Mobile App Privacy Policy (Australia)
App: [App Name] Developer: [Developer Name] ([ABN/ACN]) Platform: [App Platform] Effective Date: [Effective Date]
This Privacy Policy explains how [Developer Name] (“we”, “us”, or “our”) collects, uses, discloses, stores, and protects personal information in connection with your use of the [App Name] mobile application (the “App”), in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). This Policy also addresses applicable requirements under the Apple App Store Review Guidelines and Google Play Developer Program Policies.
By downloading, installing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App. This Policy is available at [Website URL].
1. ABOUT THIS POLICY (APP 1)
1.1 We are committed to managing personal information in an open and transparent manner, in accordance with Australian Privacy Principle 1 (APP 1). This Privacy Policy sets out our practices and is available on our website at [Website URL] and through the App’s listing in the [App Platform].
1.2 For any questions or concerns about how we handle your personal information, or to make a privacy complaint, please contact us using the details in clause 13 of this Policy.
2. PERSONAL INFORMATION WE COLLECT (APP 3)
2.1 We collect only such personal information as is reasonably necessary for the App’s functions and our activities, in accordance with APP 3. The types of personal information we collect through the App include: [Personal Information Types].
2.2 We collect personal information in the following ways: [Collection Methods].
2.3 You are not obliged to provide us with all personal information. However, if you choose not to provide certain information, some features of the App may not be available to you.
3. DEVICE PERMISSIONS
3.1 The App requests the following device permissions to provide its functionality: [Device Permissions].
3.2 On iOS devices, you will be prompted to grant or deny each permission when first required by the App. On Android devices, permissions are requested at install time or at runtime, depending on your device’s Android version. You can manage or revoke permissions at any time through your device settings. Revoking certain permissions may limit App functionality.
3.3 We access device capabilities only to the extent necessary to provide the specific features for which each permission is used. We do not access device capabilities in the background unless this is clearly disclosed in the App’s listing and is necessary for a stated feature (e.g. background location for navigation apps).
4. HOW WE USE YOUR PERSONAL INFORMATION (APP 5 & APP 6)
4.1 We use personal information collected through the App for the following primary purposes: [Collection Purpose].
4.2 We may also use your personal information for secondary purposes that are directly related to a primary purpose and which you would reasonably expect, or where we have obtained your consent.
4.3 We will not use or disclose your personal information for an unrelated secondary purpose without your consent, unless otherwise required or authorised by law.
5. ANALYTICS, TRACKING, AND THIRD-PARTY SDKs
5.1 The App integrates the following third-party SDKs and services which may collect personal information: [Analytics SDKs].
5.2 These third-party providers operate independently of us and are governed by their own privacy policies. We encourage you to review the privacy policies of each third-party provider whose SDK is integrated into the App.
5.3 On iOS, users may opt out of personalised advertising and limit tracking through the App Tracking Transparency (ATT) framework introduced in iOS 14.5 and later. The App will request your permission before accessing your device’s advertising identifier (IDFA) for tracking purposes.
5.4 On Android, users may opt out of personalised advertising through their Google account settings or by resetting their advertising identifier (Android Advertising ID / AAID) in device settings.
6. DISCLOSURE OF PERSONAL INFORMATION (APP 6)
6.1 We may disclose your personal information to third parties in the following circumstances:
- to our employees, contractors, and related bodies corporate who require access to perform our functions and activities;
- to third-party service providers who assist us in operating the App, including hosting providers, analytics providers, customer support tools, and payment processors, who are bound by confidentiality and data protection obligations;
- to government agencies, regulators, or law enforcement where required or authorised by law;
- in connection with a merger, acquisition, or sale of assets, where personal information may be transferred as part of the transaction; or
- with your consent.
6.2 We do not sell personal information to third parties for commercial purposes.
7. SECURITY OF PERSONAL INFORMATION (APP 11)
7.1 We take reasonable steps to protect personal information held through the App from misuse, interference, loss, and unauthorised access, modification, or disclosure, in accordance with APP 11. Our security measures include: [Security Measures].
7.2 We retain personal information only for as long as necessary for the purposes for which it was collected or as required by applicable law. Our data retention practices are: [Retention Period]. When personal information is no longer required, we will destroy or de-identify it.
7.3 In the event of a data breach that is likely to result in serious harm, we will comply with our notification obligations under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988 (Cth), including notifying affected individuals and the OAIC as required.
8. ACCESS, CORRECTION, AND COMPLAINTS
8.1 Access (APP 12). You have the right to access personal information we hold about you. To make an access request, please contact us using the details below. We will respond within 30 days. We may decline access in limited circumstances permitted by the Privacy Act 1988 (Cth), and will provide written reasons if access is refused.
