Below is a practical template privacy policy for a mobile app that collects location data, browsing history, and biometric information from users in multiple countries.

Important: This is not legal advice. Because your app processes sensitive personal data (especially biometric data) and operates across jurisdictions, you should have this reviewed by qualified privacy counsel before publishing. Laws that may apply include the GDPR/UK GDPR, CCPA/CPRA, Brazil LGPD, PIPEDA, Australia Privacy Act, and others. In some places, biometric data requires explicit consent, a separate notice, and possibly a data protection impact assessment.

---

Privacy Policy

Effective Date: [Insert Date]
Last Updated: [Insert Date]

[Company Name] (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use our mobile application, website, and related services (collectively, the “Services”).

This Privacy Policy also explains your privacy rights and how to contact us if you have questions or wish to exercise your rights.

---

1. Who We Are

Data Controller / Business / Organization Name: [Company Legal Name]
Registered Address: [Address]
Email: [Privacy Contact Email]
Website: [Website URL]

If required by applicable law:

EU/EEA Representative: [Name and Contact]
UK Representative: [Name and Contact]
Data Protection Officer (if applicable): [Name and Contact]

---

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data we collect through:

• Our mobile application(s)
• Our website(s)
• Customer support interactions
• Marketing communications
• Analytics, advertising, and similar technologies
• Any other interactions you have with us related to the Services

This Privacy Policy does not apply to third-party websites, apps, or services that we do not control, even if linked from our Services.

---

3. Personal Data We Collect

We may collect the following categories of personal data, depending on how you use the Services and where you are located.

A. Information You Provide Directly

• Name
• Username
• Email address
• Phone number
• Mailing address
• Account credentials
• Profile information
• Customer support communications
• Survey responses
• Any other information you choose to provide

B. Location Data

We may collect:

• Precise location data, such as GPS coordinates
• Approximate location data, such as city, region, or country derived from IP address, Wi-Fi, Bluetooth, or device settings
• Location history, if enabled

We may collect location data:

• While the app is in use
• In the background, if you grant permission and applicable law permits
• Based on your device settings and permissions

C. Browsing History and Online Activity

We may collect information about your interactions with our Services and related online properties, including:

• Pages viewed
• Features used
• Links clicked
• Search queries
• Referring URLs
• Time spent on pages/screens
• Session activity
• Device and browser information
• Cookies, SDKs, pixels, and similar tracking technology data
• In-app browsing activity, where applicable

If applicable and permitted by law, we may also collect information regarding your interactions with third-party sites, apps, or content when integrated with our Services or for advertising, analytics, fraud prevention, or personalization purposes.

D. Biometric Information

We may collect biometric information or biometric identifiers, where permitted by law and with any required consent. Depending on the features of the app, this may include:

• Facial geometry or facial scans
• Fingerprint data
• Voiceprints
• Other biometric templates or identifiers used for authentication, security, fraud prevention, accessibility, or personalized features

Where possible, we store biometric templates or derived representations rather than raw images or recordings. We do not use biometric information for purposes inconsistent with the disclosures in this Privacy Policy and any separate consent notice.

E. Device and Technical Information

• Device model
• Operating system
• Unique device identifiers
• Mobile network information
• App version
• Language settings
• IP address
• Crash reports
• Diagnostic data
• Log files

F. Information From Third Parties

We may receive personal data from:

• Identity verification providers
• Analytics providers
• Advertising networks
• Social media platforms
• Payment processors
• Business partners
• Data brokers, where permitted by law
• Publicly available sources

---

4. Sensitive Personal Data

Some of the data we collect may be considered sensitive personal data or special category data under applicable law, including:

• Biometric information
• Precise geolocation
• In some jurisdictions, certain browsing history or account-related information

Where required by law, we will:

• Obtain your explicit consent before collecting or using sensitive personal data
• Provide additional notices at the point of collection
• Allow you to withdraw consent, subject to legal and operational limitations
• Limit use and retention of such data to disclosed and lawful purposes

---

5. How We Use Personal Data

We may use personal data for the following purposes:

To Provide and Operate the Services

• Create and manage your account
• Authenticate users
• Enable app functionality
• Provide location-based features
• Provide biometric authentication or identity verification
• Process transactions
• Deliver customer support

