Your mobile app almost certainly requires a Privacy Policy because privacy laws require one when personal information is collected, Apple requires all iOS developers to publish a Privacy Policy, and Google requires almost all Android developers to publish one as well.

This article contains some simple, step-by-step guides to creating a basic Privacy Policy for your mobile app. We're going to look briefly at the requirements under privacy law, Apple's policies, and Google's policies, so you can confirm if you need a Privacy Policy for your mobile app.

We've also put together a Sample Mobile App Privacy Policy Template that you can use to help write your own.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your mobile app. Just follow these steps:

  1. At Step 1, select the App option.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your app.

    TermsFeed Privacy Policy Generator: Answer questions about Mobile App - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new App Privacy Policy.



Privacy Law and Mobile Apps

Many privacy laws around the world require businesses to provide their customers with a Privacy Policy. Privacy law is becoming stricter all the time, and intrusive mobile technology is a big reason for this.

It's highly likely that you will need to comply with privacy law if you develop or publish a mobile app.

Here are some examples of countries and regions with privacy laws that require all or some businesses to publish a Privacy Policy:

  • United States (US): Most notably, laws such as the California Online Privacy Act (CalOPPA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
  • European Union (EU): The General Data Protection Regulation (GDPR) and the ePrivacy Directive
  • United Kingdom (UK): The GDPR, Privacy in Electronic Communications Regulations (PECRs) and Data Protection Act 2018
  • Canada: Personal Information and Privacy of Electronic Documents Act (PIPEDA)
  • Australia: Privacy Act
  • South Africa: Processing of Personal Information Act (POPI Act)

Depending on where your business is based, and where your users are based, you might need to comply with several of these laws, and perhaps many more.

Unlike a Terms and Conditions agreement that is not required by law, the Privacy Policy is required by law. For example:

  • If your app is accessible in California, you must comply with California privacy law
  • If your app is accessible in the EU, you must comply with EU privacy law

For a more complete look at privacy laws around the world, view our article: Privacy Laws By Country.

These rules apply whether you have a business presence in these places or not. Most of these laws only require you to publish a Privacy Policy if your mobile app collects "personal information." However, personal information is a very broad concept.

Personal information can be a person's name or email address. It can be their username or device ID. Or it can even be data about how they use your app. For more information, see our article What Is Personal Information Under Privacy Laws?

Do I Need a Privacy Policy for My iOS App?

Yes, Apple requires every iOS app to have a Privacy Policy. This rule has been in place since October 2018.

Apple is very clear in its App Store Review Guidelines that every app requires a Privacy Policy:

Apple App Store Review Guidelines: Data Collection and Storage clause - Privacy Policy general requirement

Apple has some very specific requirements about what you must cover in your Privacy Policy.

There's a step-by-step guide on how to create an iOS Privacy Policy below. We also take a detailed look at this topic in our article Privacy Policy for iOS Apps.

Do I Need a Privacy Policy for My Android App?

Yes, you're probably required to have a Privacy Policy for your Android app.

Google isn't quite as strict as Apple when it comes to having a Privacy Policy. There's no blanket rule that every Android app requires a Privacy Policy. Instead, Google states that your app requires a Privacy Policy if you collect "personal and sensitive information."

Google Play Console Help: Policy Center - User Data - Personal and Sensitive User Data clause

Notice that Google's definition of personal and sensitive information is very broad. It includes "personally identifiable information," which is another way of saying "personal information."

So, if your Android app collects any kind of personal information, you need a Privacy Policy. This might include a name, username, or email address.

Google adds that you also need a Privacy Policy if you collect:

  • Payment information
  • Authentication information
  • Location information
  • Contacts, call or SMS information
  • Microphone or camera data
  • Device or app usage data

If you're taking payments, running analytics, or accessing certain device permissions on your Android app, you need a Privacy Policy.

Google has specific requirements about what you must include in your Privacy Policy. There's a step-by-step guide on how to create an Android Privacy Policy below. We also take a detailed look at this topic in our article Privacy Policy for Android Apps.

A Privacy Policy for Cross-Platform Apps

Releasing your app on both iOS and Android? Apple and Google have slightly different requirements, but you don't need two separate Privacy Policies.

We've created step-by-step guides from creating a Privacy Policy for either iOS or Android below. There's some overlap between these guides.

