With app privacy labels in the Apple App Store, you inform your app users about your data processing practices in a clear way and build users’ trust. The app privacy labels are intended to provide users with an overview of an app’s data processing practices using symbols and brief language. To create the labels, answer the questionnaire in App Store Connect and the labels will be automatically generated and displayed on your app’s page on the App Store.
What does this mean for your app?
If you are setting up a new app that will be distributed via the App Store for the first time, you must submit the questionnaire before the app can be published.
If you have an app that is already published in the App Store, you must submit the questionnaire before the app can be updated to a new version.
Privacy Policy and App Privacy Labels
Both the Apple App Store and the Google Play Store already require you to have a privacy policy in place when submitting your app through their platform. The app privacy labels are an addition to Apple’s requirement for a privacy policy.
We also recommend that you review the questionnaire and your privacy policy regularly to ensure they both correspond to your processing activities in relation to the app.
Answering the App Privacy Questions
Prerequisites
- In your App Store Connect account, you have the role of Account Holder, Admin, or App Manager.
It’s always possible to go back and edit your answers. Even after publishing your data privacy labels, you can answer the questions again and publish new data privacy labels. Updates to the app privacy labels apply instantly. There is no need to rebuild or resubmit the app.
- Sign in to App Store Connect and navigate to My Apps.
- Select your app.
- Navigate to App Privacy.
- Click Get Started.
A dialog opens to take you through the app privacy questions.
Select the relevant types of data that your app uses. Learn more about the typical Staffbase data types.
The selected data types are added in the Data Types section. - In the Data Types section, for each selected data type, answer the detailed questions.
- Click Publish.
Data Types for App Privacy
Staffbase wants to support you as much as possible in answering the app privacy questionnaire.
In terms of the GDPR, Staffbase acts as the ‘data processor’ when processing personal data to provide its services to you. To allow you to properly and securely use your app, we require a variety of data as explained in the overview below. Our data processing agreement contains further information about the data types processed by Staffbase on behalf of its customers. In addition to the required information, you may decide to collect additional information depending on your use cases, integrations, or technical set-up of the app.
Learn more about data types from the Apple documentation.
Overview of Data Types and Their Usage
Data Type | Usage by Staffbase |
---|---|
Contact Info Name & Email Address |
Usage: App Functionality Linked to user: Yes Tracking: No Typically used for user accounts and sign-in procedures. Staffbase requires the name of your authorized users to create user accounts. Depending on your chosen sign-up and sign-in procedure, an email address may also be required. For example, when you allow users to sign-in with their name and email address, both data types are required by Staffbase. However, if you allow Single Sign-On, Staffbase does not collect your users’ email addresses. |
Contact Info Phone Number, Physical Address and Other User Contact Info |
You can decide if you want to collect this information and for what purpose. For example: to complete user profile fields. |
Health & Fitness Regulated or Protected Health Information |
Staffbase does not allow you to collect or process any patient, medical, or other regulated or protected health information as explained in our terms of service. |
Health & Fitness Other Health Information |
You can decide if you want to process other health information and for what purpose. For example: allowing users to upload sick notes. |
Financial Information Payment and Credit Information |
Staffbase does not allow you to collect or process any financial information (including bank account or payment card numbers) or any other regulated or protected financial information as explained in our terms of service. |
Financial Information Other Financial Information |
You can decide if you want to process any ‘Other Financial Info’ (as defined by Apple) and for what purpose. |
Location | Not collected or required by Staffbase. Staffbase does process IP addresses, however, we do not use the IP address to determine location information. More information about our use of IP addresses can be found under ‘Diagnostics’. |
Sensitive Information | Staffbase does not allow you to collect or process the following categories of sensitive information as explained in our terms of service: Biometric Data and Genetic Data You can decide if you want to process any other sensitive data and for what purposes. For example: content shared in the app may contain information about a user’s pregnancy or a user’s sexual orientation. |
Contacts | Not collected or required by Staffbase. |
User Content | You can decide if you want to allow users to create and share content. For example: photos, videos, audio data, and other user-generated content, such as chats and comments. |
Browsing History | Not collected or required by Staffbase. |
Search History | Not collected or required by Staffbase. |
Identifiers User ID |
Usage: App Functionality Linked to User: Yes Tracking: No Upon creation of a user account, Staffbase links a unique ‘user ID’ to the account for authentication purposes. We also collect a ‘push ID’ to ensure push notifications can be sent to the devices of your authorized users. |
Identifiers Device ID |
Not collected or required by Staffbase. |
Purchases | Not collected or required by Staffbase. |
Usage Data Product Interaction |
Not collected or required by Staffbase. |
Usage Data Advertizing Data |
Not collected or required by Staffbase. |
Usage Data Other Usage Data |
Usage: Analytics Linked to User: Yes Tracking: No Staffbase analytics only show aggregated data and are not used to track individual users. More information about our Analytics feature can be found here. |
Diagnostics Crash Data |
Not collected or required by Staffbase. |
Diagnostics Performance Data |
Not collected or required by Staffbase. |
Diagnostics Other Diagnostic Data |
Usage: App Functionality Linked to User: Yes Tracking: No Staffbase may process diagnostics-related data for maintenance and support purposes. This data might contain, but is not limited to, IP addresses, operating systems, and timestamps. |
Additional Helpful Information
- Apple provides a step-by-step guide
Comments
0 comments
Please sign in to leave a comment.