytics directly.

twitter-privacy-policy-section-3

As Google Analytics is a recognizable and frequently used third-party service, be sure your mobile app meets the requirements of the GDPR. In addition, consider reviewing our Google Analytics GDPR guide as it provides actionable steps for complying with the GDPR.

Note that any irregular processing of personal data collected through third-party analytics tools can result in a fine of up to 4% of your mobile app’s annual global revenue.

Section 4: Describe How Users Can Control Their Data

Control over a user’s data has become a key concern for online businesses as they strive to comply with laws like the GDPR and CCPA. By default, privacy policies have become instruction manuals for how users can exercise their data rights.

You should include the steps that users can take to access, transfer, change, delete, correct, amend, export, or limit the use of their information.

Section 5: Update Users of Policy Changes

Mobile app users have the right to be informed of any changes to your privacy law. As a result, you may need to update your policy. Publish the date of the last change and reassure users that any significant changes will be presented prominently and emailed to the user.

Inform Mobile Users If They Are Being Tracked

A significant and growing interest to mobile application users is the concern over being tracked by their purchases, daily activities, physical geolocations, and website history.

According to a recent Pew Research Center study, nearly all mobile app users take steps to manage, control, or protect their personal data:

  • 54% of mobile app users did not install a mobile app due to the amount of personal information they needed to share in order to use the app
  • 30% of mobile app users have uninstalled an app that was already on their mobile device once they learned it was collecting personal information they didn’t wish to share

For example, in an effort to acknowledge user concerns, the Walt Disney Company is careful to inform users of its tracking policy. Children and families spend billions on Disney Company products, movies, and visits to amusement parks. To provide complete transparency, Disney is clear about how the company and its advertisers track web behavior for advertising purposes.

walt disney online tracking policy

How to Give Users Access to Your App’s Privacy Policy

Whether your mobile application requires a privacy policy, it is a good idea to include one. Having one will offer some level of protection in the event of a legal challenge.

Whether you have an iOS, Android, or Windows app, you can include such a policy in several ways:

  • Embed it directly in your app
  • Provide a link to a dedicated webpage
  • Place it on your official website

Embed Directly in the App

Embedding the policy in your application means dedicating space within the app to display it. Then, users can simply navigate within the app to get to the policy.

Through this method, your legal policies are only ever a few actions away from the current page. Users are aware of its presence, can consult it at any time, and are not inconvenienced by doing so.

Use an App Privacy Policy Url

Many developers use an app privacy policy URL to directly link to the policy within the app. This means that users can navigate to a place within the app that has a hyperlink containing the word “privacy.”

Clicking this link opens up the privacy policy in a new internet browser window. This webpage is usually hosted by a third party but can also be part of the company’s website.

You can also include a link to your policy on your app’s profile page in whichever app store you choose to sell your product. This allows users to view your policy before downloading your application.

Place the Policy on Your Official Site

If your company has a website, you can display privacy policy changes there. It is good practice to use the same policies for both your app and your website.

Even if your website is just a placeholder site, you will still benefit from the legal protection afforded to you by the presence of such a policy.

App Privacy Policy Examples

Every company should have a privacy policy, and those that collect user information are legally required to do so.

However, within that framework, companies may have very different policies depending on what their mobile applications are used for.

We’ve outlined several notable examples:

Dropbox

There is a link to the Dropbox privacy policy on the app’s profile page in the app store. Users can first view the policy and then decide if they want to download the app.

Dropbox-PP-Location-Image

Dropbox uses the same policy for both its company at large and its mobile application. It outlines with whom user information will be shared and why. The company also directly states that it won’t sell personal data to advertisers or other third parties.

Dropbox-PP-Fine-Print

The company’s policy is easy to read and utilizes friendly language to inform users that Dropbox will collect personal information. The policy is specific and thorough, leaving little room for legal interpretation.

Facebook

Facebook also provides a link to its privacy policy on its profile page in the app store. In addition, the company has adopted a more up-front, user-friendly approach to its legal policies in response to public concerns over the sharing of personal information.

Facebook has identical policies for the company and the mobile application. The policy is formatted in an FAQ format, which makes for easy reading. The language used is also very understandable, making it easy for users to process.