You'll notice that steps 1-4 of our two guides are the same for both iOS and Android apps. If you want to create a Privacy Policy that covers both Apples and Google's requirements, ensure you read:

  • Steps 1-4 from either the iOS or Android app guidance, and
  • Step 5 and 6 from the iOS apps guidance, and
  • Step 5 from the Android apps guidance

Privacy Policy for iOS Apps

Here's a step-by-step guide to creating a basic Privacy Policy for an iOS app.

Before we begin, note that Apple has specific rules for developers of certain types of apps, including apps aimed at children, Mobile Device Management apps, and VPN apps. Depending on the nature of your app, you may need a more detailed Privacy Policy.

Here's what your iOS Privacy Policy must include, at minimum:

Apple App Store Review Guidelines: Data Collection and Storage clause - Privacy Policy requirements highlighted

We're going to break those requirements down into six steps:

1. Check Which Privacy Laws Apply to You

Remember that above all, your iOS Privacy Policy must be legally-compliant. You may need to comply with privacy laws that go beyond Apple's requirements. We can help you create a legally-compliant Privacy Policy for many major markets (see above).

2. Identify What Data Your App Collects

Apple first requires that your Privacy Policy identifies what data your app collects.

This means listing all user data you collect via your app, whether you think it's "personal information" or not.

Here's a good example from journaling app Reflectly.

First Reflectly lists the personal information it collects:

Reflectly Privacy Policy: Collection of Your Information - Personal Data clause

Reflectly also lists some other sorts of data its app collects:

Reflectly Privacy Policy: Derivative Data and Uploaded Media clause

3. Explain How You Collect User Data

You must explain how your app collects user data.

There are two broad ways in which your app might collect user data:

  • Your users might provide their data voluntarily, for example by setting up an account or granting device permissions.
  • Your app might collect users' data automatically, for example by recording and sending you information about how they use the app.

Here's how Display io explains these two methods of data collection to its users:

Display io Privacy Policy: How We Collect Data and Category of Data Source clause

Note that in this section of its Privacy Policy, Display io covers both points 2 and 3 of our list.

Your business might also collect personal information from third parties (such as marketing companies) or publicly available sources (such as social networks). Although this might not be strictly relevant to your app, you may still need to disclose it in your Privacy Policy.

4. Explain How You Use User Data

You must explain exactly how you use the data your app collects.

Here's a great example from FaceApp. FaceApp is a photo-editing app that experienced controversy over its Privacy Policy in 2019. Its revised Privacy Policy seeks to reassure users and provide as much transparency as possible.

Here's an excerpt of the relevant section of FaceApp's Privacy Policy:

FaceApp Privacy Policy: How We Use Your Personal Information clause excerpt

Think very carefully about what you're doing with all the data your app collects. Be very clear about what you're doing with this information. And if you collect data that you don't need, stop collecting it.

5. Confirm Recipients of User Data are Compliant with Apple's Policies

You must provide certain information about any third parties with whom you share user data.

Let's remind ourselves of Apple's exact requirements:

Apple App Store Review Guidelines: Privacy Policy and third party protection requirement

That point we've highlighted above is effectively two rules in one.

  1. You must ensure that any third parties with whom you share data comply with Apple's rules, and
  2. You must confirm that you do this in your Privacy Policy

Here's an example from Crazy Labs:

Crazy Labs Privacy Policy: Third Party Providers clause

6. Explain Your Data Retention and Deletion Policies

Your Privacy Policy must provide information about your data retention and deletion policies.

Again, let's look at Apple's exact requirements.

Apple App Store Review Guidelines: Privacy Policy and data retention, deletion and consent requirement

This is more complicated than it first appears. This requirement implies that you must:

  1. Create policies that determine how long you store user data and under what circumstances you'll delete it
  2. Provide a method for your users to revoke consent or request deletion of their data
  3. Explain all of this in your Privacy Policy

Here's an example of a simple data retention policy clause from Pitchero:

Pitchero Privacy Policy: Data Retention clause updated

Pitchero explains that it will retain its users' data for as long as they are active users, and it will delete user data after three years of inactivity. It also notes what the procedure is for non-registered users.

If you ask for your users' consent when you collect their data (Apple insists that you do request consent under most circumstances), you must allow them to revoke consent. You must also provide a way for them to revoke consent (change their minds).

