Posted on by

Some of you, especially if you are in California, may have heard of this recent news story about the possible requirement for app privacy policies. If you haven’t, please make sure you take a look.

Whatever your location, having a privacy policy that explains what data you collect and what you do with it is a good practice.

So we want to make sure that you are aware of this issue and also that you have the info you need from Corona Labs. With that in mind, we put up a “Privacy Policy for App Users” a few months ago. The goal of this document is to inform you and your app users of what info we capture.

If you decide to set up a privacy policy for your apps, you can potentially use this document as a model, and you can also reference it within your own document.

One final point: California’s requirements on this are still a little grey. And the format and information in a privacy policy varies widely. We are providing ours as just a guideline for yours. If you have questions, feel free to ask below, but we are not lawyers and cannot give you legal advice. :)


Posted by . Thanks for reading...

10 Responses to “Corona Developers and Privacy Policies”

    • GreenCastle

      Is capturing information about a touch event on the user’s device “collecting data”? Where is the line drawn? Does an app that doesn’t log into any social networking stuff or prompt any personal information to be entered have anything to worry about?

      As someone has pointed out, it’s not clear either how CA intends to enforce this state legislation on developers in other states – or countries – on the internet at large.

  1. David

    GreenCastle – let me once again emphasize that I am not a lawyer. So you should consult one and make your own decisions on what you include on your privacy policy.

    However, “collecting data” will usually mean that you take some data from the device (usage data, device data or data supplied by the user) and store it somewhere remotely.

    If you do not collect any data, it would probably still be a good idea to have a privacy policy where you explicitly state that you do not collect any data. But I guess that under some circumstances it may not be necessary to have one.

    As for what exactly CA intends to do, or how it will enforce things, your guess is as good as ours.


  2. David

    Shiv – we are talking about a privacy policy for what data you app may collect from its users. Depending on where you live and where your users are, you may be required to have an explicit privacy policy for your app.

  3. Kevin Bradford

    This is a perfectly timed blog post. I have been contacted by the State of California that my apps do not meet their law, and they gave me 30 days to comply. What they would do after 30 days, who knows, but it is a bit intimidating.

    I have now created a privacy policy, but since all of my apps are children’s games I don’t ever collect anything. I never transmit data, and I have even set launchpad=false in all my apps. I even go so far as to remove all Android permissions to the internet.

    However, I’m curious about what Corona is sending without me knowing. If I have set launchpad=false, are you still sending the information you list in your privacy policy? If so, then there has go to be some way to completely disable it. I can’t be telling parents that my apps aren’t taking any info at all, but behind the scenes Corona is doing things I can’t control. That simply won’t fly with customers.

    See this news article, it looks like a bigger crackdown is coming soon from the government:

    So, what can I tell parents about the data Corona is collecting?

  4. David

    Kevin – if you set launchpad=false, and you are not using analytics (Flurry), ads, gamenetwork or credits (which you probably are not since you are making kids apps), then we are NOT collecting any data.

    Does that answer your questions?

  5. Mo


    1- Can we simply put the link “Privacy Policy for App Users” in the box “Privacy Policy URL (Optional)” on the app page on iTunes.

    2- Would using Flurry covered by the above link?

    3- Do we need a PP in the app itself in addition to a web site (or link to your PP page)

    Of course I understand you are not a lawyer but I am very interested about your opinions on this issue. It is very worrying because pretty all we do with our app has some internet exchange of data with some remote server (FB, Twitter, gameCenter, Flurry and Revmob to list a few)

    Thanks David



Leave a Reply

  • (Will Not Be Published)