Do I Need Separate Privacy Policies For My Website and Mobile App?

Do I Need Separate Privacy Policies For My Website and Mobile App?

You almost certainly need a Privacy Policy whether you're creating a website or an app.

But what if you're creating both? Do you need a separate Privacy Policy for each?

In this article, we're going to briefly talk you through whether you need a Privacy Policy for your website and app, and then consider whether it's better to create one overarching policy or two separate ones.


Do I Need a Privacy Policy For My Website?

You must have a Privacy Policy for your website if you use it to collect "personal information." You may not believe that you collect personal information via your website, but it is most likely that you do.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your website. Just follow these steps:

  1. Click on the "Privacy Policy Generator" button.
  2. At Step 1, select the App option and click "Next step":
  3. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  4. Answer the questions about your mobile app and click "Next step" when finished:
  5. TermsFeed Privacy Policy Generator: Answer questions about Mobile App - Step 2

  6. Answer the questions about your business practices and click "Next step" when finished:
  7. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  8. Enter your email address where you'd like your policy sent, select translation versions and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.

There are many types of personal information you might collect via your website, including:

  • Names
  • Email addresses
  • Shipping addresses
  • Payment card info
  • Technical data collected via cookies and similar technologies

A note on that last point: Under most privacy laws, personal information can include "technical" data such as IP addresses, cookie IDs, and browsing history.

The following regions have privacy laws that consider personal information to include these types of technical data:

  • United States:

    • California Online Privacy Protection Act (CalOPPA)
    • California Consumer Privacy Act (CCPA)
    • Children's Online Privacy Protection Act (COPPA)
  • European Union: General Data Protection Regulation (GDPR)
  • United Kingdom: Data Protection Act 2018
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • India: Personal Data Protection Bill (PDPB) (not yet in force)
  • South Africa: Protection of Personal Information Act (POPI Act) (not yet in force)

This means that if you target consumers in any of the above markets, and use analytics or targeted advertising on your website, you'll need a Privacy Policy to inform visitors how you handle their personal information.

Do I Need a Privacy Policy For My Mobile App?

Do I Need a Privacy Policy For My Mobile App?

Just as with your website, you must have a Privacy Policy for your mobile app if you use it to collect personal information.

In fact, the bar is somewhat higher when it comes to mobile apps. If you operate an iOS app, Apple requires you to have a Privacy Policy whether you collect personal information or not. Take a look at the following section of Apple's App Store Review Guidelines:

Apple App Store Review Guidelines: Data Collection and Storage clause - Privacy Policy general requirement

Google's Play Store guidelines are slightly less strict, requiring developers to maintain a Privacy Policy only if their app collects "personal and sensitive information," which includes all the types of personal information listed above, plus information collected via the device's camera, contacts lists, location, etc.

The rules around collecting technical data also apply to mobile apps. Information collected via analytics and advertising tools qualifies as personal information, including device IDs, advertising IDs, IP addresses, app usage data, etc.

You may also be required to create a Privacy Policy under the agreements you have with the companies who provide the third-party tools and APIs you use to develop your app.

For example, here's an excerpt from the Google Analytics for Firebase Terms:

Google Analytics for Firebase Terms: Privacy clause

In conclusion, you almost certainly need to create a Privacy Policy for your mobile app.

Do I Need Separate Privacy Policies For My Website and Mobile App?

Do I Need Separate Privacy Policies For My Website and Mobile App?

You are not required, either by law or by the terms of any third-party agreements, to maintain a separate Privacy Policy for both your website and your mobile app.

As long as you explain how you use personal information in a comprehensive and legally-compliant way, there are several approaches you might take to creating a Privacy Policy.

Let's take a look at a few examples.

One Single Privacy Policy

Most companies have a single Privacy Policy that sets out the types of personal information they collect in different areas of their business operations. This will encompass their website, mobile app, and other areas such as their email or telephone customer service operations.

Your Privacy Policy must be accessible and it must be easy to understand. This means it should not be a wall of text, but should instead be broken up into sections to make it easier to read.

Most commonly, a Privacy Policy will be broken down into sections explaining (for example):

  • What types of personal information the company collects
  • How it collects personal information
  • Its purposes for collecting personal information
  • How it shares personal information
  • How users can access their personal information

Each of these sections can include information about a company's website and app.

Here's an example from Bemit that addresses both:

Bemit Privacy Policy: Information We Collect clause

Here's another example from Gauss Surgical:

Gauss Surgical Privacy Policy: Information You Provide to Us clause - Registration Information section

Gauss Surgical identifies "registration information" as a sub-type of the broader category of "information you provide to us." The company then explains that registration information is collected via its website and its app.

Separate Privacy Policies

While there is no requirement to do so, you may prefer to create separate Privacy Policies for your website and your mobile application.

eBay provides a short-form Privacy Policy that pertains only to the use of its mobile app, and is accessible from within the app itself:

eBay Mobile Privacy and Legal Notice - Intro section

eBay's mobile app Privacy Policy explains what types of personal information the app collects and how it is used via a table:

eBay Mobile Privacy and Legal Notice - Collection and Use of information chart sections

eBay's main Privacy Policy is much longer and covers all aspects of its business operations, including, oddly, its mobile app:

eBay UK User Privacy Notice: Scope and updates of this User Privacy Notice clause

This brings us to an important point. If you are planning to create separate Privacy Policies for your website and mobile app, you must make sure that they reference each other.

For example, here's how Holler does this in its website Privacy Policy:

Holler Website Privacy Statement: Intro clause with Mobile App Privacy Policy highlighted

If you really want to have separate Privacy Policies for both your website and app, it's important that your users can find all the information they need within either of the documents, and are aware that two separate policies exist.

To summarize, you do not need to have two separate Privacy Policies. But you do need to make sure you include all the relevant information to cover both your website and mobile app in your one Privacy Policy, if that's the route you take.

If you do create two separate agreements, make sure to link them both to one another, and make both available on the respective platform.

Robert B.

Robert B.

Legal writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.