0

I'm writing a personal financial app on iOS. It doesn't ask for any permission except Face ID usage (it uses Face/Touch ID to authenticate user). The financial data user input in the app never leaves user's device (the current version of the app doesn't access network). I know that Apple requires all apps should provide privacy policy, but I wonder what I should tell user. Should I tell user that my app collects user biometric identification and his/her financial data? That sounds too scaring. I have searched about this and read quite a few apps' privay policy but I don't see they mention that. So, is it OK for me to say in the privacy policy that the app doesn't collect any data from user?

One of the examples I found on the net is Ecquire. They claimed they didn't store user data. While I see their point, that seems an incomplete statement in a document like privacy policy because they did collect user data (otherwise how they get user's input?). Am I right? I'm really confused on these things. Thanks for any help.

rayx
  • 1,329
  • 10
  • 23
  • It doesn't collect any biometric data since the local authentication framework just tells you whether the authentication passed or failed. You don't get access to any actual biometric data. You are clearly collecting data since the user enters it. You can state that the data is held only on the device. Unfortunately this question is off topic because you really need legal advice ā€“ Paulw11 May 25 '20 at 13:16
  • Iā€™m voting to close this question because it is asking for a legal opinion ā€“ Paulw11 May 25 '20 at 13:16
  • @paulw11 I had the same thought as you before. But I changed my mind after I read that using in-app purchase is considered collecting user payment data and need to be mentioned in privacy policy. Note that in-app purchase is implemented in iOS by using StoreKit and the app has no access to user account at all. ā€“ rayx May 25 '20 at 13:20

0 Answers0