The Apple App Store now requires a privacy policy for all apps including updates to existing apps.
First, I’m curious on seeing any boilerplate privacy policies. It might be good to put together a general policy for those of us who can’t afford lawyers 
Second, I’m curious on what data the Corona SDK gathers on its own discounting any third-party plug ins like advertising, etc. Basically: If you don’t hav ads or social media or any other plug in, does Corona gather any information?
There isn’t really a “one size fits all” solution to privacy policies. There are some online tools that can help you with drafting a general level privacy policy, but those are rarely as legally sound as you’d hope, nor do the providers of those tools offer any guarantees that the privacy policies created using their tools are legally valid.
GDPR states that you need to clearly identify what information you are gathering, what you are using it for, who controls and who processes the data, what those 3rd parties’ privacy policies are, etc. However, it doesn’t really seem that the rules of GDPR are being monitored at all for the time being. Many major game studios don’t seem to be all that bothered about meeting with the full requirements, but that isn’t to say that you should ignore GDPR like they do.
As for Corona SDK, apps made with it do collect and store user information. I’m quite sure that I’ve read Rob stating that Corona doesn’t collect users’ private information anymore, but their privacy policy would lead me to understand otherwise. At the very least, they seem to collect data on things like what apps being used, how much they are used, what OS or device the app is running on, etc. Basically, all sorts of data that helps the people at Corona to further improve the SDK and their services.
We track non-private data that lets us know daily active users, number of sessions, and some counting of ads delivered and similar stats. I believe that we also determine information about the application bundle ID/Package Name.
If I remember correctly, our privacy policy is written to allow some future flexibility and to cover those using apps that haven’t updated to the GDPR friendly versions of Corona.
Rob
The Google app store has always required linking to privacy policies, so we just link to the policy on our main website, or to a branded page that in turn links back to our main policy so as we don’t have to maintain multiple copies. Keeping it simple is one of the goals of GDPR, so this approach works all round.
As for actual policy content - we had an intellectual property lawyer draw us up a bunch of things about 5 years ago, and he threw in some generic-ish website t+c and privacy docs. We doctored them quite a bit over the years and then for GDPR we rewrote the already doctored version to be more human friendly, and to include a few new segments. E.g. the newer Google Analytics blurb. As such, I can’t promise that our policy is bullet proof (are they ever?), but it should be pretty decent. You’re welcome to use it as your starting canvas: https://www.qweb.co.uk
Thanks Rob. I was able to incorporate some of that in the privacy policy I’m working on.
Richard – thanks! I grabbed a paragraph here and there and added it to a generic policy I had generated.
Here’s my current policy. I post the link so that anyone else can grab it, edit it as they need and post it. Any suggestions are welcome. I only use the standard SDK and AdMob so I’ve only included references to those services.
Richard.
Thanks for sharing the example of your policy template.
You are a great asset the the Corona Community.
I am going to try to use that one, and strip out a lot of the things I don’t think I will need. Smaller and simpler would be better for me since Corona says they collect nothing, and I have removed analytics from my app, I am thinking only the Appodeal Ad Service is the only thing that would require me to post such a policy.
However, I take it even if not using an ad service or collecting analytic data Google and Apple are still going to require a privacy policy, so I might as well post one.
Thanks again for sharing
Bob
Havlen,
Just saw your post… thanks for sharing.
Bob
I quickly checked out your site. You’ll want to fix the error reporting on your site and address the quickstats plugin. As it is now, the error messages are visible to any visitor to see (and act upon).
Thanks, I deactivated the plug in. Noticed it the other day and forgot to do so at that point.
Bob – Corona does collect some information as detailed in Rob’s post above. You are more than welcome to copy and paste the small snipped I wrote about it in my privacy policy. I basically repeated what Rob said and mainly just linked to Corona’s privacy policy.
Havlen,
Thanks for the tip… I will likely do the same, have links to the corona and appodeal policy pages.
I’m not sure I’m much of an asset quite yet, but every little helps huh 
.
Simpler is better for GDPR too, so absolutely reduce as much as you can. Long gone are the days of padding out with tonnes of legal crud and expecting nobody to actually read these things!
If you had a dime for everyone who did-not read those, you would be a Gazillionaire!
There isn’t really a “one size fits all” solution to privacy policies. There are some online tools that can help you with drafting a general level privacy policy, but those are rarely as legally sound as you’d hope, nor do the providers of those tools offer any guarantees that the privacy policies created using their tools are legally valid.
GDPR states that you need to clearly identify what information you are gathering, what you are using it for, who controls and who processes the data, what those 3rd parties’ privacy policies are, etc. However, it doesn’t really seem that the rules of GDPR are being monitored at all for the time being. Many major game studios don’t seem to be all that bothered about meeting with the full requirements, but that isn’t to say that you should ignore GDPR like they do.
As for Corona SDK, apps made with it do collect and store user information. I’m quite sure that I’ve read Rob stating that Corona doesn’t collect users’ private information anymore, but their privacy policy would lead me to understand otherwise. At the very least, they seem to collect data on things like what apps being used, how much they are used, what OS or device the app is running on, etc. Basically, all sorts of data that helps the people at Corona to further improve the SDK and their services.
We track non-private data that lets us know daily active users, number of sessions, and some counting of ads delivered and similar stats. I believe that we also determine information about the application bundle ID/Package Name.
If I remember correctly, our privacy policy is written to allow some future flexibility and to cover those using apps that haven’t updated to the GDPR friendly versions of Corona.
Rob
The Google app store has always required linking to privacy policies, so we just link to the policy on our main website, or to a branded page that in turn links back to our main policy so as we don’t have to maintain multiple copies. Keeping it simple is one of the goals of GDPR, so this approach works all round.
As for actual policy content - we had an intellectual property lawyer draw us up a bunch of things about 5 years ago, and he threw in some generic-ish website t+c and privacy docs. We doctored them quite a bit over the years and then for GDPR we rewrote the already doctored version to be more human friendly, and to include a few new segments. E.g. the newer Google Analytics blurb. As such, I can’t promise that our policy is bullet proof (are they ever?), but it should be pretty decent. You’re welcome to use it as your starting canvas: https://www.qweb.co.uk
Thanks Rob. I was able to incorporate some of that in the privacy policy I’m working on.
Richard – thanks! I grabbed a paragraph here and there and added it to a generic policy I had generated.
Here’s my current policy. I post the link so that anyone else can grab it, edit it as they need and post it. Any suggestions are welcome. I only use the standard SDK and AdMob so I’ve only included references to those services.
Richard.
Thanks for sharing the example of your policy template.
You are a great asset the the Corona Community.
I am going to try to use that one, and strip out a lot of the things I don’t think I will need. Smaller and simpler would be better for me since Corona says they collect nothing, and I have removed analytics from my app, I am thinking only the Appodeal Ad Service is the only thing that would require me to post such a policy.
However, I take it even if not using an ad service or collecting analytic data Google and Apple are still going to require a privacy policy, so I might as well post one.
Thanks again for sharing
Bob
Havlen,
Just saw your post… thanks for sharing.
Bob
I quickly checked out your site. You’ll want to fix the error reporting on your site and address the quickstats plugin. As it is now, the error messages are visible to any visitor to see (and act upon).
Thanks, I deactivated the plug in. Noticed it the other day and forgot to do so at that point.
Bob – Corona does collect some information as detailed in Rob’s post above. You are more than welcome to copy and paste the small snipped I wrote about it in my privacy policy. I basically repeated what Rob said and mainly just linked to Corona’s privacy policy.