Generate policy


AppPrivacy provides you with a FREE mobile privacy policy generator along with up to date resources and information on everything you need to know about privacy when collecting data in your mobile apps.

Click the link to the left and complete an online questionnaire about how your app uses data. AppPrivacy will generate a string of HTML code that you can customise and embed within your app. Consumers will then be able to access a short form privacy policy that gives them peace of mind when using your app.

AppPrivacy is from MEF, the global community for mobile content & commerce. The tool has been developed in association with a cross-industry working group and draws on expertise and best practice on privacy which is a business critical issue for any app developer.

Privacy matters.

Learn more

A short guide to privacy

...a consumer’s identity, contact information, age, location and gender. The apps they use, the websites they visit and how often. It is a list of friends and the content they share with each other. The goods and services they’ve bought, from whom, when and for how much.
Billing information such as credit card or bank account details. The contact they’ve had with health practices, the taxman and other state institutions. Biometric identifiers such as fingerprint and retinal id. This information should be collected and shared only with the express consent of the user, and only if it helps the app perform the function expected of it.
It is the reason why so many apps are offered for free or next to nothing. Much of the time it is used in a helpful, mutually-beneficial way that consumers won’t mind. Advertisers can promote products in a more targeted way, sending ads for products they know the consumer will like or offering vouchers and special offers they are likely to use. It can be studied to improve products, services and devices, or monitored to send reminders about important events.
It can be sold on to businesses the customer has never heard of so they can send their own promotions and adverts. Worse, these companies can reach out to the user’s friends, promoting products in the user’s own name.
Consumers around the world demand transparency when it comes to the use of their personal information. Almost half said it was extremely important to know when the app is collecting and sharing their data. If you don’t tell them what you’re doing, they’re going to assume you’ve got something to hide. They may lump you in with other app providers they’ve read about in the news which have got themselves a reputation for ripping off consumers.

If consumers don’t trust you they won’t spend money with you. 35% of consumers around the world cite a lack of trust as the main reason why they don’t spend more money via mobile – by far and away the biggest obstacle. In order to build sustainable businesses, companies need to build trust with their customers. Privacy is right at the heart of it, and consumers tend to trust companies that are open and honest with them.

MEF believes there are certain unassailable truths relating to privacy in mobile apps. First, no information should ever be taken or used without the owner’s permission. Second, the manner in which it is to be used should be clearly laid out. Finally, the consumer must always have a way to opt-out of the deal and ensure that their data is no longer used.

Best practice privacy

Be open and honest about data collection and use.

Provide users with relevant information so they can make informed decisions about whether to use a mobile application or service. Explain:
• who is collecting personal information;
• why they need the data;
• how it will be collected, used and shared;
• with whom it will be shared.

Privacy notices should be clear, simple to understand and as brief as possible. Information should be presented in a straightforward manner that sets out the scale, scope, and sensitivity of the use of personal information.
In situations where users might not expect certain data to be collected, companies must give particular notice and be confident that the consumer understands and accepts it.
Companies should offer consumers clear and simple choices, presented at times and in ways that enable consumers to make meaningful decisions about whether to use the app.
Notify the user before collecting new types of information, or before using existing data in a way that is materially different to what was explained to the user previously.

Information collected should be limited in scope and retained no longer than is necessary.

Unless required by law to do otherwise, the data collected and used should be:

  • essential to the provision of the app in question;
  • consistent with the relationship the company has with the consumer; and
  • relevant to the context in which the consumers originally disclosed the data

Personal information must not be kept for any longer than is necessary. For example, should the consumer end their relationship with the company, or the company goes out of business, that consumer’s personal information should be deleted. It should not be sold on or traded with third parties.

Personal information must be gathered, stored and accessed securely.

Personal information must be protected, using a variety of safeguards appropriate to the sensitivity of the information.
Risks that should be mitigated include loss; unauthorised access, destruction or modification; and improper disclosure.
Companies should have a strategy around encryption; de-identification and user authentication.
Employees who do not need to access the information as part of their job should be prevented from doing so.

Personal information must be accurate.

Consumers should be able to access their information. Where it is incorrect, especially where there is a clear risk of adverse consequences to consumers if the data is inaccurate, they should be able to correct it easily.

Children and Adolescents should be subject to additional privacy measures.

An app that is directed at young people should ensure that the collection, access and use of personal information is appropriate and compatible with law.
Information that helps consumers make decisions about privacy should be adjusted to take into account their age and likely level of sophistication. It might therefore need to be adjusted or presented differently to make decision-making easier for young people.

Rules must be enforceable, and relevant people responsible.

All parties involved in the collection, use and sharing of information should be held accountable. This includes:

  • Companies responsible for the collection and use of data: accountable to enforcement authorities and consumers;
  • Employees: should be offered appropriate training in the handling of personal information, and their performance assessed against these principles;
  • Third parties receiving personal information: should be bound by contract to adhere to the principles, unless they are required by law to do otherwise.

