Privacy Policy for [App Name]

Effective Date: [Date] Last Updated: [Date]

---

A Note Before We Begin

Privacy policies are often written to protect companies, not people. We've tried to do the opposite. This document is written in plain language because you deserve to understand exactly what happens to your information — not just agree to something confusing and move on.

If something is unclear, we genuinely want to hear from you: privacy@[appname].com

---

Quick Summary

We know you're busy. Here's the short version — but we encourage you to read the full policy below.

What We Collect	Why	Shared With	You Can Delete It
Your location	To make the app work	Limited partners (details below)	Yes, anytime
Device information	To fix bugs and improve the app	No one	Yes, anytime
App usage patterns	To understand what features help you	Anonymized analytics only	Yes, anytime
Account information	To save your preferences	No one	Yes, anytime

The short version of our commitments:

• We collect only what we need
• We never sell your data
• You can delete everything, anytime, with a few taps
• We tell you if something changes

---

Table of Contents

1. Who We Are
2. What Location Data We Collect (and What We Don't)
3. Other Information We Collect
4. Why We Collect This Information
5. How We Store Your Data
6. Who We Share Your Data With
7. How Long We Keep Your Data
8. Your Rights and Choices
9. How to Delete Your Information
10. Children's Privacy
11. Changes to This Policy
12. How to Contact Us

---

1. Who We Are

[App Name] is operated by [Company Name], a company registered in [State/Country] at [Address].

When this policy says "we," "us," or "our," it means [Company Name]. When it says "you," it means you — the person using the app.

We are the data controller for your information, which means we're responsible for how it's collected, stored, and used.

---

2. What Location Data We Collect (and What We Don't)

This is probably why you're reading this policy, so let's be specific.

What we collect

Precise location (GPS coordinates) When you open the app and grant permission, we collect your latitude and longitude — the specific coordinates of where you are. This data is accurate to within roughly 10 meters.

Example: 40.7128° N, 74.0060° W

Approximate location (city/region level) When precise location isn't available or isn't needed, we may use your IP address to determine your general area — enough to know you're in Chicago, not your specific street.

Location history [Choose the option that applies to your app:]

• Option A: We store a log of locations you've checked in or searched for within the app.
• Option B: We do NOT store a history of everywhere you've been. Location is used in the moment and not saved.
• Option C: We store your route history from [specific date range] to enable [specific feature].

Background location [Choose the option that applies:]

• Option A: We do NOT collect your location when the app is closed or running in the background.
• Option B: With your explicit permission, we collect your location in the background to provide [specific feature, e.g., "real-time navigation"]. You can turn this off at any time in your phone's settings.

What we don't collect

To be equally clear about what we do not do:

• ❌ We do not track your location when you haven't opened the app [unless background location applies above]
• ❌ We do not build a profile of everywhere you've ever been
• ❌ We do not share your precise location with advertisers
• ❌ We do not use your location to infer sensitive information about you (such as your religion, health conditions, or immigration status)
• ❌ We do not sell your location data — ever, to anyone

How to control location permissions

iPhone: Settings → Privacy & Security → Location Services → [App Name]

Android: Settings → Apps → [App Name] → Permissions → Location

Your choices are:

• Never: Location features won't work, but you can still use [other features]
• While Using the App: We can only see your location when the app is open
• Always: We can access location in the background (only request this if your app needs it)

Changing to "Never" won't delete data we've already collected — see Section 9 for deletion instructions.

---

3. Other Information We Collect

Account information

When you create an account, we collect:

• Your email address
• A password (which we store encrypted — we cannot read it)
• Your name (if you choose to provide it)
• Profile preferences you set

Device information

When you use the app, we automatically receive:

• Your device type (e.g., iPhone 14, Samsung Galaxy S23)
• Operating system version (e.g., iOS 17, Android 14)
• A unique device identifier (a random code assigned to your device — not your phone number or name)
• App version you're using
• Time zone and language settings

Why we need this: If the app crashes or has a bug, this helps us figure out what went wrong so we can fix it.

Usage information

We collect information about how you interact with the app:

• Which features you tap on
• How long you spend on different screens
• Error messages you encounter
• Features you don't use

Why we need this: To understand what's working and what isn't, so we can improve the app.

