Privacy Policy templates

To comply with China’s data protection regulations and app store requirements, developers must publish a clear and comprehensive privacy policy in Simplified Chinese for end users. The following template outlines the standard structure and content expected, based on China’s national standard GB/T 35273-2020 (“Information Security Technology — Personal Information Security Specification”).

The final privacy policy must be published in Chinese. Translations to other languages are optional.

Structure Overview

Below is a recommended framework for organizing your privacy policy, with bilingual section headers and key points required by Chinese regulations.

1. Introduction to the Privacy Policy / 隐私政策导言
Clearly state your company’s legal name, the app’s operating entity, and affiliated organizations. Indicate which products, apps, or services the privacy policy applies to.

Third-Party Distribution Disclosure (if applicable)

If your app is distributed in China through an authorized partner or local entity, your privacy policy should clearly state the relationship to avoid confusion about the data controller or privacy subject.

Example Statement (for reference):

[Your Partner's Name] is the distribution service provider for the "[Your App Name]" Android application in the Chinese market.

[Your Partner's Name] 是 "[Your App Name]" 安卓应用程序在中国的应用分发服务商，注册地址为 [Your Partner's Address]。

This type of disclosure helps app stores, regulators, and end users identify the responsible party in China, especially when the global developer does not operate directly in the region.

Developers may adapt or rewrite this statement to reflect their actual distribution model and responsibilities.

2. How We Collect and Use Your Personal Information / 我们如何收集和使用您的个人信息
Describe the purposes of data collection with specificity. List the types of personal data collected for each function (e.g. name, phone number, location).
Explicitly identify any collection of sensitive personal data (e.g. ID numbers, facial data, biometric identifiers).
Mention data storage location (domestic or cross-border), data retention periods, and whether personal data is used for profiling.
Any changes in data usage purposes must be disclosed and require renewed consent. If your app requests sensitive system permissions (such as access to location, camera, microphone, contacts, storage, clipboard, sensors, etc.), you must clearly explain the purpose and necessity of each permission, and ensure it aligns with the declared business functions.

3. How We Use Cookies and Similar Technologies / 我们如何使用 Cookie 和同类技术
Explain whether your app or its authorized third parties use automated data collection tools (e.g. cookies, web beacons, scripts).
Clarify their purpose and provide methods for users to manage or disable them.

4. How We Share, Transfer, or Disclose Personal Information / 我们如何共享、转让、公开披露用户的个人信息
Indicate whether and why data is shared or transferred. List the types of data shared, the receiving parties, and how they are bound by data protection obligations.
Describe public disclosures, if any, and emergency exceptions (e.g. compliance with legal requests or user safety concerns).
If the platform enables user-generated content, explain risks and protective measures in place.

5. How We Protect Your Personal Information / 我们如何保护您的信息
Describe the technical and organizational measures in place to secure data: encryption, access control, auditing, backup, deletion protocols.
Mention any certifications (e.g. ISO/IEC 27001) or compliance with Chinese standards.
Explain user responsibilities in protecting their data and your company’s response procedures in case of a breach.

6. How and Where Information Is Stored / 信息的存储
Provide information about data hosting and backup (e.g. whether data is stored in mainland China).
Explain the logic and duration of data storage.

7. How You Can Manage Your Personal Information / 您如何管理个人信息（即，用户主体权利）
List users’ rights, including access, correction, deletion, withdrawal of consent, and account cancellation.
Explain how users can exercise these rights (e.g. in-app settings, support form), and whether identity verification is required.
If there are fees, delayed responses, or denied requests, clarify the reasons and legal basis.

8. Protection of Minors / 未成年人保护
If your app is rated for children (e.g. 3+, 8+, 12+), include specific terms for protecting minors and indicate how guardian consent is obtained.

9. How to Contact Us / 如何联系我们
List channels for submitting privacy-related complaints or questions (e.g. email, hotline, contact form).
Include response times and, if applicable, external resolution options such as mediation, arbitration, or regulatory oversight.

10. Changes to the Privacy Policy / 隐私政策变更
State how users will be notified of updates (e.g. in-app pop-up, message center, email) and when renewed consent is required for significant changes.

Additional Resources

A compliant privacy policy in China must be written in Simplified Chinese, structured clearly with labeled sections, and consistent with app functionality. It must also be available to users during onboarding, such as via a pop-up or checkbox.

Need help drafting or localizing your privacy policy?
We can help you create a compliant Chinese-language privacy policy tailored to your app’s functionality.
Contact us for professional support.