Mobile App Privacy Policy (Australia)

A Mobile App Privacy Policy in Australia is a legally binding written instrument.

The Privacy Act 1988 (Cth) — administered by the Office of the Australian Information Commissioner (OAIC) — imposes legally binding obligations on APP entities through the 13 Australian Privacy Principles. APP 1 requires every APP entity to have a clearly expressed and up-to-date Privacy Policy that is freely available to the public. For mobile apps, this means the Privacy Policy must be accessible within the app and through the app’s listing page in the App Store and Google Play.

Australia’s privacy law is technology-neutral: the same obligations that apply to personal information collected through a website apply equally to personal information collected through a mobile app. However, mobile apps typically collect a broader range of personal information than websites — including precise GPS location, biometric data (face ID, fingerprints), device health data, and behavioural data — and therefore require more detailed privacy disclosures.

The global regulatory environment is also relevant. If your app is distributed in the European Union, you must also comply with the General Data Protection Regulation (GDPR). If your app is distributed in California, the California Consumer Privacy Act (CCPA) may apply. This Australian Mobile App Privacy Policy template is specifically tailored for compliance with Australian law and app store requirements.

The legal framework governing the Mobile App Privacy Policy (Australia) in Australia draws on several key statutes and regulatory bodies. Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Parties executing a Mobile App Privacy Policy (Australia) in Australia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Corporations Act 2001 (Cth) sets the foundational requirements.

A Mobile App Privacy Policy is required whenever you publish a mobile application on the Apple App Store or Google Play that collects any personal information from users — regardless of your company's size, location, or annual turnover. Both Apple and Google enforce this requirement at the point of app review, meaning apps submitted without a Privacy Policy (or with a Privacy Policy that does not match the app's actual data practices) will be rejected.

You need an Australian Mobile App Privacy Policy if: you are an Australian developer publishing an app on the Apple App Store or Google Play, regardless of whether your target audience is Australian or global; your app is published outside Australia but available to Australian users and collects their personal information; your app integrates any third-party SDK that collects user data, including analytics tools (Firebase, Mixpanel, Amplitude), advertising networks (Meta Audience Network, AdMob), crash reporting tools (Crashlytics), or social login providers (Sign in with Apple, Google Sign-In).

The scope of what triggers the need for a privacy policy is broad. Essentially, any app feature that involves: creating a user account or profile; collecting contact details (name, email, phone); requesting device permissions (location, camera, microphone, contacts, health data); sending push notifications; displaying personalised advertisements; processing in-app purchases; or using analytics to track user behaviour within the app — will trigger the need for a thorough Mobile App Privacy Policy.

Apps in the Kids Category on the Apple App Store and apps participating in Google Play’s Families Program have additional and more stringent privacy requirements, including restrictions on data collection, advertising, and analytics SDKs. Apps targeting children require enhanced privacy policies that specifically address parental consent and children’s data protections.

Parties in Australia should prepare a Mobile App Privacy Policy (Australia) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.

A compliant Australian Mobile App Privacy Policy must address several key elements that go beyond a standard website privacy policy.

Device permissions disclosure is a fundamental requirement. For every device capability your app requests access to — including location (precise and approximate), camera, microphone, contacts, calendar, photo library, health data, Bluetooth, and face ID — the Privacy Policy must explain what data is accessed, how it is used, and with whom it may be shared. Apple requires a usage description string for each permission in the app’s Info.plist file, which appears in the system permission prompt shown to users. Google Play requires disclosure of all permissions in the app’s Data Safety form.

Third-party SDK disclosure is increasingly scrutinised by both Apple and Google and by regulators including the OAIC. Every analytics, advertising, crash reporting, social login, or attribution SDK integrated into the app may independently collect personal information from users. Your Privacy Policy must disclose all such SDKs, identify the third-party provider, and explain what data each SDK collects and for what purpose. Each SDK provider’s own privacy policy should be referenced.

App Tracking Transparency (ATT) compliance on iOS requires apps that track users across other apps and websites to disclose this practice and obtain explicit user consent through Apple’s standardised permission prompt before accessing the IDFA. Your Privacy Policy must explain what tracking means in the context of your app and how users can opt out.

Google Play Data Safety compliance requires an accurate and complete Data Safety form in the Play Store listing, which must be consistent with your Privacy Policy. The Data Safety section covers data collection, data sharing, security practices, and compliance with the Families Policy for children’s apps.

Account deletion functionality is now required by the Apple App Store for all apps that support account creation. Your Privacy Policy should explain how users can request deletion of their account and associated personal data, and the timeframe within which deletion requests will be actioned.

The APP 8 cross-border disclosure requirements are particularly relevant for mobile apps, which typically use overseas cloud infrastructure (AWS, Google Cloud, Azure), analytics platforms hosted in the United States or Europe, and global payment processors. Your Privacy Policy must disclose the countries where personal information may be sent and the steps taken to confirm overseas recipients comply with the APPs.

Additional compliance elements for a Mobile App Privacy Policy (Australia) used in Australia include: Under the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission (ASIC) regulates companies and financial services. Section 127 of the Corporations Act 2001 governs company execution of documents. The Australian Competition and Consumer Commission (ACCC) enforces the Competition and Consumer Act 2010 (Cth). The Australian Taxation Office (ATO) administers the Goods and Services Tax under the A New Tax System (Goods and Services Tax) Act 1999. The Federal Court of Australia and Supreme Courts of each state have jurisdiction over corporate disputes. Forms-legal.com provides this template as a starting point for Australia-compliant documentation.