Windows 8 Certification Tips: The privacy statement

Windows StoreOne of the most common reasons Windows 8 apps fail certification is lack of a privacy statement, this blog explains when you need one and gives tips on how to do it.

With the Developer Movement rewarding you for publishing your apps, you are probably all psyched to submit your app to the store. Here’s a little something to help you pass certification on the first try.

Do I need a privacy policy for my app?

Windows 8 Certification requirement 4.1.1 states

“Your app must have a privacy policy if it collects personal information”

Now most of us building apps read that and think, hey I’m not collecting anyone’s email address or phone numbers with my app so I don’t need a privacy statement. Then you submit your app for certification and it fails! Why?

Personal information includes: Webcam snaps, Audio/Video recordings, Photos, Documents, Contacts, and so on. So if you are using the webcam to take pictures or creating a document that access contact information or users files you need a privacy statement.

Personal information also includes: IP Addresses. That means if your app has the ‘internet client’ capability enabled in your app you are going to need a privacy statement. By the way, the default templates in Visual Studio include the ‘internet client’ capability, so unless you change the default manifest, you will need a privacy statement.

What do I put in a privacy policy?

According to Windows 8 certification requirement 4.1.1

“In general, an acceptable privacy policy is one that:

  • Informs users of the information collected by your app
  • Informs users how that information is used, stored, secured and disclosed
  • Describes the controls that users have over the use and sharing of their information
  • Describes how they may access their information
  • Complies with applicable laws and regulations

We do not provide a sample or a template for a privacy policy beyond that. Since the privacy policy is a document between you and the users of your app, you will have to write it and publish it on a website yourself.

If you do not actually collect or store personal info from the users, say so in your privacy policy”

Where do I have to put this privacy policy?

You must provide the privacy policy (or a link to it) in the description page of the submission site and in your settings. Here’s a great post from Tim Heuer telling you how you can use a free Azure website to host your privacy policy!

Where can I find some examples?

Take a glance at the Windows 8 store and look at the description pages of some published apps. You can also go to the settings page of any installed apps you may have. If your app doesn’t collect personal information, you can probably write it yourself making it clear that you do not collect personal information. If your app does collect personal information you need to do your homework and find out the appropriate legal wording for your privacy policy.

CTE Solutions is an app created by a training centre to help people find courses.

“This application does not collect or share any personal information. Your IP address (and related data provided by the operating system when making a web request) may be logged by the Internet-based servers (controlled by CTE Solutions) that provide the data used by the application.”

The Microsoft game Wordament which has you log in with a userid to play the game and posts high scores uses the Microsoft Online Privacy notice found here.

PuzzleTouch Prime which is a jigsaw puzzle game that allows you to create puzzles from your own photos uses the privacy policy here

Can I have a code example for adding it to settings?

Sure, we all live for cut and paste. I found a nice C# example of how to add a privacy policy to your settings in a blog post at Expression

This was helpful do you have more useful stuff for Windows 8 app developers?

We have a windows 8 resources page where we continue to add content and blogs we think can help you here.