Your app needs a privacy policy in the Windows Store

If you would like to publish your Windows 8 application to the Windows Store, you better provide a proper privacy statement, because many apps are getting rejected because of missing or inadequate privacy policy.

This is the referred requirement:

4.1.1 Your app must have a privacy statement if it collects personal information


So how the testers know, that your app works with sensitive data? Of course from the manifest file you provide! Practically if you have anything checked on the Capabilities page, they have the reason to believe that your app accesses private data (even if your app actually doesn’t, but could). And here is the pitfall: the default project skeletons that Visual Studio 2012 generates by default have the Internet (Client) capability checked:


Well, this seems reasonable, because most application today want to connect to remote services, but in this case the IP address of the client – which is definitely sensitive data –  is sent to the service. So if your app doesn’t connect to the network, you better turn off this capability to save you some certification time. On the other hand, if your app does nothing else, but downloads data from the Internet, you definitely need a privacy policy.

Personal information includes:

  • IP numbers
  • Webcam snaps
  • Audio/video recordings
  • Name, address, DOB and other PII
  • Photos
  • Contacts
  • Documents


In general, an acceptable privacy policy is one that:

  • Informs users of the personal information collected by your app
  • Informs users how that information is used, stored, secured, and disclosed
  • Describes the controls that users have over the use and sharing of their information
  • Describes how users can access their information
  • Complies with applicable laws and regulations

The recommended practice is that if your app doesn’t actually collect or store personal information, say so in your privacy policy. One more reason to provide a policy.

If your app connects to a 3rd party service, don’t forget to include or link to the policy of the service.

Samples and sources

Beyond these general guidelines, Microsoft doesn’t provide samples or templates, because it’s definitely your task to create a custom policy for your application. Not the ideal task for a developer, so let’s see some samples.

The good news is that there are several free privacy policy generators available online. I found that many of them requires you to register at the end of a really long wizard, if you want to see the generated policy, so be careful.

My personal favorite is the Privacy Choice Policy Maker recommended by Association for Competitive Technology (ACT). In this tool you first have to complete a 6-step form to generate a badge like this:


Although this badge is not suitable for the Windows Store, I like the idea. Just click on the I need a privacy policy link to get to the 12-step wizard, where you will be provided with tons of options and detailed descriptions.

If you need a short statement, you can be inspired by Robert MacLean’s privacy statement:

This application does not collect or transmit any user’s personal information, with the exception of technical information included in HTTP requests (such as your IP address). No personal information is used, stored, secured or disclosed by services this application works with. If you would like to report any violations of this policy, please contact us using the contact form.

Actually Robert has a bit longer version as well and his blog is also worth to read:


The final question is where to publish the privacy statement? When you submit your app to the Store, you will find a Privacy policy field on the form in the Description step:


Although the tip says you can enter up to 2048 characters, the tooltip of the help icon makes it clear, that you have to enter a URL here. Yes, even if it seems nonsense, your app needs a valid webpage where you publish your privacy policy. Well, there are examples of accepted URLs that point to Word documents published on SkyDrive… Note, that the form allows you to leave this field empty, but your app will be rejected later, so you better fill this field.

Within your app the best place for your privacy policy is the Settings charm:


Of course you can add a hyperlink here that points to your online statement.

And finally, you can give a hint to the testers in the Instructions for testers field of the Notes to testers step about where they can find your privacy statement.


So these are the experiences and public information so far. If you have any more ideas, tips and experiences, please don’t hesitate to share it, so we all can publish our apps seamlessly in the Store. Thank you.


Technorati-címkék: ,,

21 thoughts on “Your app needs a privacy policy in the Windows Store

  1. Pingback: Windows 8 Developer Links – 2012-10-23 | Dan Rigby

  2. Karl Ots (@fincooper)

    Thanks for a good article, especially the practical tips about privacy statement generators.
    One thing got me thinking though: you mention that “Of course you can add a hyperlink here that points to your online statement.” (to the Settings Charms bar). Is it possible that in some cases this is not possible? E.g. the user doesn’t allow the app to go online before reading the privacy statement. I don’t think any official document covers that. As a safeguard, I’ve myself always opted for a local flyout menu to display the privacy statement.

    Btw, the newly published MSDN articles Resolving certification errors ( and Avoiding common certification failures ( are quite useful for covering the opt-in scenarios and other certification related errors as well.

    1. Balássy György Post author

      Karl, thanks for the feedback and the links. Actually the guidance got slightly updated after I wrote this blog post.

      I think the case you mentioned is covered by the privacy policy URL displayed on the app page in the Store. So you can actually review the policy before you download and install the app. I don’t think any user would want to review the PP before starting an action in the app. If a user wants to read the PP at all, she does that before installs the app.

      I also prefer displaying the PP locally in the app, so it is available offline. The issue with this is that you have two maintain the text at two places: online and also in the app.

  3. Pingback: Your app needs a privacy policy in the Windows Store

  4. Pingback: Your app needs a privacy policy in the Windows Store | Answer My Query

  5. vk

    Experienced this myself. We always had the URL version, but recently the Settings Pane needs a privacy policy also. And make sure you let the testers know that it’s there, even if it’s always been there. Apps have been rejected when they do include it mainly because the testers are current busy with the flood of apps. It’s not good that they don’t notice, but it happens, so help yourself and include how to find it in your test notes.

  6. Pingback: Privacy Policy make some applications fail – [Windows 8 Store App] | Sara Silva

  7. Pingback: Windows 8 App Store Submission Process | BIT-101

  8. Pingback: Win8 failed certification: Your app doesn't meet requirement 4.1 (privacy policy) -

  9. Pingback: WOWZAPP preparation materials « Codes from the field

  10. Pingback: Windows Store Apps – Privacy Policy « bryanpjohnston

  11. Saad

    Hello, very nice post. I am a beginner in developing apps. I have the same issue. My app have been rejected two times. The problem is the URL. I created a blog and post there a privacy policy for my app. I gave link of my app’s policy in app’s submission. And how can i add privacy policy in setting charms.


    I personally consider this particular article , “Your app needs
    a privacy policy in the Windows Store Codes from the field”, highly engaging and also the post was a superb read.
    Thanks for your effort-Lilla

  13. Pingback: Certification of Windows 8 store apps | Rajesh Haridas

  14. Pingback: Privacy policy!!! | Erik Putrycz

  15. Pingback: Links for the Week - 31 May 2013 Don't Believe The Type

  16. Bownie

    Great post. I’ve just come across this exact issue with my first app submission and looking forward to getting it resolved using the information you’ve posted here. I’ve got a posted privacy policy already online but it seems certification deems it that I need to link to that explicitly from the app.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s