To Improve and Personalize the Services

• Understand user behavior and preferences
• Customize content and recommendations
• Improve app performance, stability, and usability
• Develop new features and services

For Security and Fraud Prevention

• Verify identity
• Detect, investigate, and prevent fraud, abuse, or unauthorized access
• Protect the security and integrity of the Services
• Monitor suspicious activity

For Analytics and Research

• Measure app and campaign performance
• Perform statistical analysis
• Conduct troubleshooting and debugging
• Carry out internal reporting and business planning

For Marketing and Advertising

• Send promotional communications, where permitted by law
• Deliver targeted or personalized advertising
• Measure advertising effectiveness
• Build audiences and evaluate engagement

Where legally required, we will obtain consent before using cookies, SDKs, precise location data, biometric data, or similar technologies for marketing, analytics, or advertising.

To Comply With Legal Obligations

• Comply with applicable law, regulation, court order, or legal process
• Enforce our Terms and policies
• Establish, exercise, or defend legal claims

---

6. Legal Bases for Processing

If you are located in the European Economic Area, United Kingdom, or another jurisdiction requiring a legal basis, we rely on one or more of the following:

• Consent: for example, where required for biometric data, precise location data, certain cookies/trackers, or marketing
• Performance of a contract: to provide the Services you request
• Legitimate interests: to improve the Services, secure our systems, prevent fraud, and conduct internal analytics, provided such interests are not overridden by your rights
• Legal obligation: to comply with applicable law
• Vital interests: where necessary in rare emergency situations

Where we process biometric data or other special category data, we will rely on an appropriate legal basis and any additional condition required by applicable law, such as explicit consent.

---

7. How We Share Personal Data

We may share personal data with:

Service Providers and Processors

Companies that help us operate the Services, such as:

• Cloud hosting providers
• Analytics providers
• Customer support tools
• Security and fraud prevention vendors
• Identity verification providers
• Payment processors
• Marketing and advertising partners
• Communication service providers

Affiliates and Corporate Group Members

We may share data with our parent company, subsidiaries, and affiliates for operational, security, administrative, and business management purposes.

Business Partners

We may share personal data with partners that help us offer integrated services, promotions, or joint features.

Advertising, Analytics, and Measurement Partners

Where permitted by law, we may share browsing activity, device identifiers, location data, and related information with advertising networks, analytics providers, and measurement partners.

Legal and Compliance Disclosures

We may disclose personal data if we believe doing so is necessary to:

• Comply with law or legal process
• Respond to lawful requests from public authorities
• Protect our rights, users, systems, or property
• Investigate fraud or security issues
• Enforce our agreements

Corporate Transactions

We may disclose or transfer personal data in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar transaction.

With Your Consent or Direction

We may share personal data when you request it or expressly consent to such sharing.

We do not sell personal data unless stated otherwise in a jurisdiction-specific section or point-of-collection notice. If applicable law defines certain advertising or analytics disclosures as a “sale” or “sharing,” you may have the right to opt out.

---

8. International Data Transfers

Because we operate in multiple countries, your personal data may be transferred to and processed in countries other than the country where you reside, including countries that may not provide the same level of data protection.

Where required by law, we implement appropriate safeguards for international transfers, such as:

• Standard Contractual Clauses
• Data transfer agreements
• UK international data transfer addendum
• Adequacy decisions
• Other approved transfer mechanisms

You may contact us to request more information about these safeguards.

---

9. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

• To provide the Services
• To maintain your account
• To comply with legal obligations
• To resolve disputes
• To enforce our agreements
• To prevent fraud and protect security

Retention periods may vary based on:

• The type of data
• The sensitivity of the data
• Legal requirements
• Operational needs

Biometric Data Retention

We retain biometric information only for as long as necessary to fulfill the specific purpose for which it was collected, unless a longer period is required or permitted by law. We will delete, destroy, or irreversibly de-identify biometric information in accordance with applicable law and our retention schedule, including earlier where required once:

• The initial purpose for collection has been satisfied
• Your account is deleted or becomes inactive for a defined period
• You withdraw consent, where consent is the basis for processing and no exception applies

Example retention statement to customize:
“We retain biometric identifiers and biometric information for no longer than [X period] after the last interaction with the app or earlier if the purpose for collection has been satisfied, unless otherwise required by law.”

