Step 1: Review Your App
Get your app developers and your spec together and perform a 6-step review:
1. Document any collection of personally identifiable information (PII). PII can include but is not limited to:
- Terrestrial or Email Address
- Phone Number
- IP Address
- Current Location
2. Note whether any of the PII your apps collect (for example, a social security number) is more sensitive than others, and any special steps you take when collecting it.
3. Take special note of your target age range. If your apps knowingly collecting information from users under 13, consult your attorney before continuing.
4. List all the parties (such as ad networks and technology partners) who have access to PII and how it will be used.
5. List all user profile control options: can users request, view, edit or delete their information?
6. Outline data retention and disposal policies for all user data, paying particular attention to canceled accounts.
Step 2: Write Your Policy
With that in hand, it's time to write your policy. If you have an attorney on staff with the requisite experience, start there. If not, there are lots of free templates and tools like the Privacy Choice policy maker to get you started. Customize as you see fit. (There are also plenty of paid services that specialize in privacy policies.)
Step 3: Review Your Policy
In all the prettying up, you may have misinterpreted some facts. Run the finished policy past your developers. Then compare your policy to those mandated by any of the app stores that will be distributing your app. The CDT document has some good summaries, but you'll want to check the most recent terms from the stores themselves.
Step 4: Get Certified (Optional)
Lead image courtesy of Shutterstock.