 This accountability should be enforced by the appropriate party (via regulation, legislation or contract). Where necessary and appropriate, the consumer should receive redress in the event of wrongdoing.

Consumers should be in control of their information.

Users must consent to the collection and use of sensitive information (e.g. billing, healthcare data), and this consent must be demonstrable at a later date.
Companies should offer consumers means to withdraw or limit consent that are as accessible and easy to use as the methods for granting consent in the first place.

Privacy Stats

Sources: MEF, TRUSTe, Pew Internet, Wall Street Journal


Businesses realised a long time ago that the information they collected from people visiting websites was valuable to advertisers. Few, though, made it clear that this information was being bought and sold. This led to a public outcry which resulted in ‘Do not Track’ legislation in the United States and the ‘Cookies’ Directive in Europe.

Legislators are now turning their attention to the mobile app market. If the app community doesn’t protect users’ privacy then governments will. This will lead to strident new rules that may or may not have the desired effect and will impose an extra layer of red tape on developers.
More importantly, a thoughtful and grown-up approach to privacy builds the market. MEF’s Global Consumer Survey 2012 found that the number one reason people didn’t spend more on mobile services was a lack of trust. The more we demonstrate we have nothing to hide, the more consumers will spend. It’s as simple as that.

MEF’s Global Privacy Report 2013 showed that only a third of consumers are comfortable sharing personal data with an app. The majority of consumers consider it important to know when an app is gathering (70%) and sharing (71%) their personal information. This demonstrates that consumers demand transparency when apps are sharing their data, and that the app community needs to do a better job of explaining to consumers why it’s in their interests to do so.

In short – nothing! Commerce has always been about a mutually beneficial exchange; providing products & services in return for cash or an equivalent value exchange. New business models such as free-2-play or ad-funded have accelerated the growth of the app economy. There is nothing wrong with offering an app in return for the user’s information and usage habits. The challenge is to make sure that the exchange, like any other commercial activity, is above board: transparent, fair to both parties and importantly, based on informed consent.

Personal information isn’t like oil, gas or any other natural resource sitting there waiting to be exploited. It’s an individual’s identity; a record of health or aptitude; a list of our friends; our habits; where and how we live our lives.

Too often, consumers are left in the dark about the way companies are making use of their data. They probably wouldn’t mind if it was explained to them –they’re receiving an app for free or at a reduced rate in return for limited access to information on how they live their lives. The problem is this is often not made clear. When they find out, consumers consequently feel cheated and perhaps delete the application. This has a direct impact on the developer’s monetization and broader implications for the sustainability of freemium business models.

We know most developers don’t want to exploit or upset consumers – why would you? – but sometimes it’s hard to keep up with every aspect of app design. We know you don’t have time to become an expert on privacy - you’d rather spend time improving your app or developing new ones.
This tool has been specifically designed to make it easy to incorporate best practice privacy right into the heart of your day-to-day design workflow. Our experts know privacy inside out and have built a tool that generates a privacy policy that actually makes sense to your users.
They’ll thank you for giving them the information they need to use your app with peace of mind. They will trust you more for it. And the more they trust you, the more likely they will be to use this and other apps that you develop for them.

MEF is the global trade association for companies wishing to monetize their products & services via mobile.

Headquartered in London with operational chapters and offices in Asia, EMEA, Latin America, Middle East, Africa and North America, MEF is a member network with international reach and strong local representation; ideally placed to drive market growth.

Established in 2000, MEF represents the total mobile ecosystem providing an impartial and powerful voice for pioneering companies from across the mobile content and commerce value chain.

It’s simple. Click on ‘Get Started’ and answer a few brief questions on how your app uses data. It shouldn’t take more than ten minutes or so. Once you’ve finished the survey, you’ll receive two things.

First, a string of HTML code that you can customise with your branding, look and feel then embed directly into your app. The next time your customers update the app they’ll have access to a clear, easy-to-understand privacy policy that will explain everything they need to know about your app and how it uses their personal information.

Second, we’ll provide you with some plain-English guidance on privacy issues and how they relate to your app. Easy!

AppPrivacy is based on industry best practice. However, you should always get legal advice if you’re unsure about whether your app complies with local and international law. Using AppPrivacy demonstrates your commitment to protecting your customers’ privacy. It will provide them with clear and concise information on how the app is using their data so they can make an informed decision to continue using it. Consumers demand transparency in mobile apps, and you’ll be providing it to them if you use the AppPrivacy tool.

A lot of privacy policies are generic, designed to tick a box of having one rather than actually help consumers understand what is going on in the app.

Here’s a quick checklist to help you find out whether you need a new policy.

  • Is it available pre-download (e.g. via the app store)?
  • Can you access it from within the app (or do you have to open a browser)?
  • Is the policy unique to that one app?
  • Is the policy mobile-friendly (or a direct port of the desktop version)?
  • Is it written in plain English (or ‘lawyer-speak’)?
  • Does the policy have fewer than 250 words?
  • When was the app drafted or last updated?