8.2 Correction (APP 13). If you believe personal information we hold about you is inaccurate, out of date, incomplete, or misleading, please contact us to request a correction. We will consider your request and take reasonable steps to correct the information within 30 days.
8.3 Deletion. You may request the deletion of your account and associated personal information by contacting us or using the account deletion feature in the App settings (required for compliance with Apple App Store guidelines for apps that support account creation). We will action deletion requests as soon as reasonably practicable, subject to any legal obligation to retain certain records.
8.4 Complaints. If you have a complaint about how we handle your personal information, please contact our Privacy Officer in the first instance. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
8.5 Contact details:
[Developer Name] Postal address: [Contact Address] Email: [Privacy Email] Website: [Website URL]
8.6 If you are not satisfied with our response to your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): GPO Box 5218, Sydney NSW 2001 Phone: 1300 363 992 Website: www.oaic.gov.au
9. APP STORE AND GOOGLE PLAY COMPLIANCE
9.1 This Privacy Policy is designed to comply with the applicable requirements of the Apple App Store Review Guidelines (including Guideline 5.1 on Privacy) and the Google Play Developer Program Policies (including the User Data policy and Data Safety requirements).
9.2 In accordance with Apple’s App Privacy details requirements, the App’s App Store listing includes a Privacy Nutrition Label disclosing the categories of data collected and whether data is linked to your identity or used for tracking. In accordance with Google Play’s Data Safety section requirements, the App’s Play Store listing includes a completed Data Safety form disclosing data collection, sharing, and security practices.
9.3 App Tracking Transparency (iOS). For users on iOS 14.5 and later, the App will request your consent before accessing your device’s advertising identifier (IDFA) or engaging in cross-app tracking. If you decline, the App will not track your activity across other companies’ apps and websites for advertising purposes.
10. CHANGES TO THIS PRIVACY POLICY
10.1 We may update this Privacy Policy from time to time to reflect changes in the App, our practices, applicable law, or app store requirements. When we make material changes, we will notify you by posting the updated Policy at [Website URL], updating the Effective Date, and (where required) notifying you within the App.
10.2 We encourage you to review this Privacy Policy periodically. Your continued use of the App after the publication of any updated Privacy Policy constitutes your acceptance of the updated terms.
What Is a Mobile App Privacy Policy (Australia)?
A Mobile App Privacy Policy in Australia sets the organisation's rules and expectations on mobile app privacy and the responsibilities of staff and users, supporting compliance with the Corporations Act 2001 (Cth).
The Privacy Act 1988 (Cth) — administered by the Office of the Australian Information Commissioner (OAIC) — imposes legally binding obligations on APP entities through the 13 Australian Privacy Principles. APP 1 requires every APP entity to have a clearly expressed and up-to-date Privacy Policy that is freely available to the public. For mobile apps, this means the Privacy Policy must be accessible within the app and through the app’s listing page in the App Store and Google Play.
Australia’s privacy law is technology-neutral: the same obligations that apply to personal information collected through a website apply equally to personal information collected through a mobile app. However, mobile apps typically collect a broader range of personal information than websites — including precise GPS location, biometric data (face ID, fingerprints), device health data, and behavioural data — and therefore require more detailed privacy disclosures.
The global regulatory environment is also relevant. If your app is distributed in the European Union, you must also comply with the General Data Protection Regulation (GDPR). If your app is distributed in California, the California Consumer Privacy Act (CCPA) may apply. This Australian Mobile App Privacy Policy template is specifically tailored for compliance with Australian law and app store requirements.
The legal framework governing the Mobile App Privacy Policy (Australia) in Australia draws on several key statutes and regulatory bodies. Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Parties executing a Mobile App Privacy Policy (Australia) in Australia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Corporations Act 2001 (Cth) sets the foundational requirements.
When Do You Need a Mobile App Privacy Policy (Australia)?
A Mobile App Privacy Policy is required whenever you publish a mobile application on the Apple App Store or Google Play that collects any personal information from users — regardless of your company's size, location, or annual turnover. Both Apple and Google enforce this requirement at the point of app review, meaning apps submitted without a Privacy Policy (or with a Privacy Policy that does not match the app's actual data practices) will be rejected.
You need an Australian Mobile App Privacy Policy if: you are an Australian developer publishing an app on the Apple App Store or Google Play, regardless of whether your target audience is Australian or global; your app is published outside Australia but available to Australian users and collects their personal information; your app integrates any third-party SDK that collects user data, including analytics tools (Firebase, Mixpanel, Amplitude), advertising networks (Meta Audience Network, AdMob), crash reporting tools (Crashlytics), or social login providers (Sign in with Apple, Google Sign-In).
