98 lines
3.1 KiB
Markdown
98 lines
3.1 KiB
Markdown
# 25. Privacy Policy & Data Safety Form
|
|
|
|
meta:
|
|
id: android-production-25
|
|
feature: android-production
|
|
priority: P1
|
|
depends_on: []
|
|
tags: [compliance, play-store, privacy, production]
|
|
|
|
objective:
|
|
- Complete the Google Play Data Safety form and ensure privacy policy compliance for Android app
|
|
|
|
deliverables:
|
|
- Data Safety form completed in Play Console
|
|
- Privacy policy page live
|
|
- Data collection audit
|
|
- Security practices documentation
|
|
|
|
steps:
|
|
1. Audit data collection:
|
|
- Review all data collected by app:
|
|
- Contact info (name, email)
|
|
- Voice recordings (VoicePrint)
|
|
- Phone numbers (SpamShield)
|
|
- Device info (for analytics)
|
|
- Location (if used)
|
|
- Review third-party SDK data collection:
|
|
- Firebase Analytics
|
|
- Firebase Crashlytics
|
|
- FCM
|
|
- Any other SDKs
|
|
2. Complete Data Safety form:
|
|
- Log into Play Console → App content → Data safety
|
|
- Answer all questions accurately:
|
|
- Does app collect/share data?
|
|
- Types of data collected
|
|
- Purposes of collection
|
|
- Whether data encrypted in transit
|
|
- Whether deletion requested
|
|
- Independent security review (if applicable)
|
|
3. Declare data types:
|
|
- Location (approximate or precise)
|
|
- Personal info (name, email, phone)
|
|
- Financial info (if in-app purchases)
|
|
- Health and fitness (not applicable)
|
|
- Messages (not applicable)
|
|
- Photos and videos (document scans)
|
|
- Audio files (voice recordings)
|
|
- Files and docs (not applicable)
|
|
- Calendar (not applicable)
|
|
- Contacts (not applicable)
|
|
- App activity (analytics)
|
|
- App info and performance (crash logs)
|
|
- Device IDs (for analytics)
|
|
4. Document security practices:
|
|
- Data encrypted in transit (TLS 1.3)
|
|
- Data encrypted at rest (EncryptedSharedPreferences)
|
|
- User can request deletion
|
|
- Independent security review (if available)
|
|
5. Link privacy policy:
|
|
- Ensure privacy policy URL is accessible
|
|
- Link from Play Store listing
|
|
- Link from app settings
|
|
6. Update for changes:
|
|
- Re-audit when adding new features
|
|
- Update Data Safety form for new data collection
|
|
- Update privacy policy
|
|
|
|
tests:
|
|
- Compliance: Data Safety form complete and accurate
|
|
- Legal: Privacy policy reviewed
|
|
- Technical: Data collection matches declaration
|
|
|
|
acceptance_criteria:
|
|
- Data Safety form 100% complete in Play Console
|
|
- All data types accurately declared
|
|
- Collection purposes clearly stated
|
|
- Encryption in transit declared
|
|
- Deletion mechanism declared
|
|
- Privacy policy URL live and accessible
|
|
- Privacy policy covers all data collection
|
|
- Third-party SDK data collection documented
|
|
- Security practices documented
|
|
- Form accurate and honest (no false claims)
|
|
|
|
validation:
|
|
- Play Console → Data Safety section complete
|
|
- Review answers → all accurate
|
|
- Check privacy policy → covers all declared data
|
|
- Test deletion request → process works
|
|
- Verify encryption → TLS 1.3 active
|
|
|
|
notes:
|
|
- Google strictly enforces Data Safety form accuracy
|
|
- False claims can lead to app suspension
|
|
- Update form whenever adding new data collection
|
|
- Privacy policy must be accessible without login
|