How do you create a simple privacy policy for an app
Since Apple is requiring all mobile apps to have privacy policy in a couple days, I'm wondering how makers here are creating privacy policies for their app? I have recently launched a very simple journaling app that don't have any backend, analytics or internet permission on android for that matter. All I need is an extreme simple privacy policy. I looked around. Many of these similar apps either have bloated policy: https://dayoneapp.com/privacy-policy/ or policy that lists their analytics services (which I don't have) e.g.: https://daylio.helpscoutdocs.com/article/15-privacy-policy
I've tried a few privacy policy generators, ironically enough, most of them are leads collectors (that collects your info and email for reasons...😱), that almost use the same template. At this point, I'm almost tempted to write my own. Is it wise?
How do you create your privacy policy for the app makers out there?
I used https://getterms.io/. Cheap and includes GDPR. I just modified it a tiny bit to use the words "app" rather than "website".
Yes, I found out about this right after I posted this. And I really loved their human language. So I decided to use them as a starting point, but ended up creating most of it myself.... I love the fact that they don't ask you to register or login with Facebook like iubenda or shopify. :D
Exactly, they have a cool favicon too (it blinks!!)
Just picked this up, thanks.
https://iubenda.com has been great for me.
I heard good things, but I'm hesitant because it asks me to register for no reason... Thanks for suggesting though.
Hey there Shaomeng, imho it's getting more and more complicated to write a simple policy now that GDPR is the de-facto basis for privacy policy creation - and most of it is a bit unclear still. You can still model your policy after less restrictive regulations, but for most products it makes sense anyway, except if you're definitely skipping Europe as a market.
Here's the basis as it's explained by the British privacy authority, it's definitely helpful if you want to roll your own, or at least understand what's supposed to be inside a privacy policy: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/
I'm also working daily on privacy policies at https://www.iubenda.com as mentioned in this thread before, happy to answer if you have any questions.
Thank you for that link! That's helpful! While I heard a few good recommendations for your service, I'm hesitant to use it because it asks for my registration without explaining why. I ended up rolling my own: https://thezenjournal.com/privacy.html
I'd really appreciate feedback and input here if you have any.
Yep I can help. The registration is there because we're not a simple privacy policy text generator like the rest of them, we actually care. :) That means that your policy keeps getting updates after you first generated it and you can change it at anytime after generation.
Regarding your policy, for sure it needs some work. For instance, you're not telling people who you are - and even if you don't collect or process any data whatsoever (which is kind of hard), identification is somewhat crucial, at least if you want to go by the European book.
Hope this helps
It's easier to not have analytics at this stage so no collection or processing. I'll look into the European rules. Thank you for the helpful feedback!
no problem. Also by the way, just one quick glance onto your website also reveals that you're collecting users' email addresses, which in itself is processing of data :)
Did you try the Shopify one? I haven't, but others here have recommended it.
https://www.shopify.com/tools/policy-generator
I know they collect info, but they probably just add you to a marketing list.
Yeah, I sometimes hate those lead-gen landing pages...
For 2 sites, I used the WordPress privacy policy and ToS. They released it under the creative commons. It still requires a bit of editing, and does mention analytics as well.
I'm a little worried about it in the new GDPR world. Enough so that I didn't enable analytics on my most recent project. But I'm probably still not in compliance because of web logs.
Edit
And link:
https://automattic.com/privacy/
It's grown a bit it looks like. I used it pre-GDPR.
Hehe, it is comprehensive! That's also why it doesn't fit my simple app. So I ended up writing my own. :D
Also, in the process, I really like cloudflare's https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/
If people from the EU are downloading your app, you have to follow the GDPR regulations. Basically it says that you have to obtain express permission to collect their info, and that you only use that info for the purposes outlined in your policy. If you later want to use their data for a different reason, then you have to obtain new permission.
I used Termly and seems to be alright so far, although they want you to sign up for their paid version eventually - https://termly.io/
I haven't looked at it in depth, but found this in my bookmarks: https://termsfeed.com/privacy-policy/generator/
I found a few policies that I really liked:
http://www.notedapp.io/privacy-policy/
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/
https://gitlab.com/staltz/manyverse/wikis/Privacy-Policy
But I ended up rolling my own. Would love some feedback if you have any: https://thezenjournal.com/privacy.html