The scope of what triggers the need for a privacy policy is broad. Essentially, any app feature that involves: creating a user account or profile; collecting contact details (name, email, phone); requesting device permissions (location, camera, microphone, contacts, health data); sending push notifications; displaying personalised advertisements; processing in-app purchases; or using analytics to track user behaviour within the app — will trigger the need for a thorough Mobile App Privacy Policy.
Apps in the Kids Category on the Apple App Store and apps participating in Google Play’s Families Program have additional and more stringent privacy requirements, including restrictions on data collection, advertising, and analytics SDKs. Apps targeting children require enhanced privacy policies that specifically address parental consent and children’s data protections.
Parties in Australia should prepare a Mobile App Privacy Policy (Australia) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Mobile App Privacy Policy (Australia)
A compliant Australian Mobile App Privacy Policy must address several key elements that go beyond a standard website privacy policy.
Device permissions disclosure is a fundamental requirement. For every device capability your app requests access to — including location (precise and approximate), camera, microphone, contacts, calendar, photo library, health data, Bluetooth, and face ID — the Privacy Policy must explain what data is accessed, how it is used, and with whom it may be shared. Apple requires a usage description string for each permission in the app’s Info.plist file, which appears in the system permission prompt shown to users. Google Play requires disclosure of all permissions in the app’s Data Safety form.
Third-party SDK disclosure is increasingly scrutinised by both Apple and Google and by regulators including the OAIC. Every analytics, advertising, crash reporting, social login, or attribution SDK integrated into the app may independently collect personal information from users. Your Privacy Policy must disclose all such SDKs, identify the third-party provider, and explain what data each SDK collects and for what purpose. Each SDK provider’s own privacy policy should be referenced.
App Tracking Transparency (ATT) compliance on iOS requires apps that track users across other apps and websites to disclose this practice and obtain explicit user consent through Apple’s standardised permission prompt before accessing the IDFA. Your Privacy Policy must explain what tracking means in the context of your app and how users can opt out.
Google Play Data Safety compliance requires an accurate and complete Data Safety form in the Play Store listing, which must be consistent with your Privacy Policy. The Data Safety section covers data collection, data sharing, security practices, and compliance with the Families Policy for children’s apps.
Account deletion functionality is now required by the Apple App Store for all apps that support account creation. Your Privacy Policy should explain how users can request deletion of their account and associated personal data, and the timeframe within which deletion requests will be actioned.
The APP 8 cross-border disclosure requirements are particularly relevant for mobile apps, which typically use overseas cloud infrastructure (AWS, Google Cloud, Azure), analytics platforms hosted in the United States or Europe, and global payment processors. Your Privacy Policy must disclose the countries where personal information may be sent and the steps taken to confirm overseas recipients comply with the APPs.
Additional compliance elements for a Mobile App Privacy Policy (Australia) used in Australia include: Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Forms-legal.com provides this template as a starting point for Australia-compliant documentation.
Sources & Citations
Statutory citations link to official government sources.
- California Consumer Privacy ActCA (US) official
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Mobile App Privacy Policy (Australia) (Australia) [Legal document template]. Forms Legal. https://forms-legal.com/australia/business/policies/mobile-app-privacy-policy-australia
"Mobile App Privacy Policy (Australia) (Australia)." Forms Legal, 2026, https://forms-legal.com/australia/business/policies/mobile-app-privacy-policy-australia.
@misc{formslegal-mobile-app-privacy-policy-australia,
author = {{Forms Legal}},
title = {Mobile App Privacy Policy (Australia) (Australia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/australia/business/policies/mobile-app-privacy-policy-australia}},
note = {Free legal document template. Based on Corporations Act 2001 (Cth)}
}Frequently Asked Questions
Yes, for several overlapping reasons. First, both the Apple App Store and Google Play require all apps that collect personal information to have a Privacy Policy — this is a mandatory requirement for app listing and approval regardless of your app's country of origin. Apple's App Store Review Guideline 5.1 requires apps that collect personal data to have a Privacy Policy accessible within the app and in the App Store listing. Google's Play Developer Program Policies similarly require apps that collect or transmit personal or sensitive user data to have a Privacy Policy. Second, if your app collects personal information from Australian users and your organisation has an annual turnover exceeding AUD $3 million (or meets other threshold criteria under the Privacy Act 1988 (Cth)), you are legally required to have a Privacy Policy under Australian Privacy Principle 1. Third, even if your organisation is below the turnover threshold, you may still have contractual obligations under Apple and Google's developer agreements that require a Privacy Policy.
