get to prod tasks
This commit is contained in:
97
tasks/android-production/25-privacy-data-safety.md
Normal file
97
tasks/android-production/25-privacy-data-safety.md
Normal file
@@ -0,0 +1,97 @@
|
||||
# 25. Privacy Policy & Data Safety Form
|
||||
|
||||
meta:
|
||||
id: android-production-25
|
||||
feature: android-production
|
||||
priority: P1
|
||||
depends_on: []
|
||||
tags: [compliance, play-store, privacy, production]
|
||||
|
||||
objective:
|
||||
- Complete the Google Play Data Safety form and ensure privacy policy compliance for Android app
|
||||
|
||||
deliverables:
|
||||
- Data Safety form completed in Play Console
|
||||
- Privacy policy page live
|
||||
- Data collection audit
|
||||
- Security practices documentation
|
||||
|
||||
steps:
|
||||
1. Audit data collection:
|
||||
- Review all data collected by app:
|
||||
- Contact info (name, email)
|
||||
- Voice recordings (VoicePrint)
|
||||
- Phone numbers (SpamShield)
|
||||
- Device info (for analytics)
|
||||
- Location (if used)
|
||||
- Review third-party SDK data collection:
|
||||
- Firebase Analytics
|
||||
- Firebase Crashlytics
|
||||
- FCM
|
||||
- Any other SDKs
|
||||
2. Complete Data Safety form:
|
||||
- Log into Play Console → App content → Data safety
|
||||
- Answer all questions accurately:
|
||||
- Does app collect/share data?
|
||||
- Types of data collected
|
||||
- Purposes of collection
|
||||
- Whether data encrypted in transit
|
||||
- Whether deletion requested
|
||||
- Independent security review (if applicable)
|
||||
3. Declare data types:
|
||||
- Location (approximate or precise)
|
||||
- Personal info (name, email, phone)
|
||||
- Financial info (if in-app purchases)
|
||||
- Health and fitness (not applicable)
|
||||
- Messages (not applicable)
|
||||
- Photos and videos (document scans)
|
||||
- Audio files (voice recordings)
|
||||
- Files and docs (not applicable)
|
||||
- Calendar (not applicable)
|
||||
- Contacts (not applicable)
|
||||
- App activity (analytics)
|
||||
- App info and performance (crash logs)
|
||||
- Device IDs (for analytics)
|
||||
4. Document security practices:
|
||||
- Data encrypted in transit (TLS 1.3)
|
||||
- Data encrypted at rest (EncryptedSharedPreferences)
|
||||
- User can request deletion
|
||||
- Independent security review (if available)
|
||||
5. Link privacy policy:
|
||||
- Ensure privacy policy URL is accessible
|
||||
- Link from Play Store listing
|
||||
- Link from app settings
|
||||
6. Update for changes:
|
||||
- Re-audit when adding new features
|
||||
- Update Data Safety form for new data collection
|
||||
- Update privacy policy
|
||||
|
||||
tests:
|
||||
- Compliance: Data Safety form complete and accurate
|
||||
- Legal: Privacy policy reviewed
|
||||
- Technical: Data collection matches declaration
|
||||
|
||||
acceptance_criteria:
|
||||
- Data Safety form 100% complete in Play Console
|
||||
- All data types accurately declared
|
||||
- Collection purposes clearly stated
|
||||
- Encryption in transit declared
|
||||
- Deletion mechanism declared
|
||||
- Privacy policy URL live and accessible
|
||||
- Privacy policy covers all data collection
|
||||
- Third-party SDK data collection documented
|
||||
- Security practices documented
|
||||
- Form accurate and honest (no false claims)
|
||||
|
||||
validation:
|
||||
- Play Console → Data Safety section complete
|
||||
- Review answers → all accurate
|
||||
- Check privacy policy → covers all declared data
|
||||
- Test deletion request → process works
|
||||
- Verify encryption → TLS 1.3 active
|
||||
|
||||
notes:
|
||||
- Google strictly enforces Data Safety form accuracy
|
||||
- False claims can lead to app suspension
|
||||
- Update form whenever adding new data collection
|
||||
- Privacy policy must be accessible without login
|
||||
Reference in New Issue
Block a user