---

10. Cookies, SDKs, and Similar Technologies

We and our partners may use cookies, mobile SDKs, pixels, local storage, and similar technologies to:

• Operate the Services
• Remember preferences
• Authenticate users
• Analyze usage
• Personalize content
• Measure ad performance
• Deliver targeted advertising

Depending on your jurisdiction, we will request consent before using non-essential cookies or similar technologies. You may manage these settings through:

• Our in-app privacy settings
• Your device settings
• Cookie banner or consent manager
• Browser settings, where applicable

Please note that disabling certain technologies may affect app functionality.

---

11. Your Privacy Rights

Depending on where you live, you may have the right to:

• Access personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your personal data
• Request restriction of processing
• Object to certain processing
• Withdraw consent
• Request data portability
• Opt out of targeted advertising, profiling, sale, or sharing of personal data
• Limit the use of sensitive personal data, where applicable
• Not be discriminated against for exercising your rights

To exercise your rights, contact us at: [Privacy Request Email / Webform URL]

We may need to verify your identity before processing your request. You may also be entitled to appeal a denied request, depending on applicable law.

---

12. Region-Specific Disclosures

A. European Economic Area / United Kingdom / Switzerland

If you are located in the EEA, UK, or Switzerland:

• You may have the rights described in Section 11
• You may lodge a complaint with your local data protection authority
• We will rely on a lawful basis for processing your personal data
• We will obtain explicit consent where required for biometric data and certain location tracking or cookie/SDK processing

B. United States

Residents of certain U.S. states may have rights under applicable privacy laws, such as rights to:

• Know the categories of personal information collected
• Access specific pieces of personal information
• Delete personal information
• Correct inaccuracies
• Opt out of sale, sharing, or targeted advertising
• Limit use of sensitive personal information, where provided by law

Categories of personal information collected

In the last 12 months, we may have collected:

• Identifiers
• Customer records information
• Internet or electronic network activity information
• Geolocation data
• Biometric information
• Commercial information
• Device and usage data
• Inferences drawn from personal information
• Sensitive personal information, where applicable

Business or commercial purposes

We collect and use this information for the purposes described in Section 5.

Disclosure

We may disclose these categories to the recipients described in Section 7.

Sale/Sharing and Targeted Advertising

If applicable law treats some of our disclosures to advertising or analytics partners as a “sale” or “sharing,” you may opt out by visiting: [Do Not Sell or Share link] or adjusting your in-app privacy settings.

Sensitive Personal Information

If required by applicable law, we will only use sensitive personal information for authorized purposes and provide any required rights to limit such use.

C. Illinois Biometric Information Notice

If you collect biometric data from Illinois residents or others subject to similar laws, include a separate biometric notice and consent process. For example:

• We inform users in writing that biometric identifiers or biometric information are being collected or stored
• We inform users of the specific purpose and length of term for collection, storage, and use
• We obtain a written release or other legally sufficient consent before collection where required
• We do not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information
• We use reasonable standards of care to store, transmit, and protect biometric data

D. Canada

If Canadian law applies, you may have rights to access and correction, and we will collect, use, and disclose personal information with meaningful consent where required.

E. Brazil

If Brazil’s LGPD applies, you may have rights including confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing. Where required, we will rely on an appropriate legal basis, including consent for sensitive personal data.

F. Australia and Other Jurisdictions

If local law grants additional privacy rights, we will honor them as required.

---

13. Children’s Privacy

Our Services are not directed to children under the age of [13/16/or other applicable age], and we do not knowingly collect personal data from children without appropriate authorization where required by law.

If we learn that we have collected personal data from a child in violation of applicable law, we will take steps to delete it. If you believe a child has provided us personal data, contact us at [Privacy Contact Email].

If your app may be used by minors, you will need a more specific children’s privacy section and possibly parental consent mechanisms.

---

14. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal data, including sensitive personal data and biometric information, from unauthorized access, loss, misuse, alteration, or disclosure.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

---

15. Automated Decision-Making and Profiling

We may use automated tools to analyze usage, detect fraud, personalize content, authenticate users, or support advertising and analytics. Where required by law, we will provide additional information about any legally significant automated decision-making and your available rights.

