Discuss Data Collection

[wilfredstegeman]

Details at https://developer.apple.com/app-store/app-privacy-details/

We're responsible for any third-party code that is added to our app, so if our third-party partners collect data from our app, we must represent that in our responses.

• “Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time.
• “Third-party partners” include analytics tools, advertising networks, third-party SDKs, or other external vendors whose code you have added to the app.

Data Collection

Next, select all of the data that you or your third-party partners collect from this app. If your app is currently available on the App Store, make sure your responses reflect the data collected only from that app version.

Optional Disclosure

Data types that meet all of the following criteria are optional to disclose:

• The data is not used for tracking purposes (meaning the data is not linked with other third-party data about the user or device for advertising or advertising measurement, or shared with a data broker). For more detail, see App privacy details on the App Store.
• The data is not used for Third-Party Advertising, your Advertising or Marketing purposes, or for Other Purposes, as those terms are defined in App privacy details on the App Store.
• Collection of the data occurs only in infrequent cases that are not part of your app’s primary functionality, and which are optional for the user.
• As part of the interface in your app where the user provides the data to be collected, such data must be transparent to the user at the time of collection, the user’s name or account name must be prominently displayed in the submission form alongside the other data elements being submitted, and the user must affirmatively choose each time to provide the data for collection.
• If a data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in your privacy section.

Examples of data that may not need to be disclosed include data collected in optional feedback forms or customer service requests that are unrelated to the primary purpose of the app and meet the other criteria above.

For the purpose of clarity, data collected on an ongoing basis after an initial request for permission must be disclosed.

Regulated Financial Services Disclosure

Data types that are collected by an app that facilitates regulated financial services and where the data collected meets all of the following criteria are optional to disclose:

• Collection of the regulated data is in accordance with a legally required privacy notice under applicable financial services or data protection laws or regulations (e.g., GDPR or GLBA). Collection by the app of that data occurs only in cases that are not part of your app’s primary functionality, and which are optional for the user.
• Such notice provides that data is not shared with unaffiliated third parties to market other products and services.
• Such data is not linked with third-party data for advertising purposes or shared with a data broker except for purposes of fraud detection or prevention or security, or with a consumer reporting agency for credit reporting.
• If a data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in your privacy section.

Health Research Disclosure

Data types that are collected as part of a health research study and where the data collected meets all of the following criteria are optional to disclose:

• The data is collected by an entity whose collection of the data is subject to an informed consent form as part of a health research study that has been reviewed and approved by an institutional review board or ethics review board.
• All such data collection must follow the relevant App Store Guidelines and the data may not be used for tracking purposes as defined in App privacy details on the App Store.

If the data type collected by your app meets some, but not all, of the above criteria, it must be disclosed in your privacy section.

Contact Info

• [ ] Name Including first or last name

• [ ] Email Address Including but not limited to a hashed email address

• [ ] Phone Number Including but not limited to a hashed phone number

• [ ] Physical Address Such as a home address, physical address, or mailing address

• [ ] Other User Contact Info Any other information that can be used to contact the user outside the app

Health & Fitness

• [ ] Health Health and medical data, including but not limited to from the Clinical Health Records API, HealthKit API, MovementDisorderAPIs, health-related human subject research, or any other user provided health or medical data

• [ ] Fitness Fitness and exercise data, including but not limited to the Motion and Fitness API

Financial Info

• [ ] Payment Info Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not Collected and does not need to be declared.

• [ ] Credit Info Such as credit score

• [ ] Other Financial Info Such as salary, income, assets, debts, or any other financial information

Location

• [x] Precise Location Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places

• [ ] Coarse Location Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as approximate location services

• [ ] Sensitive Info Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data

• [ ] Contacts Such as a list of contacts in the user's phone, address book, or social graph

User Content

• [ ] Emails or Text Messages Including subject line, sender, recipients, and contents of the email or message

• [ ] Photos or Videos The user's photos or videos

• [ ] Audio Data The user's voice or sound recordings

• [ ] Gameplay Content Such as user-generated content in-game

• [ ] Customer Support Data generated by the user during a customer support request

• [ ] Other User Content Any other user-generated content

Browsing History

• [ ] Information about the content the user has viewed that is not part of the app, such as web sites.

Search History

• [ ] Information about searches performed in the app

Identifiers

• [x] User ID Such as screen name, handle, account ID, assigned user ID, customer number, probabilistic identifier, or other user- or account-level ID that can be used to identify a particular user or account

• [ ] Device ID Such as the device's advertising identifier, or other device-level ID

• [ ] Purchases An account's or individual's purchases or purchase tendencies

Usage Data

• [x] Product Interaction Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app

• [ ] Advertising Data Such as information about the advertisements the user has seen

• [ ] Other Usage Data Any other data about user activity in the app

Diagnostics

• [x] Crash Data Such as crash logs

• [ ] Performance Data Such as launch time, hang rate, or energy use

• [ ] Other Diagnostic Data Any other data collected for the purposes of measuring technical diagnostics related to the app

Other Data

Any other data types not mentioned

[Edhoru]

@wilfredstegeman The only data we get from the user is the location we use for the weather, but I think we only use it for the request and don't store it. @rutgerg is that correct?