App Store RejectionGuideline Google Play — Privacy PolicyPrivacy Policy Requirement

Google Play won't publish your app without a privacy policy. Here's what you need.

If your app requests any sensitive permissions — camera, location, microphone, contacts — Google Play requires a privacy policy URL in your store listing. No policy, no publish. This is one of the most common rejections and one of the fastest to fix.

What Apple said

Your app requests sensitive permissions but does not include a valid privacy policy link in your Google Play store listing or within the app. All apps that access sensitive user data must provide a privacy policy that adequately discloses how user data is collected and used.

What this actually means

Google Play requires a privacy policy URL for any app that handles sensitive data. This means if you request permissions like camera, location, microphone, contacts, phone state, or storage — you need a hosted, accessible privacy policy linked in your Play Console listing. A dead link or a generic template that doesn't cover your actual data practices won't pass review.

What Apple needs to see

  • A hosted privacy policy URL that loads reliably and is not behind a login or paywall
  • Policy content that specifically addresses the permissions your app requests and what data is collected
  • The privacy policy URL entered in both the Play Console store listing and within the app itself
  • Language that covers data sharing with any third-party SDKs present in your app
  1. 1Generate a privacy policy that covers your app's specific permissions and data practices — BaseTerms creates a hosted privacy policy at yourapp.baseterms.com that you can link directly in Play Console
  2. 2Add the privacy policy URL to your Play Console store listing under Store Presence > Store Listing
  3. 3Add a link to the privacy policy inside the app itself, typically in a Settings or About screen
  4. 4Verify the URL loads correctly from a mobile browser without any authentication prompt
  5. 5Update your policy any time you add new permissions or third-party SDKs to keep it accurate

While you're at it — Apple also requires these pages for every app.

Fix this rejection, then make sure you're covered on the compliance side too. Apple requires every app to link to a hosted Privacy Policy, Terms of Service, Support page, and Data Deletion page. No link means another rejection — just for a different reason.

Privacy Policy
Terms of Service
Support Page
Data Deletion Page
Generate my compliance pages — $9

Common questions

Do I need a privacy policy if my app doesn't collect any data?
If your app requests any sensitive Android permissions, Google Play requires a privacy policy regardless of whether you personally store the data. The policy in this case should state that no personal data is collected or retained, which is straightforward but still required.
Can I use a free privacy policy generator?
A generated policy is acceptable as long as it accurately reflects your actual data practices. The risk with generic generators is that they produce one-size-fits-all policies that may not cover your specific permissions or third-party SDKs, which can cause problems if Google ever audits the content.
Where exactly do I add the privacy policy URL in Play Console?
Go to Play Console > your app > Store Presence > Store Listing, then scroll to the bottom of the page to find the Privacy Policy URL field. You also need to enter it under App Content > Privacy Policy separately. Both fields need to be filled.