Appstore Connect Data Collection - Longer than Necessary

Question

Created 2d

Replies 1

Boosts 0

Participants 2

Hello, in Appstore Connect, it is expected to declare the collected data types. However, there is something that is pretty confusing, namely the definition of "Data Collection".

According to the form: Data Collection Thanks for helping users understand your app's privacy practices. Remember that you're responsible for any third-party code that is added to your app, so if your third-party partners collect data from your app, you must represent that in your responses.

“Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time. .....

What does the point "longer than necessary" refer to? Obviously, my app is storing data of user to "function". My understanding is, storing data for functionality doesn't mean collecting data. Is this correct? Thank you.

Boost

Answer 1

endecotp OP

2d

What does the point "longer than necessary" refer to?

"Collection" requires two things:

You need to transmit the data off the device, i.e. to your server.
Your server needs to store the data for "longer than necessary to service the request".

So if your server communication is a simple request/response system with no persistent state on the server side, then the server must not remember the content of the request after the response has been sent. For example, you're not allowed to log the requests (unless suitably anonymised).

If you do require persistent state on the server side then you need to take care to not store more information than is actually necessary to deliver the functionality, and you must delete it once it is no longer needed. This could get complicated.

Tell us more about your app's architecture?

0