Most developers of apps and websites know by now that they need a privacy policy. Not only is it mandated by many regulations across the planet, but services themselves have also become quite vocal about the need for a privacy policy.
Google has recently made sure that any apps requesting specific permissions have a privacy policy by mass emailing developers with the new rules (and removing non-compliant apps).
OneSignal is a push notification service provider that offers its base service for free. Free usually means that data is sold in one way or another. From a data protection perspective that usually has at least the alarm bells go off.
Not unsurprisingly OneSignal also offers some insights into what it considers minimum requirements for your privacy policy (if you use OneSignal).
Let’s take a look at the various documents and its contents (highlights by iubenda):
From the OneSignal terms:
Privacy Compliance. The Parties agree to comply with all applicable privacy laws, and each respective party agrees to perform the following obligations:
- Licensee is responsible for obtaining all applicable consents required to enable OneSignal to collect information from End User’s device or browser. Licensee shall publish privacy policies and disclosures for the Properties that comply with applicable law and the terms of this EULA, including, but not limited to, clearly disclosing that the SDK Information will be collected and how it may be used, as set forth in Section 5 above.
- Each Party shall at all times comply with its respective published privacy policies and disclosures, and each party shall at all times post a privacy policy on its website that describes how it collects, uses and shares information, and that provides information about how an End User can opt out of interest-based advertising (e.g., online behavioral or mobile cross-app advertising).
- Where Licensee provides data (such as IDFAs, Android Ad IDs, or location data) in a manner other than through Company’s proprietary SDK, including without limitation through an API or an SDK proprietary to the Licensee, Licensee shall be responsible for ensuring ensure that any collection and transfer of data is done in compliance with user’s stated preferences, including without limitation devices settings to “Limit Ad Tracking” and “Opt Out of interest-based ads.”
- Licensee shall notify Company in writing of any further data usage or governance requirements, restrictions or limitations, to the extent they apply, in which case the Parties may execute a further, paid subscription plan setting out such limitations and licensing payments to supplement the terms herein.
First of all you’re required to collect the necessary consents. You need a privacy policy that outlines the data processed by OneSignal and your app and how this data is used. This privacy policy goes into detail about how you collect, use and share information, plus it provides information about how your user can opt-out of interest-based advertising.
From the OneSignal privacy policy:
Consumer Control & Opt-Out Options.
In most cases, consumers have control over whether or not they would like to receive relevant advertisements and marketing email from our Clients.
- Opting Out of OneSignal Push Notifications
You may in most cases opt out of receiving push notifications by going to your device “Settings” and clicking on “Notifications,” and then changing those settings for some or all of the apps on your device. (Different device configurations, or updates to devices, may affect or change how these settings work.)
Your choice to opt out of “Notifications” from the OneSignal platform will not affect ads placed by any other organization.- Opting Out of Online Interest-Based Advertising You can opt out of many of the platforms and service providers that facilitate online interest-based advertising by visiting the Digital Advertising Alliance’s consumer education and opt-out page, at http://www.aboutads.info/. This type of opt out is cookie based, which means that if you replace or upgrade your browser, or delete your cookies, you will need to opt out again. Opting out in this way will not prevent you from receiving ads – it will just make the ads you see less customized to you.
- Opting Out of “Cross-App” Advertising on Mobile Devices
You can opt out of having your mobile advertising identifiers used for certain types of interest-based (also called “cross-app”) mobile behavioral advertising, by accessing the “settings” on your Apple or Android mobile device, as follows:
- Apple Devices: If you have an Apple device, you can opt out of most app-based tracking for interest-based advertising by updating to iOS 6.0 or higher and setting Limit Ad Tracking to ‘ON.’ You can do this by clicking on Settings -> General -> About -> Advertising and toggling Limit Ad Tracking to ‘ON.’
- Android Devices: If you have an Android device, you can opt out of most app-based tracking for interest-based advertising by opening the Google Settings app on your device, selecting Ads, and then selecting the option to opt-out of interest-based ads.
Please note that these platforms control how these settings work, so the above may change. Likewise, if your device uses other platforms not described above, you should check the settings for those devices.
- Additional Choices
Advertisers may also provide ways for you to opt out from or limit their collection of information from and about you. Please refer to the privacy policies for retailers, applications and websites to learn more about their privacy practices.
You may opt not to receive promotional emails from us by contacting us as indicated below or by following the “unsubscribe” instructions in any promotional email you receive from us. Please note, however, that we may still send you non-promotional emails about your relationship with us.
The above gives you a good overview of how you can help your users to opt-out of various features applied by OneSignal.
How to write that privacy policy section for OneSignal
This should give you a good idea of what you might want to put into your privacy policy document. If you’d rather have someone else take care of many of the headaches caused by managing privacy policies, you may want to take a look at iubenda and our privacy policy generator for mobile apps or web site privacy policy generator.
We have added a OneSignal section that you can add to your privacy policy via the dashboard of your account.