Skip to main content

Generating a Privacy Policy

Updated this week

A privacy policy is a legal document that discloses how your business collects, uses, and manages customer data. Both the App Store and Google Play require a privacy policy before your app can be approved, without one, your submission will be rejected.

This guide covers everything you need to create a compliant privacy policy, including the specific requirements for Apple and Google that go beyond a basic template.

In this article:

  • How to generate a privacy policy

  • Apple App Store privacy requirements

  • Google Play privacy and data safety requirements

  • Account deletion compliance

  • Where to host and link your privacy policy

Step 1: Generate Your Privacy Policy

If you don't already have a privacy policy, you can use Shopify's free privacy policy generator as a starting point.

  1. Visit the Shopify Privacy Policy Generator.

  2. Enter the required information about your business.

  3. Generate and download your policy.

Important: Shopify's generator provides a solid baseline, but it does not cover all of the mobile-app-specific requirements that Apple and Google enforce. You will need to add the sections described below to avoid rejection.

Step 2: Apple App Store Requirements

Apple requires two things related to privacy:

A. Privacy Policy URL

  • Your privacy policy must be hosted on a publicly accessible URL (not behind a login or password).

  • This URL is submitted as part of your app listing in App Store Connect.

B. App Privacy "Nutrition Labels"

  • In App Store Connect, you'll need to fill out the App Privacy section, which asks what data your app collects and how it's used.

  • For a typical Tapcart app, the data types include: contact info (name, email), purchase history, device identifiers, and usage data.

  • Be accurate, Apple reviews these declarations, and inconsistencies between your privacy label and your actual data practices can result in rejection.

Step 3: Google Play Requirements

Google has additional requirements that are a common source of app rejections:

A. Data Safety Section

  • In the Google Play Console, you must complete the Data Safety form. This declares what user data your app collects, whether it's shared with third parties, and your data retention practices.

  • This is separate from your privacy policy text, it's a structured form within Google Play Console under App Content → Data Safety.

  • If the Data Safety section is incomplete, Google will reject your app update.

B. Privacy Policy URL in Google Play Console

  • Navigate to App Content → Privacy Policy in Google Play Console and enter the URL where your privacy policy is hosted.

  • This must be a live, publicly accessible link. Google will verify the page is reachable.

C. Data Deletion Disclosure

  • Google requires that your privacy policy explicitly states how users can request deletion of their data.

  • Your Tapcart app includes a built-in Delete Account button (required by both stores). Your privacy policy should reference this mechanism.

  • See Delete Your User Account Inside the App for details on how the in-app deletion works.

Step 4: Account Deletion Compliance

Both Apple and Google require that apps allowing account creation also provide a way for users to delete their accounts. Tapcart handles this with a built-in account deletion flow in the app. Your privacy policy should include language stating:

  • Users can delete their account within the app

  • What data is deleted when an account is removed

  • The timeframe for data deletion (if applicable)

  • An alternative contact method for deletion requests (e.g., emailing your support team)

Step 5: Host and Link Your Privacy Policy

  1. Create a new page on your Shopify store for your privacy policy. For help adding a page, see Shopify's guide on editing menus and links.

  2. Add the privacy policy page to the footer of your website so it's publicly accessible.

  3. Copy the URL of your published privacy policy page.

  4. In the Tapcart dashboard, go to your App Listing settings and paste the privacy policy URL in the designated field.

  5. Also add the URL in App Store Connect and Google Play Console as described above.

Privacy Policy Checklist

Before submitting your app, verify your privacy policy covers:

  • ☐ What personal data you collect (name, email, payment info, device identifiers)

  • ☐ How collected data is used (order fulfillment, marketing, analytics)

  • ☐ Whether data is shared with third parties and which ones

  • ☐ How users can opt out of marketing communications

  • ☐ How users can request account and data deletion

  • ☐ Your data retention practices

  • ☐ Contact information for privacy inquiries

  • ☐ Policy is hosted on a live, publicly accessible URL

  • ☐ URL is entered in the Tapcart dashboard, App Store Connect, and Google Play Console

More Questions

Have more questions on creating your privacy policy? We're happy to help! Please reach out to us through LiveChat on your Tapcart dashboard or email us at [email protected].

Related Articles
Generating a Privacy Policy
AppsFlyer + Tapcart: Create Your App
Migrating Your Existing App to Tapcart
App Launch Overview
Account Deletion Compliance for App Store Approval
Did this answer your question?