Can I use the same privacy policy for my website and my mobile app?

Often yes — a single policy that covers both is simpler to maintain, as long as it explicitly addresses app-specific data practices (device identifiers, permissions, push notifications) alongside the website sections. Make sure the link you submit to App Store Connect / Play Console is publicly reachable.

Do I still need a privacy policy if my app doesn't collect any data?

Yes. Both Apple and Google require a privacy policy URL for every app submission regardless of whether the app collects data — you'll still fill out the App Privacy / Data safety questionnaire, just marking that no data is collected, and your linked policy should say the same thing.

What if my app uses third-party SDKs (ads, analytics, crash reporting)?

Their data collection counts as your app's data collection for both the App Privacy and Data safety questionnaires, and should be reflected in your privacy policy too. Check each SDK's own documentation for what data it collects so your disclosures are accurate.

← Back to blog

Mobile App Privacy Policy: App Store and Google Play Requirements

If you're submitting an app to the Apple App Store or Google Play, a privacy policy isn't optional — both stores require a public link to one before they'll publish your app, and both ask you to fill out a data-collection questionnaire that should match it. Here's what that means in practice and what your policy needs to cover.

Published 2026-06-26

Not legal advice. This article is for general informational purposes only and does not constitute legal advice. Consult a qualified lawyer for advice specific to your business and jurisdiction.

Why app stores require a privacy policy

Unlike a website, where a privacy policy is often a best practice driven by laws like GDPR or CCPA, mobile app stores make it a hard submission requirement — every app, regardless of category or whether it collects data, needs a privacy policy URL in its store listing.

On top of the link itself, both Apple and Google ask developers to fill out a structured questionnaire describing what data the app collects, how it's used, and whether it's shared with third parties. Reviewers (and occasionally automated checks) compare those answers against the linked policy, so the two need to stay consistent.

Apple App Store: App Privacy details

In App Store Connect, every app version includes an "App Privacy" section where you declare the data types your app (and any third-party SDKs inside it) collects — things like contact info, identifiers, usage data, diagnostics, and location — and whether each type is used to track users across apps and websites.

Apple also requires a privacy policy URL for every app, even simple utilities that collect nothing. The link must be publicly reachable (no login wall) and should describe the same data practices declared in the App Privacy questionnaire, including any analytics, crash-reporting, ad, or attribution SDKs bundled into the app.

Google Play: Data safety section

Google Play's Play Console has an equivalent "Data safety" section where developers disclose what data types are collected or shared (location, personal info, financial info, device identifiers, app activity, and more), why, and whether collection is optional.

Like Apple, Google requires a privacy policy link in the store listing for all apps. The policy needs to be accessible from within the app itself as well (commonly via a settings or account screen), not just on the Play Store listing page.

What a mobile app privacy policy should cover

Beyond the standard website disclosures (what you collect, why, how users can contact you), a mobile app policy typically needs to address:

Device identifiers (advertising ID, device ID) and how they're used
Push notification tokens, if your app sends notifications
Permissions the app requests — camera, microphone, location, contacts, photos — and what each is used for
Crash reporting and analytics SDKs bundled into the app (and what data they collect on your behalf)
In-app purchase and subscription data, if applicable
Whether the app is directed at children, and any COPPA-related commitments if so
How users can request deletion of their account and associated data

Hosting and linking the policy correctly

A common reason for app store rejections is a broken or inaccessible privacy policy link: a URL behind a login, a placeholder page, or a link that returns a 404. The policy needs to live at a stable, public URL — for example on your marketing website — that you can paste into both App Store Connect and the Play Console.

If your business has both a website and a mobile app, one combined privacy policy that explicitly covers both is usually simpler to maintain than two separate documents, as long as it clearly addresses the app-specific points above (permissions, device identifiers, push tokens) in addition to the usual website sections.

Generate an app-ready privacy policy

TrustPack AI's Privacy Policy generator covers the standard sections app stores expect — data collection, third-party SDKs/analytics, user rights, and contact details — and produces a hosted-ready HTML/Markdown/PDF page you can link directly from App Store Connect and the Play Console.

Frequently asked questions

Can I use the same privacy policy for my website and my mobile app?: Often yes — a single policy that covers both is simpler to maintain, as long as it explicitly addresses app-specific data practices (device identifiers, permissions, push notifications) alongside the website sections. Make sure the link you submit to App Store Connect / Play Console is publicly reachable.
Do I still need a privacy policy if my app doesn't collect any data?: Yes. Both Apple and Google require a privacy policy URL for every app submission regardless of whether the app collects data — you'll still fill out the App Privacy / Data safety questionnaire, just marking that no data is collected, and your linked policy should say the same thing.
What if my app uses third-party SDKs (ads, analytics, crash reporting)?: Their data collection counts as your app's data collection for both the App Privacy and Data safety questionnaires, and should be reflected in your privacy policy too. Check each SDK's own documentation for what data it collects so your disclosures are accurate.

Ready to put your legal pages in place?

Free preview · $9 for the full watermark-free pack (HTML, Markdown, PDF & DOCX)

Generate my Trust Pack

Explore generators

Privacy Policy GeneratorCreate a GDPR/CCPA-style privacy policy in minutes. Website Trust PackGet all legal pages for your website in one go. EULA GeneratorCreate an End User License Agreement for your software, app, or digital product. Accessibility Statement GeneratorShow your commitment to accessible design with a clear accessibility statement. App Privacy Policy GeneratorA privacy policy URL for your App Store / Google Play listing, covering SDKs, permissions, and tracking.

More from the blog

How to Add a Privacy Policy to Shopify, WordPress, or WebflowGenerating a Privacy Policy is the easy part. Here's exactly where to put it on Shopify, WordPress, and Webflow so it's actually live and linked. Cookie Consent Laws Explained (EU, US, UK)Cookie banners aren't just a EU thing — but the rules are different depending on where your visitors are. Here's what GDPR, PECR, and CCPA/CPRA actually require.

See it in action

Curious what the generated documents look like? View a sample Trust Pack for an example business.