Another place we’ve seen many apps fail Store submission is with 4.1.1 of the Windows Store Certification Requirements (v4.0). It’s title is “Your app must have a privacy statement if it is network-capable.” It basically says that if you declare any network-related capabilities in your app manifest, you need to have a privacy policy available from two places specific places.

To the point of being network-capable, the requirement states, “If your app has the technical ability to transmit any user’s personal information, you must maintain a privacy policy.” While you could interpret this statement to suggest that an app that doesn’t collect any kind of personal information at all, e.g. just downloads posts from a public blog, doesn’t need a privacy policy, it’s best to err on the side of a more general meaning. The phrase “if your app has the technical ability” means that whether or not you collect any personal information, declaring those capabilities in the manifest means that you do, in fact, have the ability. So you want to have a privacy policy.

The requirement then states where that policy must be accessible: “You must provide access to your privacy policy in the Description page of your app, as well as in the app’s settings as displayed in the Windows Settings charm.”

The short of this means that you need to have a web page somewhere with the privacy policy, preferably in every language that you support in your app, though this is not explicitly spelled out (after all, page translators can be used on your page). That page is what you link to in your app’s description. [Addendum: This is required because it allows users to check the privacy policy before installing the app, rather than after the fact.]

In your Settings pane, then, you can make the privacy policy accessible in one of two ways. First, you can just create a link to that same web page, which opens the browser to display it. No problem there. Second, you can create a flyout panel that contains the text directly, often by using an iframe that loads its contents from your web page. I use this latter approach in the Here My Am! app in Chapter 17 of Programming Windows 8 Apps in HTML, CSS, and JavaScript, where I do have localized versions of the policy on my web site and include those within an iframe (as shown below in German).

The bottom line: set up privacy policy pages in your supported languages on a web site, and be sure to link to that page in your app Description and through your Settings, and don’t risk failing certification for such a basic matter.


Comments are closed