If you're launching a mobile app on Apple's App Store or Google Play, a Privacy Policy isn't optional — it's a requirement for getting your app approved. And if your app collects any personal data, privacy law requirements go far beyond just satisfying the app stores.
App store requirements
Apple App Store
Apple requires a Privacy Policy for any app that:
- Is free with in-app purchases
- Requires account creation or login
- Collects any personal data
- Is directed at children (under 13 in the US)
- Uses certain Apple frameworks including HealthKit, HomeKit, or App Tracking Transparency
In practice, nearly every app requires a Privacy Policy. Apple will reject your app from the App Store if the required Privacy Policy URL is missing or the policy is inadequate.
Apple also requires you to complete App Privacy Nutrition Labels in App Store Connect, disclosing what data your app collects and how it's used. These must accurately match your Privacy Policy.
Google Play
Google requires a Privacy Policy for any app that:
- Requests any sensitive permissions (camera, location, contacts, microphone, storage)
- Collects personal or sensitive user data
- Is designed for children
Google also requires you to complete its Data Safety section in the Play Console, with information that must be consistent with your Privacy Policy.
⚠ Inconsistencies between your Privacy Policy and your App Store nutrition labels or Play Store data safety declarations can lead to app removal. Make sure all three are consistent.
What data do mobile apps typically collect?
Mobile apps collect data at multiple levels — some you control, some collected by third-party SDKs you've integrated:
- Account data — name, email, username, profile photo
- Device data — device model, OS version, device identifiers (IDFA, GAID)
- Location data — precise GPS location, approximate location
- Usage data — screens viewed, features used, session duration, crash reports
- Camera / microphone — if your app uses them
- Contacts / calendar — if your app accesses them
- Push notification tokens — for sending push notifications
- Analytics SDK data — collected by Firebase, Mixpanel, Amplitude etc.
- Advertising SDK data — collected by Meta Audience Network, AdMob etc.
What must your mobile app Privacy Policy include?
Data collection disclosure
Name every type of personal data your app collects, including data collected by third-party SDKs. Don't just list categories — be specific about the data type and the purpose.
Third-party SDKs and services
Every SDK in your app that processes personal data must be named. Common mobile SDKs to disclose:
- Firebase Analytics / Crashlytics (Google)
- Meta Audience Network (if you show ads)
- Adjust, AppsFlyer, or Branch (attribution)
- Intercom or Zendesk (support)
- RevenueCat (in-app purchases)
- Sentry (error tracking)
App Tracking Transparency (iOS)
If your app tracks users across other apps or websites for advertising purposes, you must request permission via Apple's App Tracking Transparency framework. Your Privacy Policy must explain this tracking and how to opt out.
Children's privacy
If your app is directed at children under 13 (US) or under 16 (UK), additional requirements apply under COPPA (US) and UK GDPR. Parental consent must be obtained before collecting children's data.
User rights
Explain how users can:
- Access the personal data you hold about them
- Delete their account and data
- Opt out of marketing communications
- Withdraw permissions (camera, location, notifications)
Data deletion on account deletion
Apple now requires that apps with accounts allow users to delete their account from within the app, and that this deletion removes their personal data. Your Privacy Policy must explain what happens to data when an account is deleted.
Where to link your Privacy Policy
- App Store / Play Store listing page
- App settings screen (accessible within the app)
- Account registration or onboarding flow
- Any screen where you request permissions
- Your app's website or landing page
The bottom line
Every mobile app that collects personal data needs a Privacy Policy — both for legal compliance and to satisfy Apple and Google's store requirements. The policy must name your specific SDKs, explain your data practices accurately, and match your App Store nutrition labels and Play Store data safety declarations. DataShark generates personalised Privacy Policies from $19.
Ready to generate your GDPR policy?
Answer a few questions about your business and get a personalised, legally-structured document in minutes.
Start free — from £29 →