Additionally, third parties that develop Facebook apps for use on its platform are required to enter a privacy policy URL in order to publish their app.

Pandora

Pandora is a music streaming service with both a website and a mobile app. There is a link to its privacy policy on the mobile app’s profile page in the app store. In keeping with most modern companies, Pandora’s policies are consistent across all platforms.

Pandora-PP-Example-Image

The company stresses that it will not share your personal information with anyone–except under extreme circumstances. Interestingly, however, the company will share user information with a successor company in the event of a merger or corporate takeover. There is no guarantee that the successor company will honor the current privacy policy.

Snapchat

Snapchat is an exclusively mobile application that allows for the taking, editing, and sharing of photos. Although the service is only provided through mobile devices, its legal policies are hosted on its official website.

Snapchat-PP-Example-Image

The company’s policy is clearly laid out and very approachable. However, it states that Snapchat may use your personal information for ad targeting and customization. This is seemingly at odds with SOPIPA.

Whatsapp

Whatsapp is a popular messaging service application that is used worldwide. You can find a link to its privacy policy not only on the app profile page but also within the app.

Whatsapp-PP-Location

Whatsapp seems to pride itself on its practices for keeping personal information secure. Its privacy policy is comprehensive and precise.

Whatsapp-Privacy-Policy-Info-Sharing

The company even describes how it requires the third-party service providers it employs to handle user information in accordance with Whatsapp policies.

Mobile App Privacy Policy Template for iOS and Android [Full Text and Download]

Whether you copy and paste or download the template below, please remember that this is just a template and should be edited to match your mobile app.

Before using it, read through the entire mobile app privacy policy template – fill in all of the [brackets], remove any sections that do not apply to your app, and tweak any language as needed.

App Privacy Policy [Text Format]

Last updated [Date]

[BUSINESS ENTITY NAME] (“we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application (the “Application”). Please read this Privacy Policy carefully. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE APPLICATION.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of

Full View

App Privacy Policy [Text Format]

Last updated [Date]

[BUSINESS ENTITY NAME] (“we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application (the “Application”). Please read this Privacy Policy carefully. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE APPLICATION.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Application after the date such revised Privacy Policy is posted.

This Privacy Policy does not apply to the third-party online/mobile store from which you install the Application or make payments, including any in-game virtual items, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.

This Privacy Policy was created using Termly’s Privacy Policy Generator.

COLLECTION OF YOUR INFORMATION

We may collect information about you in a variety of ways. The information we may collect via the Application depends on the content and materials you use, and includes:

Personal Data

Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to participate in various activities related to the Application, such as chat, posting messages in comment sections or in our forums, liking posts, sending feedback, and responding to surveys. If you choose to share data about yourself via your profile, online chat, or other interactive areas of the Application, please be advised that all data you disclose in these areas is public and your data will be accessible to anyone who accesses the Application.

Derivative Data

Information our servers automatically collect when you access the Application, such as your native actions that are integral to the Application, including liking, re-blogging, or replying to a post, as well as other interactions with the Application and other users via server log files.

Financial Data

Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, [Payment Processor Name], and you are encouraged to review their privacy policy and contact them directly for responses to your questions.

Facebook Permissions

The Application may by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your account, such as friends, checkins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.

Data from Social Networks

User information from social networking sites, such as [social media sites that your mobile app connects to], including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks. This information may also include the contact information of anyone you invite to use and/or join the Application.

Geo-Location Information

We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using the Application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.

Mobile Device Access

We may request access or permission to certain features from your mobile device, including your mobile device’s [list all features that your app can connect to (eg. bluetooth)]. If you wish to change our access or permissions, you may do so in your device’s settings.

Mobile Device Data

Device information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.

Push Notifications

We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

Third-Party Data

Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Application permission to access this information.

Data From Contests, Giveaways, and Surveys

Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.