What we do NOT collect

• ❌ Your contacts
• ❌ Your photos or camera roll (unless you explicitly share a photo through the app)
• ❌ Your text messages or calls
• ❌ Your browsing history outside this app
• ❌ Your financial information (payments, if any, are handled by [Apple/Google/Stripe] directly)
• ❌ Your face or biometric data

---

4. Why We Collect This Information

We believe every piece of data we collect should have a clear, honest reason. Here's ours:

Data	Why We Collect It	Legal Basis
Precise location	To provide core app features like [navigation/finding nearby places/etc.]	Your consent (you can revoke anytime)
Approximate location	To show region-relevant content	Legitimate interest
Account information	To save your settings and let you log in	Contract (necessary to provide the service)
Device information	To diagnose bugs and crashes	Legitimate interest
Usage patterns	To improve the app	Legitimate interest

"Legitimate interest" means we have a genuine business reason that doesn't outweigh your privacy rights. You can object to processing based on legitimate interest — see Section 8.

We do not use your data for automated decision-making that significantly affects you. No algorithm will deny you services, charge you different prices, or make important decisions about you based on your app data.

---

5. How We Store Your Data

Where your data lives

Your data is stored on servers located in [Country/Region, e.g., "the United States"], operated by [Cloud Provider, e.g., "Amazon Web Services"].

If you're located in the European Union or UK, this means your data is transferred outside the EEA. We handle this through [Standard Contractual Clauses / EU-US Data Privacy Framework], which are legal mechanisms that ensure your data receives adequate protection.

How we protect your data

We use the following security measures:

In transit (when data travels between your phone and our servers):

• All data is encrypted using TLS 1.2 or higher (the same technology banks use)
• This means your data can't be intercepted and read in transit

At rest (when data is stored on our servers):

• Location data is encrypted using AES-256 encryption
• Passwords are hashed using bcrypt (meaning we genuinely cannot read your password)
• Databases are access-controlled — only engineers who need access for specific reasons can access them
• Access is logged and audited

Operational security:

• We conduct annual security audits
• We run a vulnerability disclosure program at [security@appname.com]
• We have an incident response plan if something goes wrong

What happens if there's a breach

We hope it never happens. If it does:

• We will notify affected users within 72 hours of discovering a breach
• We will notify relevant authorities as required by law
• We will explain clearly what happened, what data was involved, and what we're doing about it

---

6. Who We Share Your Data With

We'll be specific here. "We may share your data with partners" is the kind of vague language that erodes trust. Here's exactly who might receive your data:

Service providers (companies that help us run the app)

These companies process data on our behalf, under contracts that restrict how they can use it. They cannot sell your data or use it for their own purposes.

Provider	Purpose	Data They Receive	Location
[Cloud Provider, e.g., AWS]	Storing app data	All app data	[Country]
[Analytics, e.g., Mixpanel]	App usage analytics	Anonymized usage data	[Country]
[Crash reporting, e.g., Sentry]	Bug tracking	Device info, error logs	[Country]
[Email provider, e.g., SendGrid]	Sending emails	Your email address	[Country]
[Maps provider, e.g., Mapbox]	Displaying maps	Your location (when map is active)	[Country]

[Update this table to reflect your actual vendors. Users deserve to know specifically who has their data.]

Legal requirements

We may be required to share your data if:

• A court orders us to with a valid legal process
• Law enforcement presents a legally valid request
• We're required to by applicable law

What we'll do before complying:

• We will review every request to ensure it's legally valid
• We will challenge overly broad requests
• We will notify you before complying unless we're legally prohibited from doing so (e.g., if a gag order exists)
• We will publish a transparency report annually showing the number and type of legal requests we've received

Business transfers

If our company is acquired, merges with another company, or goes through bankruptcy, your data may be transferred to the acquiring company. If this happens:

• We will notify you by email and in-app notification before the transfer
• You will have the opportunity to delete your account before the transfer completes
• Any acquiring company will be required to honor this privacy policy

What we will never do

• ❌ Sell your data. Ever. To anyone. For any price.
• ❌ Share your precise location with advertisers.
• ❌ Share your data with data brokers.
• ❌ Share your data with employers, landlords, insurers, or government agencies without a valid legal requirement.
• ❌ Use your data to train AI models sold to third parties.

---

7. How Long We Keep Your Data

We don't hold onto data longer than we need it. Here's specifically how long we keep different types:

Data Type	Retention Period	Why
Precise location (real-time)	Not stored beyond your session (or: [X days] for [specific feature])	Only needed in the moment
Location history	[X days/months]	To provide [feature]
Account information	Until you delete your account + 30 days	Grace period for account recovery
Usage analytics	12 months	To analyze trends year over year
Device/crash logs	90 days	Bugs are usually caught and fixed quickly
Backups	30 days after deletion	To recover from accidental data loss
Legal hold data	As required by law	When we're legally required to preserve data

After these periods, data is either deleted entirely or anonymized so it can't be traced back to you.