If the answer to any questions are ‘no’, or if the answer to the final question is ‘more than a year ago’, then your existing policy is not doing the job expected of it and you would definitely benefit from using AppPrivacy.

It’s true there are other companies that offer policy generators. We are different in two important ways, however. Number one, we represent a cross-section of the mobile industry which has come together to determine the best approach to privacy in mobile apps. We’re not a single company trying to use a free product for marketing purposes.
Number two, the people behind this tool include some of the biggest names in the business: Mozilla, EA, Vodafone, Red Bull Media House alongside legal and security experts like Dentons and AVG. The group also includes business development execs, so you know we looked to find the right balance between protecting consumer rights on the one hand and revenue opportunities on the other.

Latest news

RSS Error: WP HTTP Error: SSL peer certificate or SSH remote key was not OK


About MEF


MEF is the global trade association for companies wishing to monetize their products & services via mobile.

Headquartered in London with operational chapters and offices in Asia, EMEA, Latin America, Middle East, Africa and North America, MEF is a member network with international reach and strong local representation; ideally placed to drive market growth.

Established in 2000, MEF represents the total mobile ecosystem providing an impartial and powerful voice for pioneering companies from across the mobile content and commerce value chain.


Working group

Whatever you are or want to be, be secure knowing your mobiles, tablets and desktops are taken care of. We make your digital world easier to secure, simpler to navigate, and more enjoyable to experience – helping you to get on with what makes you - You.
Electronic Arts Inc. is a leading global interactive entertainment software company. EA delivers games, content and online services for Internet-connected consoles, personal computers, mobile phones and tablets.
Dentons is a global firm driven to provide a competitive edge in an increasingly complex and interconnected marketplace. We were formed by the March 2013 combination of international law firm Salans LLP, Canadian law firm Fraser Milner Casgrain LLP (FMC) and international law firm SNR Denton.
Our technology gives brands, publishers, networks and other businesses around the world unique insight into the digital ecosystem—including unparalleled intelligence on the marketing technologies that underpin the commercial web —and the power to control their impact on business.
InMobi is a performance based mobile ad network backed by Soft Bank and Kleiner Perkins Caufield & Byers. The company was founded in 2007 in India with offices in several countries.
mBlox provides SMS and push messaging APIs as well as mobile marketing solutions. Brands use us to drive revenue, loyalty and engagement.
Mozilla is a proudly non-profit organization dedicated to keeping the power of the Web in people’s hands. We’re a global community of users, contributors and developers working to innovate on your behalf. When you use Firefox, or any Mozilla product, you become a part of that community, helping us build a brighter future for the Web.
MT2 - Mobile Technology Tomorrow, is a leader in premium mobile content providing high quality, licensed & in-house production content with flexibility in supply
OpenMarket provides mobile payment platform capabilities, mobile messaging and operator connectivity that today's mobile business relies on.
Preiskel & Co
Preiskel & Co is a boutique law firm based in the City of London that specialises in UK and international corporate, commercial and regulatory matters.
Red Bull Media House
Red Bull Media House is a multi-platform media company with a focus on sports, culture, and lifestyle. As an umbrella brand, we offer a wide range of premium media products and compelling content across media channels as diverse as TV, mobile, digital, audio, and print, with core media offerings that appeal to a global audience.
Turner Broadcasting creates and programs branded news; entertainment; animation and young adult; and sports media environments on television and other platforms for consumers around the world. Headquartered in Atlanta, Georgia, Turner is a Time Warner Company.
TRUSTe is the leading global Data Privacy Management (DPM) company and powers trust in the data economy by enabling businesses to safely collect and use customer data across web, mobile, cloud and advertising channels.
Vodafone enables customers in more than 60 countries around the world to get the most out of life's opportunities.
Kaspersky Labs
Kaspersky Lab is one of the fastest growing IT security vendors worldwide. Today it is firmly positioned as one of the world’s top four leading antivirus vendors. Kaspersky Lab continues to further improve its market position, demonstrating higher growth rates than the market in general. According to the company’s 2011 unaudited financial results, Kaspersky Lab’s global revenue grew by 14% compared to the previous year and reached $612 million. Today it’s the world’s largest privately held vendor of endpoint protection solutions.
agencymobile is London's most respected mobile innovation company specialising in delivering industry leading work since 2006 for some of the world's biggest companies including BBC Worldwide, Perform Group and Deutsche Bank.

About the Working Group

AppPrivacy has been developed as part of MEF’s Privacy in Mobile Apps Initiative in association with a member-led Working Group that make up a cross-section of the mobile industry. Established in early 2012 following the rapid proliferation of business models such as freemium or ad-funded, the Working Group’s goal is to raise awareness of the issues around Consumer Trust in mobile content & commerce and establish best practices and provide practical tools across the mobile value chain built on the consumer’s informed consent.

The Working Group includes privacy experts, app developers and legal counsel along with technical and senior business development executives.

Click on the logos to find out more...



Your message has been sent