USE OF YOUR INFORMATION

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to: [Choose from the options below, or add your own]

  1. Administer sweepstakes, promotions, and contests.
  2. Assist law enforcement and respond to subpoena.
  3. Compile anonymous statistical data and analysis for use internally or with third parties.
  4. Create and manage your account.
  5. Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Application to you.
  6. Email you regarding your account or order.
  7. Enable user-to-user communications.
  8. Fulfill and manage purchases, orders, payments, and other transactions related to the Application.
  9. Generate a personal profile about you to make future visits to the Application more personalized.
  10. Increase the efficiency and operation of the Application.
  11. Monitor and analyze usage and trends to improve your experience with the Application.
  12. Notify you of updates to the Application.
  13. Offer new products, services, mobile applications, and/or recommendations to you.
  14. Perform other business activities as needed.
  15. Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  16. Process payments and refunds.
  17. Request feedback and contact you about your use of the Application.
  18. Resolve disputes and troubleshoot problems.
  19. Respond to product and customer service requests.
  20. Send you a newsletter.
  21. Solicit support for the Application.
  22. [Other]

DISCLOSURE OF YOUR INFORMATION

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.

Marketing Communications

With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.

Interactions with Other Users

If you interact with other users of the Application, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.

Online Postings

When you post comments, contributions or other content to the Applications, your posts may be viewed by all users and may be publicly distributed outside the Application in perpetuity

Third-Party Advertisers

We may use third-party advertising companies to serve ads when you visit the Application. These companies may use information about your visits to the Application and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

Business Partners

We may share your information with our business partners to offer you certain products, services or promotions.

Offer Wall

The Application may display a third-party-hosted “offer wall.” Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for acceptance and completion of an advertisement offer. Such an offer wall may appear in the Application and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will leave the Application. A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account.

Social Media Contacts

If you connect to the Application through a social network, your contacts on the social network will see your name, profile photo, and descriptions of your activity.

Other Third Parties

We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.

Sale or Bankruptcy

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy.

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

TRACKING TECHNOLOGIES

Cookies and Web Beacons

We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Application to help customize the Application and improve your experience. When you access the Application, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Application. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

Internet-Based Advertising

Additionally, we may use third-party software to serve ads on the Application, implement email marketing campaigns, and manage other interactive marketing initiatives. This third-party software may use cookies or similar tracking technology to help manage and optimize your online experience with us. For more information about opting-out of interest-based ads, visit the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.

Website Analytics

We may also partner with selected third-party vendors, such as [List any third-party analytics that your mobile app uses (eg. Google Analytics)] to allow tracking technologies and remarketing services on the Application through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Application, determine the popularity of certain content, and better understand online activity. By accessing the Application, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

THIRD-PARTY WEBSITES

The Application may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Application, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Application.

SECURITY OF YOUR INFORMATION

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

POLICY FOR CHILDREN

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems [and our mobile applications] include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

OPTIONS REGARDING YOUR INFORMATION

Account Information

You may at any time review or change the information in your account or terminate your account by: [Choose from the options below, or add your own]

  • Logging into your account settings and updating your account
  • Contacting us using the contact information provided below
  • [Other]

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

Emails and Communications

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by: [Choose from the options below, or add your own]

  • Noting your preferences at the time you register your account with the Application
  • Logging into your account settings and updating your preferences.
  • Contacting us using the contact information provided below

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.

CONTACT US

If you have questions or comments about this Privacy Policy, please contact us at:

[Company Name]

[Street Address]

[City, State Zip]

[Phone Number]

[Fax Number]

[Email]

If you’re looking for a different type of privacy policy, have a look at our other template pages to find what you need:

Privacy Policy Description
Website Privacy Policy Template A standard privacy policy for basic websites and blogs.
Ecommerce Privacy Policy Template A privacy policy built specifically for online eCommerce stores.
GDPR Privacy Policy Template A GDPR-ready privacy policy for any online business.

FAQs About App Privacy Policies

When do I need a privacy policy for an app?

A privacy policy is required for your app if it collects personal information from California residents or residents in the EEA. In addition, depending on applicable laws, your app may also need a privacy policy if it markets to certain demographics.

Even if you’re not legally required to have a privacy policy, third-party app services and platforms (such as Google Analytics and the iOS App Store) often require your app to contain a privacy policy.

Christine Hennel
More about the author

Written by Christine Hennel

Christine is a product specialist and writer for Termly. She writes support articles, user FAQs, and documentation for Termly’s policy generators and cookie consent manager. More about the author

Related Articles

Explore more resources Explore more resources