---

16. Third-Party Services

Our Services may integrate with or link to third-party services. Their privacy practices are governed by their own privacy policies. We encourage you to review those policies before interacting with third-party services.

---

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date and, where required by law, provide additional notice or obtain consent.

Your continued use of the Services after an update becomes effective means that you acknowledge the updated Privacy Policy, to the extent permitted by law.

---

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

[Company Legal Name]
[Postal Address]
[Privacy Email]
[Phone Number, if applicable]
[Privacy Request Webform URL]

If applicable, you may also contact our Data Protection Officer or local representative:

DPO / EU Representative / UK Representative: [Insert Contact Details]

---

Add-On: Short Biometric Consent Notice Template

Because your app collects biometric information, you should usually present a separate just-in-time notice and consent flow, not just mention it in the privacy policy.

Sample biometric notice:

By enabling [feature], you agree that [Company Name] may collect, generate, store, and use your biometric information, such as [facial geometry/fingerprint template/voiceprint], for the purpose of [authentication/security/fraud prevention/accessibility]. We will retain your biometric data only until the earlier of: (1) the purpose for collection has been satisfied, (2) you disable the feature or delete your account, or (3) the period required by applicable law expires. We will not sell or profit from your biometric data. You can withdraw consent by disabling this feature in settings or contacting us at [email].

Checkbox / button example:

• I consent to the collection and use of my biometric information as described above.

---

Add-On: Practical Issues You Should Customize Before Use

You should replace bracketed items and make policy language accurate for your app’s actual practices, especially:

1. What exact biometric data is collected
2. Whether raw biometric images/audio are stored
3. Whether location is collected in background
4. Whether browsing history includes only in-app activity or also external web activity
5. Which countries you target
6. Your legal bases by region
7. Your retention periods
8. Your vendors and categories of recipients
9. Whether you sell/share data under CPRA-style definitions
10. How users can opt out
11. Whether the app is used by minors
12. Whether you need a DPO, DPIA, or representative in the EU/UK

If you want, I can also turn this into one of these formats:

1. A polished consumer-facing privacy policy
2. A GDPR-ready version with stronger legal-basis language
3. A US-focused version with CPRA + biometric notice
4. A shorter in-app privacy notice
5. A version with placeholders filled in for your app/company

Disclaimer: The following is a draft privacy policy provided for informational purposes only. Because your app collects highly sensitive data (biometrics, precise location, and browsing history) across multiple international jurisdictions (triggering laws like GDPR, CCPA/CPRA, LGPD, BIPA, etc.), it is strongly advised that you have licensed legal counsel review and tailor this document to ensure full compliance with all applicable local, national, and international laws.

---

Privacy Policy for [App Name]

Effective Date: [Month, Day, Year] Last Updated: [Month, Day, Year]

1. Introduction

Welcome to [App Name] ("we," "us," or "our"). We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. This policy explains the types of information we may collect from you when you use the [App Name] mobile application (the "App"), and our practices for collecting, using, maintaining, protecting, and disclosing that information on a global scale.

2. Information We Collect

To provide and improve our App, we collect several categories of information from and about you, including highly sensitive data. By using the App, you consent to the collection of the following:

A. Highly Sensitive Information

• Biometric Information: With your explicit consent, we collect biometric data (e.g., [specify types: facial recognition geometry, fingerprint data, voiceprints, retina scans]). [Note: If processed locally on the device (e.g., using Apple's FaceID or Android Biometric Prompt) and not sent to your servers, state: "This data is processed locally on your device to verify your identity and is not transmitted to or stored on our servers." If it IS uploaded, state: "This data is securely transmitted to our servers for the purpose of X."]
• Location Data: With your permission, we collect precise geolocation data (GPS, Wi-Fi, Bluetooth) to provide location-based services. We may also collect approximate location data derived from your IP address.
• Browsing History: We collect data regarding your browsing history [clarify scope: within our App’s internal browser, or across other apps/websites if permitted by the OS], search queries, and content you view or interact with to personalize your experience.

B. Personal and Device Information

• Identifiers: Name, email address, phone number, physical address, and account credentials.
• Device Information: Hardware models, operating systems, unique device identifiers (e.g., IMEI, MAC address, IDFA, Google Ad ID), and mobile network information.
• Usage Data: Logs of your interactions with the App, timestamps, and crash reports.

