Welcome to Pete Brown's 10rem.net

First time here? If you are a developer or are interested in Microsoft tools and technology, please consider subscribing to the latest posts.

You may also be interested in my blog archives, the articles section, or some of my lab projects such as the C64 emulator written in Silverlight.

(hide this)

Windows Store app development: Include that privacy policy

Pete Brown - 03 October 2012

Privacy is a huge concern to most customers. Part of the Windows Store app certification process includes checking for the presence of a privacy policy if your app declares any capabilities which could affect privacy.

MSDN has a section (4.1.1) explaining what is expected from the privacy policy. I won't quote it here, but some important points jump out (emphasis mine):

Declaring certain capabilities in your app manifest makes us think your app collects the corresponding private information. For example, declaring Internet capabilities (internetClient, internetClientServer) in the app manifest makes us think you're collecting the IP number of the user.

Note that the default templates for apps in Visual Studio include the internetClient capability, so unless you change the default manifest, you will need a privacy policy.

So if your app connects to the Internet, you need a privacy policy explaining what you do with the information (IP numbers, for example).

Similarly, if your app captures Webcam images, Audio or video recordings, accesses Photos, Contacts, or Documents, or collects user-entered name, address, date of birth or other personally identifiable information (PII), you must have a privacy policy.

The format and structure of the privacy policy is up to you and your lawyer. It's a legal document, just like an EULA or other license agreement. For those reasons, Microsoft does not provide a template or any guidance on the format of the document other than the following:

In general, an acceptable privacy policy is one that:

  • Informs users of the information collected by your app
  • Informs users how that information is used, stored, secured and disclosed
  • Describes the controls that users have over the use and sharing of their information
  • Describes how they may access their information
  • Complies with applicable laws and regulations

Again, refer to our official documentation on the topic on MSDN for any updates to this guidance.

Viewing the Policy

Prior to installation, the privacy policy is also available on the app's page in the store. Once installed, the privacy policy is accessed through the Settings pane in the app, as shown here:

image

By way of example, here's part of the privacy policy flyout page for an app:

image

So, you can see that the policy doesn't need to be written in legalese, but can instead be plain text which explains the information collected and what you do with it.

   
posted by Pete Brown on Wednesday, October 3, 2012
filed under:    

2 comments for “Windows Store app development: Include that privacy policy”

  1. Arun Mahendrakarsays:
    Hey Pete,

    I had some trouble writing my first privacy policy for my app. I had to look for multiple apps and read through many paragraphs online to figure out what needs to go into a privacy policy.

    The section 'In general, an acceptable privacy policy is one that:' makes up for a very nice reference. Can you please make sure those points are included in the site (link below) for the reference of the thousands of developers?

    http://msdn.microsoft.com/en-us/library/windows/apps/hh694083.aspx

    Thanks,
    Arun

Comment on this Post

Remember me