Here's how Fitbit explains several ways in which its users can revoke consent via settings it provides in its mobile app:

Fitbit UK Privacy Policy: Your Rights to Access and Control Data: Objecting to Data Use clause

You should also set up a process by which your users can request that you delete their data. Your Privacy Policy should explain this process to your users, such as by providing your contact information and a note that users can email you with deletion requests.

It's good to provide a way for users to delete their data from within your app. Here's an example from the Intuit QuickBooks Self-Employed app:

Intuit Self-Employed app: Delete Data option highlighted

While Apple does have some strict requirements, they aren't overly complicated to satisfy with some simple Privacy Policy clauses and content.

Privacy Policy for Android Apps

As we've seen, Google requires your app to have a Privacy Policy if it collects "personal and sensitive user data" (which is a very broad term).

So, what should you include in your Android app Privacy Policy? Here's an excerpt from Google's "Privacy, Security, and Deception" page:

Google Play Console Help: Policy Center - User Data - Personal and Sensitive User Data clause

We're going to break those requirements down into five steps:

1. Check Which Privacy Laws Apply to You

Your Privacy Policy must be legally compliant.

We can help you create a legally-compliant Privacy Policy for many major markets (see above).

Note that Google has some very specific requirements if your mobile app is accessible within the EU. We explain some of these rules in our article Privacy Policy for Android Apps.

2. Identify What Data Your App Collects

You should identify what types of data your app collects.

The data you collect might include:

  • Technical information such as location, usage data, or SSAID (Android ID)
  • Directly identifying personal information such as a user's name, email address, or username
  • Other sensitive information such as passwords, payment details, or information about a person's race, gender, or beliefs

Here's how Overhaul explains what data it collects:

Overhaul Privacy Policy: Information we collect directly from you clause

Note that Overhaul specifies that it collects this data directly from its users. This leads us onto the next section of your Android app Privacy Policy.

3. Explain How You Collect User Data

You must explain how your app collects data.

Your Android app probably collects user data in two main ways:

  1. When your users provide it directly (e.g. when they set up an account)
  2. When your app collects is automatically

Here's how Fitlink explains what data it collects from its users directly:

Fitlink Privacy Policy: Data directly collected clause

Here's how Animoto explains what data its app collects automatically from its users:

Animoto Privacy Policy: Mobile App Passive Data Collection clause

Depending on your business, you might also collect personal information about your users from third parties. You should also disclose this in your Privacy Policy.

4. Explain How You Use User Data

Now you've told your users what data you collect and how you collect, you need to explain how you use their data.

Here's an example from SoundCloud:

SoundCloud Privacy Policy: Highlighted Excerpt of How We Use Your Information clause

This is just a small excerpt from the long list SoundCloud provides. Think carefully about how you use any information your app collects.

5. Explain How You Share User Data

Google requires that you explain:

  • How you share user data (we can assume requires you to identify what types of user data you share)
  • What types of third parties you share user data with

Here's how Square Up does this:

Square Up Privacy Policy: When and With Whom we Share Information clause

How to Add a Privacy Policy URL for Your Android App

You can download these instructions as PDF file.

  1. Log in to your Google Play Console.

  2. Click on the app you wish to work with:

    TermsFeed Google Play Console: All apps: TermsFeed app selected

  3. In the left menu, scroll to the Policy section and click on App Content:

    TermsFeed Google Play Console: Dashboard - App content highlighted

  4. Click on the Start button under the Privacy Policy section:

    TermsFeed Google Play Console: App content - Privacy Policy with Start button  highlighted

  5. On this page, you'll see the field for adding the Privacy Policy URL for your app:

    TermsFeed Google Play Console: App content - Privacy Policy URL field button  highlighted

    If you do not have a Privacy Policy, you can use our Privacy Policy Generator and create it within minutes. TermsFeed will host your Privacy Policy URLfor free.

  6. Once you have the Privacy Policy created by TermsFeed, click Copy from the Link to your Privacy Policy section to copy the URL:

    TermsFeed Generators App: Privacy Policy Download Page - Link to hosted Privacy Policy URL copy option highlighted

  7. Paste the Privacy Policy URL in the field box:

    TermsFeed Google Play Console: App content - Privacy Policy URL with paste option button highlighted

  8. Click Save:

    TermsFeed Google Play Console: App content - Privacy Policy URL added with Save button highlighted

  9. You're done.

Where to Display Your Mobile App Privacy Policy

Both Apple and Google require that you display an easily-accessible link to your Privacy Policy within your mobile app. For example, this could be within your app's "Settings," "About," or "Legal" menu.

