Here is what you need to know about auto-renew subscriptions and Privacy Policies when you develop iOS apps.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- 1. Apple's requirements for auto-renewable subscriptions
- 2. Legal requirements
- 3. Addressing auto-renewal
- 4.1. Data Collected
- 4.2. How it is collected
- 4.3. How it is used
- 4.4. Third party sharing
- 4.5. Protection mechanisms
- 4.6. Link on website
- 4.7. Cookies and tracking
- 4.8. State notices
Apple's requirements for auto-renewable subscriptions
Apple defines an auto-renewable subscription as one that allows a user to purchase dynamic content for a set period of time. Once that set period of time ends, the subscription renews again for the same amount of time. This continues until the user cancels the subscription.
The most common auto-renew apps involve streaming video or music. Stress reduction and meditation guidance apps are also growing in popularity, and those use auto-renew subscriptions as well.
Some subscription services allow users to choose their plan and the frequency of renewal:
Once the user makes a choice of a subscription, Apple asks the user to confirm it through this dialog window. It displays the name of the app and the period of time for the subscription:
Once the subscription starts, it is listed under the user's Apple ID. Each subscription shows the date of renewal and the term:
Once listed, cancellation is easy. All a user needs to do is open up the particular subscription and hit "cancel subscription:"
Second, Privacy Policies are required by law throughout the world. Different laws place requirements on developers who collect personal information through their apps.
Most jurisdictions require Privacy Policies if an app or website collects personal data about its users. Also called personally identifiable information, this category of data includes:
- Full names
- Email addresses
- City of residence
- Shipping addresses
- Identifying numbers like social security driver's license numbers
- Screen names
Auto-renewable subscription services usually cross international lines. HBO Now is available in the Canada as well as the United States, as one example.
The U.S. does not have a comprehensive federal privacy law, but many states passed their own regulations. California, Delaware, and Nevada passed privacy protection laws and Illinois enacted one specific to location tracking. Australia, Canada, and the UK maintain federal laws requiring Privacy Policies as have India, Malaysia, and other nations.
- A description of the type of data you collect
- How you collect it
- How you use it
- Third parties who may receive the data
- Protection mechanisms for personal data
Auto-renewal is frequently covered in Privacy Policies. It's normally described how a user can access subscription options and sometimes includes instructions for how to cancel services.
HBO Now also prefers to address auto-renewal and cancellation through a FAQ, but it offers more detailed information and instructions:
Here are the terms you need to include even if you decide to omit subscription terms and place them in another location on your website.
All Privacy Policies must discuss the data collected by the developer. This is often as general as a definition of personal data.
Smule defines personal data and this also lists the type of data it requires to function:
Notice that even if you keep data anonymous, the fact that you have access to the identifying information still triggers your privacy obligations. Smule addresses that perfectly by including it with the data it collects.
How it is collected
You also must indicate how you collect data. Sometimes, this section is easy.
Digipill only collects information that users consent to by providing Facebook information:
Scruff takes a more complex approach. It divides data into two categories. The first category includes data users give voluntarily to use the service:
The second category of data includes what Scruff collects automatically. This list is comprehensive and bulleted, which makes it easy for users to comprehend: automatically.
This section must accurately disclose all of your data collection. Even if it seems obvious that users provide their names and email addresses, mention that anyway.
Definitely include any automatic collection since that transparency is required by law and helps customers know what to expect before they sign up for your service.
How it is used
Generally, data is collected so the app functions as expected. There may be other reasons too, like assessing whether the app is effective.
Scruff provides a detailed bulleted list on personal data use:
Again, even if the use of the data seems obvious, include it in this section. Users likely understand that you need credit card information to charge for your service. However, mentioning that specifically in this section is still required--even if the use should seem obvious.
Third party sharing
If you share data with third parties, at the very least you need to provide categories for those parties. They can be described generally as "advertisers" or "affiliates." You can also name companies specifically if you have a parent corporation or sponsor that assists with your operations.
Scruff generally describes "partners" and "service providers" in this section:
Smule also defines types of third parties but also makes it clear that it only shares as much data as necessary to provide services:
You are required to describe how you protect personal data. That is the main reason behind these privacy laws; to make sure you do not misuse data or collect it inappropriately, and also keep it safe when you have it.
This is often presented in a section on security. Smule describes its efforts while warning users no system is completely secure:
You can describe general security methods including encryption and secure storage in this section. If you outsource security, name the entity that manages it and provide links to any of their relevant agreements.
Link on website
Links to developer websites are also provided in the app store listing:
Cookies and tracking
Scruff handles this issue by first listing the types of tracking technology it uses:
The next section is how to opt-out of cookies and tracking. It offers a long list of services and links for the opt-out, but this shows a sample of how Scruff presents the information:
This often has a separate label to assure compliance.
This example from Strides explains the act and how it complies:
Delaware and Nevada require similar notices but since those laws passed recently, there are no examples of them as of yet. However, the requirements are similar to the California notice so including a notice similar to the Strides one will help you comply with current state privacy laws.
Privacy Policies are required by law and by most app distribution platforms. Drafting one assures compliance with distributors and regulatory agencies. Consider it a vital part of app development since legal issues can delay release and thus profits.