Does Apple's iOS require a Privacy Policy for using Unity Analytics?

Unity Services
1

We’re porting our android application ProD&D to iOS.

As we were reading the guidelines we came across the following part in the iOS App Review Guidelines.

17. Privacy
17.1
Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used

17.2
Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected

17.3
Apps may ask for date of birth (or use other age-gating mechanisms) only for the purpose of complying with applicable children’s privacy statutes, but must include some useful functionality or entertainment value regardless of the user’s age

17.4
Apps that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must comply with applicable children’s privacy statutes, and must include a privacy policy

17.5
Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected

We’ve integrated Unity Analytics to our application and we were wondering if we need to upload a Privacy Policy and/or ask our users whether they opt-in for the Unity Analytics to collect data.

Did anyone do this already? If so can you share your knowledge on this issue with us.

Tunc

Edit: Also from what we gather. Unity’s Analytics tools are collecting location data and here’s a segment from the iOS App Review Guidelines again. Does this mean that we need to ask the users at the start of the app whether they agree with us using Unity Analytics to collect data?

Location
4.1
Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected

4.2
Apps that use location-based APIs for automatic or autonomous control of vehicles, aircraft, or other devices will be rejected

4.3
Apps that use location-based APIs for emergency services will be rejected

4.4
Location data can only be used when directly relevant to the features and services provided by the App to the user or to support approved advertising uses

So we’re guessing this also require a Privacy Policy.

2

Hi @tuncOfGrayLake

Thanks for the questions regarding Apple’s guidelines! My first recommendation would be to check out out Terms of Service (Unity Cloud), which does provide some relevant information regarding your obligations as an app developer and the terms of which you can use our Unity Analytics service within your game.

Specifically, you do have a few responsibilites that you’ll have to adhere to if you decide to use our service. Here is the excerpt regarding your obligations around privacy policies:

3.5 You will maintain and post a privacy policy that will be posted on your web site and/or in the Content or App that you develop using the Unity Software and be consistent with industry standards and comply with all applicable laws. You will make your privacy policy reasonably accessible to all current and potential End Users. Your privacy policy will describe (a) your collection, use (including sharing), and protection of End User Data; (b) your use of a service provider for the purpose of analyzing Data collected within your App; and (c) your and your service providers right and ability to target and deliver advertisements to End Users based on device identifiers and other End User Data. You agree that your data collection and use, including sharing of personal information, resulting from use of the Services will always comply with your privacy policy.

In general, due to legal limitations, Unity is unable to provide specific legal advice or guidance to each individual app developer. You are responsible for procuring your own legal counsel and ensuring your compliance with all laws, rules and regulations applicable to you and your game. To the extent that is practically and legally feasible, we can answer directed questions regarding our terms that are sent to us using the Support form (Unity Cloud).

Hope that helps!

3

THE CONTENT IN THIS POST IS NOT LEGAL ADVICE!

Hi @markychoi ,

Here’s a friendlier version of what I gathered from reading the ToS, EULA and the clause you posted:

  • You have to write a privacy policy and make it consistent with the industry standards.

  • Tell in your privacy policy that you’re using Unity’s Analytics Services and Unity Software.

  • To be safe give links to Unity Analytics Terms of Service and other ToS or EULA that’s relevant.

  • Post this privacy policy on your website, in your app, on your app description page and/or some other reachable location.

  • Make the privacy policy accessible to everyone!

  • In your privacy policy describe the following in detail:

  • What data are you collecting and why?

  • How are you using/benefiting from this data?

  • Who are you sharing this data with if anyone? (You’re already sharing the data with Unity and they’re keeping it anonymous unless you state otherwise. You can’t obtain data without your users’ consent and you definitely can’t share it without their consent!)

  • How are you protecting the data you collected?

  • Finally, in your privacy policy, tell your users that all data collected and shared abides by the privacy policy they are reading and accepting. Sort of like promising you won’t do anything that your privacy policy doesn’t tell them.

Can you clarify the following? Who is the service provider in this case?
“…(b) your use of a service provider for the purpose of analyzing Data collected within your App; and (c) your and your service providers rightand ability to target and deliver advertisements to End Users based on device identifiers and other End User Data…”

4

I would like Unity to clarify the the practical ramifications of this excerpt from their Analytics TOS:

“3.6 You will secure End Users’ consent to your privacy policy before collecting or using their Data in connection with their use of your App(s).”

What does the bold portion mean? I would like an example of “using data in connection with a user’s use of an app.” I’m trying to figure out if you need an explicit opt-in inside your app in all cases, or just in cases where you intend to use data in a specific way.

5

One example of “using data in connection with a user’s use of an app” can include building funnels to track user behavior or building custom segments using custom events generated by your users.