Here's an example from the BBC iPlayer app:

BBC iPlayer app: Settings menu with Privacy links highlighted

You should also, as far as possible, provide a link to your Privacy Policy whenever you collect personal information.

Here's an example from the self-improvement app Deepstash. The user can access Deepstash's Privacy Policy when they first set up an account:

Deepstash app Create Account screen with Terms and Policy links highlighted

You should also provide access to your Privacy Policy whenever taking payments over your app. Here's how Audible does this:

Audible app Confirm Purchase screen with Terms and Privacy links highlighted

Take every reasonable opportunity to present your Privacy Policy to your users.

Apple App Store

For iOS Apps, you must submit a link to your Privacy Policy when you upload your app to App Store Connect:

Apple App Store Connect Help: App Information dashboard with Privacy Policy URL highlighted

This link will then display in your App Store listing once your app is published.

Google Play Store

For Android apps, you'll need to upload your Privacy Policy to the Google Play Store via your Play Console.

Google explains how to do this on its "Prepare your app for review" page:

Google Play Console Help: Provide App Information: Add a Privacy Policy section

This link will then display in your Google Play Store listing once your app is published.

Summary of a Mobile App Privacy Policy

Mobile app developers need a Privacy Policy to comply with privacy law, Apple's policies, and/or Google's policies.

Here's a summary of the steps you should take when creating a Privacy Policy:

Mandatory for iOS apps Mandatory for Android apps
Check which privacy laws apply to you
Identify what data your app collects
Explain how you collect user data
Explain how you use user data
Confirm recipients of user data are compliant with Apple's policies
Explain your data retention and deletion policies
Explain how you share user data

Ensure you make your Privacy Policy easily available:

  • Within your app's menus
  • Whenever you collect personal or financial information
  • Via your listing on the App Store and/or Google Play Store

Download Sample App Privacy Policy Template

Generate a Privacy Policy in just a few minutes

Our Sample Mobile App Privacy Policy is available for download, for free. The template includes these sections:

  • Definitions
  • Collecting and Using Personal Information
  • Usage Data
  • Use of Personal Information
  • Transfer of Personal Information
  • Disclosure of Personal Information
  • Security of Personal Information
  • Links to Other Websites
  • Changes to Privacy Policy
  • Contact Information

Sample Mobile App Privacy Policy Template (HTML Text Download)

You can download the Sample Mobile App Privacy Policy Template as HTML code below. Copy it from the box field below (right-click > Select All and then Copy-paste) and then paste it on your website pages & app screens.

Sample Mobile App Privacy Policy Template (PDF Download)

Download the Sample Mobile App Privacy Policy Template as a PDF file

Sample Mobile App Privacy Policy Template (Word DOCX Download)

Download the Sample Mobile App Privacy Policy Template as a Word DOCX file

Sample Mobile App Privacy Policy Template (Google Docs)

Download the Sample Mobile App Privacy Policy Template as a Google Docs document

Screenshot of the Sample Mobile App Privacy Policy Template

More Privacy Policy Templates

More specific Privacy Templates are available on our blog.

Sample Privacy Policy Template A Privacy Policy Template for all sorts of websites, apps and businesses.
Sample Mobile App Privacy Policy Template A Privacy Policy Template for mobile apps on Apple App Store or Google Play Store.
Sample GDPR Privacy Policy Template A Privacy Policy Template for businesses that need to comply with GDPR.
Sample CCPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with CCPA.
Sample California Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's privacy requirements (CalOPPA & CCPA).
Sample Virginia VCDPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with Virginia's VCDPA.
Sample PIPEDA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with Canada's PIPEDA.
Sample Ecommerce Privacy Policy Template A Privacy Policy Template for ecommerce businesses.
Small Business Privacy Policy Template A Privacy Policy Template for small businesses.
Privacy Policy for Google Analytics (Sample) A Privacy Policy Template for businesses that use Google Analytics.
Sample CalOPPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's CalOPPA.
Sample SaaS Privacy Policy Template A Privacy Policy Template for SaaS businesses.
Sample COPPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's COPPA.
Sample CPRA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's CPRA.
Blog Privacy Policy Sample A Privacy Policy Template for blogs.
Sample Email Marketing Privacy Policy Template A Privacy Policy Template for businesses that use email marketing.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy