Get up to speed

Take 4 simple steps
to better privacy

Avoid pitfalls

See the top 6 privacy
mistakes

Make your policy

Easily integrate it into
your mobile app or site

Get free tools

Grab policy language
and code samples

Get help

Let us provide a custom
assessment of your site

Alerts

Do app stores require privacy policies?

Re-envisioning privacy notice with Policymaker

The FTC cracks down on data collection from kids.

How will Do Not Track work for mobile apps?

faq | blog | twitter | contact | terms
login

Six privacy mistakes developers make
	1. "I don't need a privacy policy for my app." Nearly every app store and marketplace requires that you have a privacy policy if your app transmits data. Read more about requirements. Your app is not covered by the terms of service or privacy policies of the app stores.
	2. "Apps don't have to disclose data collection by ad companies." For most apps, the bulk of data collection happens when ad networks and analytics companies do their thing. Those companies have their own privacy obligations, but you have the primary responsibility to let your users know what's going on. Even more importantly, you have a responsibility to work only with companies who collect and use data responsibly. The PrivacyChoice index gives you this info at a glance, and the PrivacyChoice Policymaker makes it easy to build third-party disclosure into your privacy policy.
	3. "Kids are just like any other users when it comes to privacy." The Federal Trade Commission has issued rules that may require parental permission for the collection of personal information from children under the age of 13. The FTC recently collected a $50,000 fine for a violation of these rules. You should understand whether these rules apply to your app, and make sure your privacy policy is clear.
	4. "It's okay to collect data that I don't use." Just because you can collect a kind of user data doesn't mean it is appropriate to do so. For instance, if your app doesn't use location info, there is no reason to collect it. By the same token, it's poor form to say that you collect more than you actually do, in order to preserve the right to do so someday. It's better to keep it real, and update your policy when you need to.
	5. "I can treat registration information like any other data." Not all data is equal when it comes to privacy. Information that can identify someone ' like their name or mail address ' is more sensitive than anonymous log files, but probably less sensitive than transaction information like credit card numbers. The best privacy practices take into account the sensitivity of information when deciding how to collect, store and share it. Transaction info and, in some cases, other registration info, may need to be encrypted. Your organization's internal permissions also need to treat sensitive data differently; not everyone should have access to personal or transaction info.
	6. "I can keep user data forever." With storage being cheap, you may be tempted to be a data pack rat, saving every table and log file long after your last use. But you'll do better by your users if you only keep data as long as you truly need it. Don't let users worry that old information in your database could be disclosed accidentally or in legal process (a hassle for you, too). Set up a deletion policy for each kind of data and lighten your load.
Make your privacy policy now (it's free)

Privacy

We collect but do not link personal and activity data.
If you sign up for Policymaker, site scanning, or email removal services, we may ask for your name, title, email address, city, state, postal code, country of residence, and phone number, and we may invite you to select a password. We never associate any of your personally identifiable information with information about your activities through our services.
We do not store or share your precise location.
We do not access your precise location. Our analytics system may log the approximate location of anonymous users.
You can request to see or delete your personal data.
You may choose to correct, update, or delete the membership information you have submitted to us by sending an email requesting changes to privacy@privacychoice.org. You may unsubscribe from email communications by clicking on a link in the bottom of each email you may receive from us.
We keep data for a limited time period.
We maintain information collected for no more than one year after your last interaction with our service or the termination of your subscription.
We don't share your personal data.
We do not convey any information about your use of this service to any other party for their use, other than for their use solely in providing services to us. We may publish reports with aggregate information, such as trends in the interests of PrivacyChoice users. This never includes information about any individual user.
No ad companies collect data through our service.
We do not allow any other company to collect information on this site for their own use.
You can ask privacy questions.
We encourage questions and comments on our privacy policy, and anything else that can help improve our service. Please contact us at privacy@privacychoice.org or use our contact form.
Analytics companies access anonymous data on our behalf.
"Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors." (Google)

Google Analytics Privacy Policy
Service providers may access data on our behalf.
We may use agents and contractors in order to help operate our site. Their use of information is limited to these purposes and is subject to confidentiality agreements.
Special situations may require disclosure of your data.
To operate the service, we also need to make your information available to third parties in these limited circumstances: (1) with your express consent, (2) when we have a good faith belief it is required by law, (3) when we have a good faith belief it is necessary to protect our rights or property, or (4) to any successor in a merger or acquisition. We will attempt to notify you in any such case, to the extent permitted by law to do so.
Our full privacy policy includes more information.
Our full privacy policy includes other important terms. Click to read it:

Full Privacy Policy
Feedback

Get up to speed

Avoid pitfalls

Make your policy

Get free tools

Get help

Alerts

Six privacy mistakes developers make

1. "I don't need a privacy policy for my app."

2. "Apps don't have to disclose data collection by ad companies."

3. "Kids are just like any other users when it comes to privacy."

4. "It's okay to collect data that I don't use."

5. "I can treat registration information like any other data."

6. "I can keep user data forever."