This is the referred requirement:
4.1.1 Your app must have a privacy statement if it collects personal information
So how the testers know, that your app works with sensitive data? Of course from the manifest file you provide! Practically if you have anything checked on the Capabilities page, they have the reason to believe that your app accesses private data (even if your app actually doesn’t, but could). And here is the pitfall: the default project skeletons that Visual Studio 2012 generates by default have the Internet (Client) capability checked:
Personal information includes:
- IP numbers
- Webcam snaps
- Audio/video recordings
- Name, address, DOB and other PII
- Informs users of the personal information collected by your app
- Informs users how that information is used, stored, secured, and disclosed
- Describes the controls that users have over the use and sharing of their information
- Describes how users can access their information
- Complies with applicable laws and regulations
If your app connects to a 3rd party service, don’t forget to include or link to the policy of the service.
Samples and sources
Beyond these general guidelines, Microsoft doesn’t provide samples or templates, because it’s definitely your task to create a custom policy for your application. Not the ideal task for a developer, so let’s see some samples.
My personal favorite is the Privacy Choice Policy Maker recommended by Association for Competitive Technology (ACT). In this tool you first have to complete a 6-step form to generate a badge like this:
If you need a short statement, you can be inspired by Robert MacLean’s privacy statement:
This application does not collect or transmit any user’s personal information, with the exception of technical information included in HTTP requests (such as your IP address). No personal information is used, stored, secured or disclosed by services this application works with. If you would like to report any violations of this policy, please contact us using the contact form.
Of course you can add a hyperlink here that points to your online statement.
And finally, you can give a hint to the testers in the Instructions for testers field of the Notes to testers step about where they can find your privacy statement.
So these are the experiences and public information so far. If you have any more ideas, tips and experiences, please don’t hesitate to share it, so we all can publish our apps seamlessly in the Store. Thank you.