---

8. Your Rights and Choices

Depending on where you live, you have legal rights over your data. We honor these rights regardless of where you're located — they shouldn't be a privilege based on geography.

The rights you have

Right to know You can ask us: "What data do you have about me?" We'll send you a complete copy within 30 days.

Right to correct If something we have is wrong (like a wrong email address), you can ask us to fix it.

Right to delete You can ask us to delete your data. See Section 9 for exactly how to do this.

Right to portability You can ask for your data in a format you can take elsewhere (we'll provide it as a JSON or CSV file).

Right to restrict processing You can ask us to stop using your data for certain purposes while keeping your account.

Right to object You can object to processing based on "legitimate interest" (see Section 4). We'll stop unless we have compelling reasons that override your interests.

Right to withdraw consent For anything you consented to (like location access), you can withdraw that consent at any time. Withdrawal doesn't affect what was collected before.

Right to not be discriminated against Exercising any of these rights will not result in worse service, higher prices, or any penalty.

Specific regional rights

California residents (CCPA/CPRA): You have all the rights above plus the right to know whether we sell data (we don't) and to opt out of any future sale.

EU/UK residents (GDPR/UK GDPR): You have all the rights above plus the right to lodge a complaint with your local Data Protection Authority if you believe we've handled your data unlawfully.

Virginia, Colorado, Connecticut, Texas residents: You have rights similar to CCPA above. Contact us to exercise them.

How to exercise your rights

The easiest way: Go to Settings → Privacy → My Data in the app.

By email: privacy@[appname].com — write "Privacy Rights Request" in the subject line.

What to include: Your name, email address on your account, and what you're requesting.

What happens next:

1. We'll confirm we received your request within 5 business days
2. We'll verify your identity (to make sure we don't give your data to someone else)
3. We'll complete your request within 30 days (we'll let you know if we need up to 60 days for complex requests)
4. We'll explain our reasoning if we can't fulfill a request

We will never charge you a fee for exercising your privacy rights.

---

9. How to Delete Your Information

Deleting your data should be easy. Here's exactly how:

Option 1: Delete within the app (Fastest)

1. Open [App Name]
2. Tap your profile icon in the top right
3. Go to Settings → Privacy → Delete My Account
4. Choose what you want to delete:
   • Delete location history only
   • Delete account and all data
5. Confirm your choice
6. Done — deletion begins immediately

Option 2: Email us

Send an email to privacy@[appname].com with the subject line "Data Deletion Request."

Include:

• The email address associated with your account
• Whether you want to delete specific data or everything

We'll confirm and process within 30 days.

What happens when you delete

Immediately:

• Your account is deactivated
• Your data is removed from active databases
• You're logged out of all devices

Within 30 days:

• Your data is deleted from our servers
• Your data is removed from our service providers' systems

Within 90 days:

• Your data is removed from our backups

What we may retain:

• Anonymized, aggregated data that can't identify you (e.g., "1,000 users used feature X this month")
• Records legally required to be kept (e.g., transaction records for tax purposes — financial data only, not location data)
• Data subject to a legal hold

After deletion, we will send you a confirmation email with the date your data was deleted.

---

10. Children's Privacy

[App Name] is not designed for or directed at children under 13 (or 16 in the EU).

We do not knowingly collect personal information from children under these ages. If you're a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@[appname].com and we will delete it promptly.

If you are a child, please ask a parent or guardian before using this app.

---

11. Changes to This Policy

We will update this policy as our practices change or as laws require. Here's our commitment when we do:

For minor changes (fixing typos, clarifying language without changing meaning):

• We'll update the "Last Updated" date at the top
• No notification needed

For significant changes (collecting new types of data, sharing with new parties, changing how long we keep data):

• We'll notify you by email at least 30 days before the change takes effect
• We'll show an in-app notification when you open the app
• We'll clearly explain what's changing and why
• If the change requires new consent, we'll ask for it explicitly

You can always find the current version at: [appname].com/privacy

We keep an archive of previous versions at: [appname].com/privacy/archive

If you disagree with changes, you can delete your account before they take effect.

---

12. How to Contact Us

For privacy questions and requests: 📧 privacy@[appname].com

For urgent security concerns: 📧 security@[appname].com We treat security reports seriously and will respond within 24 hours.

By mail: [Company Name] Attn: Privacy Team [Street Address] [City, State, Zip] [Country]

Our Data Protection Officer (required for GDPR compliance if applicable): [DPO Name or "Our DPO can be reached at dpo@[appname].com"]

EU Representative (if required): [Name and contact of EU representative]

Response time commitment: We respond to all privacy inquiries within 5 business days. We won't leave you waiting.