App Tracking Transparency (ATT) is a privacy framework introduced by Apple in iOS 14.5 that requires apps to request explicit user permission before tracking users across other companies' apps and websites for advertising purposes. 'Tracking' under ATT means linking a user's data collected from your app with data from third parties (such as advertising networks or data brokers) for targeted advertising or sharing with a data broker. Under ATT, if your app engages in tracking, you must display Apple's standardised permission prompt before accessing the device's Advertising Identifier (IDFA). Users who decline cannot have their IDFA accessed for tracking purposes. Failure to implement ATT correctly can result in app rejection or removal from the App Store. For Australian apps, ATT requirements operate alongside the Privacy Act 1988 (Cth) and APP 7 (direct marketing) obligations — both Apple's framework and Australian law require transparency about data collection for advertising purposes.
Google Play's Data Safety section requires all developers — including Australian developers — to declare how their app collects, shares, and protects user data. For each app in the Google Play Store, developers must complete a Data Safety form that discloses: what data types the app collects (e.g. location, financial data, health data, device identifiers); whether data is shared with third parties and for what purpose; whether data collection is optional or required for app functionality; what security practices are in place (e.g. data encrypted in transit, data encrypted at rest, users can request data deletion); and whether the app follows Google Play's Families Policy for children's content. The Data Safety information must be accurate and consistent with the app's actual privacy practices and Privacy Policy. Providing inaccurate Data Safety information can result in app suspension. The Data Safety section was introduced in 2022 and is separate from, but consistent with, the requirements of the Privacy Act 1988 (Cth).
Australian mobile apps directed at children face privacy obligations under three overlapping frameworks. The Privacy Act 1988 (Cth) and the Australian Privacy Principles apply to the personal information of all individuals, including children. Australian courts and the OAIC expect a higher standard of care when children's personal information is involved. The Apple App Store's Kids Category has strict requirements: apps must not include third-party analytics or advertising (with limited exceptions); must not transmit personal information about children to third parties without parental consent; and must comply with Apple's specific data handling requirements for children's apps. Google Play's Families Policy applies to apps designed for children and families: apps must not use persistent device identifiers (such as Android advertising ID) for advertising purposes; must not collect sensitive user data from children; and must clearly disclose any advertising in the app. There is currently no dedicated Australian children's online privacy statute equivalent to the US COPPA, but the Australian Government has signalled its intention to strengthen children's online privacy protections.
Account and data deletion is increasingly required under app store policies, even though Australia does not yet have an explicit statutory right to erasure equivalent to the EU GDPR's 'right to be forgotten'. Since January 2023, the Apple App Store requires all apps that support account creation to also provide an in-app mechanism to allow users to request deletion of their account and associated personal data. Apps that do not comply with this requirement can be rejected during app review. Google Play similarly encourages apps to provide users with mechanisms to request deletion of their data, particularly following Google's 2023 updates to its User Data policy. From a established standards and trust perspective, providing account and data deletion functionality is recommended for all Australian mobile apps, even where it is not strictly required by Australian law. Deletion requests should be actioned promptly, subject to any applicable legal data retention obligations (e.g. financial records under the Corporations Act 2001 (Cth) must be retained for at least 7 years).
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Privacy Policy (Australia)
Create a compliant Australian Privacy Policy for your business or website. Our template is drafted in accordance with the Privacy Act 1988 (Cth) and covers all 13 Australian Privacy Principles (APPs), including APP 1 (open management), APP 5 (notification), APP 6 (use and disclosure), APP 7 (direct marketing), APP 8 (cross-border disclosure), APP 11 (security), APP 12 (access), and APP 13 (correction). Includes the Notifiable Data Breaches scheme, OAIC complaint process, and the $3 million turnover threshold explanation.
Non-Disclosure Agreement (NDA) (Australia)
Protect your confidential business information under Australian common law with a legally sound Non-Disclosure Agreement (NDA). Whether you are sharing trade secrets with a prospective partner, disclosing proprietary technology to a developer, or presenting financial projections to a potential investor, a properly drafted Australian NDA keeps your sensitive information under strict legal protection. Our template complies with Australian contract law principles and includes provisions addressing the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Mutual Non-Disclosure Agreement (Australia)
Protect your confidential business information on a bilateral basis with an Australian Mutual Non-Disclosure Agreement. When both parties are sharing sensitive information with each other — as commonly occurs in joint venture negotiations, merger discussions, or technology partnerships — a mutual NDA provides equal protection for both sides. Our template complies with Australian common law and addresses the Privacy Act 1988 (Cth), ensuring enforceable bilateral confidentiality obligations across all Australian states and territories.