Mike/Kordant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
203591ca0582c2a680d4e862b66d8e58db9fa3e2
Kordant/tasks/android-production/25-privacy-data-safety.md
Michael Freno 5214412fff get to prod tasks
2026-05-26 16:06:34 -04:00

3.1 KiB
Raw Blame History

25. Privacy Policy & Data Safety Form

meta: id: android-production-25 feature: android-production priority: P1 depends_on: [] tags: [compliance, play-store, privacy, production]

objective:

  • Complete the Google Play Data Safety form and ensure privacy policy compliance for Android app

deliverables:

  • Data Safety form completed in Play Console
  • Privacy policy page live
  • Data collection audit
  • Security practices documentation

steps:

  1. Audit data collection:
    • Review all data collected by app:
      • Contact info (name, email)
      • Voice recordings (VoicePrint)
      • Phone numbers (SpamShield)
      • Device info (for analytics)
      • Location (if used)
    • Review third-party SDK data collection:
      • Firebase Analytics
      • Firebase Crashlytics
      • FCM
      • Any other SDKs
  2. Complete Data Safety form:
    • Log into Play Console → App content → Data safety
    • Answer all questions accurately:
      • Does app collect/share data?
      • Types of data collected
      • Purposes of collection
      • Whether data encrypted in transit
      • Whether deletion requested
      • Independent security review (if applicable)
  3. Declare data types:
    • Location (approximate or precise)
    • Personal info (name, email, phone)
    • Financial info (if in-app purchases)
    • Health and fitness (not applicable)
    • Messages (not applicable)
    • Photos and videos (document scans)
    • Audio files (voice recordings)
    • Files and docs (not applicable)
    • Calendar (not applicable)
    • Contacts (not applicable)
    • App activity (analytics)
    • App info and performance (crash logs)
    • Device IDs (for analytics)
  4. Document security practices:
    • Data encrypted in transit (TLS 1.3)
    • Data encrypted at rest (EncryptedSharedPreferences)
    • User can request deletion
    • Independent security review (if available)
  5. Link privacy policy:
    • Ensure privacy policy URL is accessible
    • Link from Play Store listing
    • Link from app settings
  6. Update for changes:
    • Re-audit when adding new features
    • Update Data Safety form for new data collection
    • Update privacy policy

tests:

  • Compliance: Data Safety form complete and accurate
  • Legal: Privacy policy reviewed
  • Technical: Data collection matches declaration

acceptance_criteria:

  • Data Safety form 100% complete in Play Console
  • All data types accurately declared
  • Collection purposes clearly stated
  • Encryption in transit declared
  • Deletion mechanism declared
  • Privacy policy URL live and accessible
  • Privacy policy covers all data collection
  • Third-party SDK data collection documented
  • Security practices documented
  • Form accurate and honest (no false claims)

validation:

  • Play Console → Data Safety section complete
  • Review answers → all accurate
  • Check privacy policy → covers all declared data
  • Test deletion request → process works
  • Verify encryption → TLS 1.3 active

notes:

  • Google strictly enforces Data Safety form accuracy
  • False claims can lead to app suspension
  • Update form whenever adding new data collection
  • Privacy policy must be accessible without login
Reference in New Issue View Git Blame Copy Permalink