3. How We Use Your Information

We use the information we collect on the following lawful bases and for the following purposes:

• To Provide Services: Using biometric data to authenticate your account securely; using location data to [describe specific app feature, e.g., show nearby services].
• To Personalize Experience: Using browsing history to tailor content, recommendations, and [if applicable: targeted advertisements] to your interests.
• To Improve the App: Analyzing usage trends and browsing habits to optimize functionality and fix bugs.
• For Security and Fraud Prevention: Monitoring network activity to protect against unauthorized access or illegal activity.
• To Communicate With You: Sending service updates, administrative messages, and promotional content (where permitted).

4. How We Share Your Information

We do not sell your biometric data under any circumstances. However, we may share your personal information in the following ways:

• Service Providers: We share data with trusted third-party vendors who provide services on our behalf (e.g., cloud hosting, data analytics, customer support). These vendors are bound by strict confidentiality and data protection agreements.
• Legal Requirements: We may disclose your information if required to do so by law, subpoena, court order, or across international jurisdictions where legally mandated.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy commitments.
• Third-Party Advertisers: [Include if applicable] We may share browsing history or device IDs with advertising partners to deliver tailored ads. You can opt out of this via your device settings.

5. International Data Transfers

Because we operate globally, your information may be transferred to, stored, and processed in countries other than your own, including the United States, which may have data protection laws that differ from those in your jurisdiction.

When transferring data originating from the European Economic Area (EEA), the United Kingdom, or other regions with strict data processing laws, we rely on legally authorized mechanisms, such as Standard Contractual Clauses (SCCs), to ensure your data receives adequate protection.

6. Data Retention and Security

• Retention: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Biometric data is stored only until [e.g., the initial purpose for collecting it has been satisfied, or within 3 years of your last interaction with the App, whichever occurs first - Note: This timeframe is specifically required by certain laws like Illinois BIPA].
• Security: We implement robust, industry-standard technical and organizational measures (including end-to-end encryption) to protect your data. However, no electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Global Privacy Rights

Depending on your residency (e.g., the EEA, UK, California, Brazil), you may have the following rights under laws such as the GDPR, CCPA/CPRA, and LGPD:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Deletion ("Right to be Forgotten"): Request that we delete your personal data, including biometrics, location, and browsing history.
• Right to Rectification: Request corrections to inaccurate data.
• Right to Restrict or Object: Limit or object to our processing of your data.
• Right to Withdraw Consent: Withdraw your consent for biometric or location tracking at any time via your device operating system settings or App settings.
• Right to Opt-Out of Sale/Sharing: [For US/California users] Request that your data (such as browsing history) not be sold or shared for cross-context behavioral advertising.

To exercise these rights, please visit the "Privacy Settings" section within the App, or contact us at [Privacy Email Address]. We will verify your identity before processing your request.

8. Children's Privacy

Our App is not intended for individuals under the age of [13 / 16, depending on jurisdiction]. We do not knowingly collect personal information, including biometrics or precise location data, from children. If we become aware that we have collected such data from a child without verified parental consent, we will delete it immediately.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or global legal requirements. We will notify you of any material changes by posting the new policy in the App and updating the "Last Updated" date. We may also provide notice via push notification or email for substantial changes regarding sensitive data.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

[Company Name] Attn: Data Protection Officer (DPO) / Legal Department Email: [Privacy Email Address, e.g., privacy@company.com] Mailing Address: [Company Physical Address]

[If applicable for GDPR compliance, add your EU/UK Representative contact info]: EU/UK Representative: [Name and Address of Representative]

---

💡 Next Steps for the Developer/Company:

1. Biometric Compliance (BIPA / GDPR): If you collect biometrics, you must provide a separate, explicit written release/consent form prior to collection, especially for users in states like Illinois, Texas, Washington, or anywhere in the EU.
2. OS Requirements: Apple (App Store) and Google (Play Store) have strict rules regarding the collection of location and biometrics. Ensure your prompts explain why you need this data before triggering the OS-level permission prompt.
3. Fill out placeholders: Replace all bracketed [Text] with your actual company information and operational realities.