---

Glossary

Because privacy law uses a lot of jargon:

Data controller: The company responsible for your data (that's us).

Data processor: A company that handles data on our behalf (our vendors).

Personal data: Any information that can identify you — name, email, location, device ID, etc.

Anonymized data: Data that has been processed so it can no longer identify any individual.

Legitimate interest: A legal basis that allows us to process data for genuine business reasons without consent, as long as it doesn't override your rights.

GPC (Global Privacy Control): A browser/device setting that signals you don't want your data sold. We honor this signal.

---

This policy was written by humans, for humans. If something doesn't make sense or you want to know more, please ask us. Privacy should be a conversation, not a legal wall.

privacy@[appname].com

---

© [Year] [Company Name]. This privacy policy template is provided for reference. Consult a qualified privacy attorney before publishing your own policy.

---

Implementation Notes for Developers

Remove this section before publishing

• Replace all [bracketed placeholders] with actual information
• Complete all [Choose the option] sections based on your actual data practices
• Have a privacy attorney review this before publishing, especially for GDPR/CCPA compliance
• Update the vendor table in Section 6 with your actual third-party services
• Ensure your app actually implements the deletion workflow described in Section 9
• Set a calendar reminder to review this policy annually

MyApp Privacy Policy

Last Updated: [Insert Date]

At MyApp, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our mobile app (the "App"). The App collects location data to provide features like tracking your routes or nearby points of interest.

By using the App, you agree to the practices described here. If you don't agree, please don't use the App.

1. What Data We Collect

We only collect the data necessary to run the App and improve your experience. Here's what we gather:

• Location Data: Your precise GPS location (latitude/longitude) when you use the App. This includes real-time location while the App is open and, if you enable it, background location when it's closed (e.g., for tracking during walks or drives). We also log timestamps and routes.
• Device Information: Your device type (e.g., iPhone or Android), OS version, unique device ID, IP address, and battery level.
• Usage Data: How you interact with the App, like features used, session length, and crash reports.
• Account Info (if you create one): Email address, username, and profile details you provide.

We don't collect sensitive data like health info, financial details, or contacts unless you explicitly share it.

2. How We Use Your Data

We use your data to:

• Deliver App features (e.g., show your location on a map).
• Personalize your experience (e.g., save your favorite routes).
• Improve the App (e.g., analyze usage trends anonymously).
• Send updates or support (if you opt in).
• Comply with laws or prevent fraud.

3. How We Store and Protect Your Data

• Storage: Location and usage data are stored on secure cloud servers in [e.g., the US/EU] using encryption (AES-256). Account data is hashed for security.
• Retention: We keep location data for 30 days or until you delete it. Usage data is anonymized after 90 days. We delete inactive accounts after 1 year.
• Security: We use firewalls, access controls, and regular audits. No system is 100% secure, but we follow industry best practices.

4. Who We Share Your Data With

We don't sell your data. We only share it when necessary:

• Service Providers: Trusted third parties like cloud storage (e.g., AWS), analytics tools (e.g., Google Analytics, anonymized data only), and crash reporting services. They’re bound by contracts to protect your data.
• Legal Reasons: If required by law, subpoena, or to protect our rights/safety.
• Business Transfers: If we sell the company, your data may transfer to the new owner.

No sharing with advertisers or for marketing without your consent.

5. Your Rights and Choices

You control your data:

• Opt Out: Turn off location permissions in your device settings anytime. Without it, some features won't work.
• Access or Delete: Email us at privacy@myapp.com with your account email/device ID. We'll verify you, then:
  • Send you a copy of your data (within 30 days).
  • Delete your data (within 30 days). This is permanent and stops all processing.
• Other Rights: Depending on your location (e.g., GDPR/CCPA), you can request corrections, restrict use, or object. We'll respond promptly.

For California residents: See our CCPA notice [link if applicable].

6. Children's Privacy

The App isn't for kids under 13 (or 16 in some regions). We don't knowingly collect their data. Parents can contact us to delete it.

7. International Users

Data may transfer across borders (e.g., to the US). We ensure adequate protections.

8. Changes to This Policy

We'll update this if practices change and notify you via App or email (at least 30 days' notice for big changes).

9. Contact Us

Questions? Email privacy@myapp.com or write to:
MyApp Privacy Team
[Your Company Address]

This policy complies with laws like GDPR and CCPA where applicable. It's not legal advice—consult a lawyer for specifics. Thanks for trusting MyApp!