Privacy and personalization on mobile apps

How user behavior capture and delivery of a personalized user experience should be considered when submitting a mobile app to the Apple App Store. 

Customers need to be comfortable that our personalization models ensure they comply `with regulations and guidelines for the financial services sector.

AlphaStream works closely with customer compliance and legal teams to help them understand how we capture, transfer, and store their customer’s data.

One area that requires close scrutiny is around customer data collection and personalization for apps on the Apple App Store. 

Apple have recently made changes to their iOS and how it deals with Tracking. These are the changes that have been credited with impacting Meta’s long term revenue base. You’ve always been able to track a user across apps so you can re-target them with very personalized advertisements. Apple now requires you to ask users whether they want to be tracked. Fortunately, AlphaStream does not have a need to track users across multiple applications. We’re only concerned with capturing user behavior within the mobile app we’re providing personalization to.

If AlphaStream is powering your financial experiences with personalization, it doesn’t matter if you block tracking.

AlphaStream uses a JavaScript SDK (Software Development Kit) supporting React, which works with mobile app code bases iOS to capture behavior within the app. We send that data to our platform, so we don’t store any data on the device.

Disclosing our data capture, its nature of it, and its purpose is key to a good app store submission. The AlphaStream use case is in line with what’s accepted and can be deployed with optional disclosure on the app product page.

Most of our work is with regulated financial institutions. Paradoxically, that actually makes our data collection disclosure simple. Apple’s disclosure requirements for regulated financial services are specifically dealt with in the Apple App Store policy under the following points:

  • Collection of the regulated data is in accordance with a legally required privacy notice under applicable financial services or data protection laws or regulations (e.g., GDPR or GLBA)
  • Collection by the app of that data occurs only in cases that are not part of your app’s primary functionality and which are optional for the user. 
  • Such notice provides that data is not shared with unaffiliated third parties to market other products and services.
  • Such data is not linked with third-party data for advertising purposes or shared with a data broker except for purposes of fraud detection or prevention or security purposes or with a consumer reporting agency for credit reporting.

If all criteria are met, then disclosure of data capture on your app store product page is optional. We still suggest appropriate disclosure, as the data capture is used to improve user experience, and the data isn’t used for advertising.

App builders will need to consider whether they use opt-in or opt-out systems for personalization within their app. It’s advisable that users have the option of an unpersonalized experience as this is more in line with GDPR and financial regulation, even if appropriate disclosure means the personalized experience doesn’t have to be optional within the app.

Managing personalization in an omni-channel world is complex, even more so for financially regulated services. However, a consistent approach to data capture, storage, and usage, defined by the policy framework, gives you clear guardrails in operating within the mobile application policies and app store submission.

Data collection for the product’s personalization is great, but don’t forget that using that data for 3rd party advertising requires more in-depth user consent and app submission information.

For more information on the Apple App Store submission and policies in relation to privacy, please review the following guidance from Apple.

Get in touch to hear more about how we’ll help you along the process of adding personalization into your app store submissions.

Mobile App Privacy and Personalization

AlphaStream works with our customer compliance and legal teams to help them understand how we capture, transfer and store their customers’ data and how our personalization models work to ensure they remain compliant with regulations and guidelines in the financial services sector. 

One area where customer data collection and personalization issues can get particularly tricky is when you are developing a mobile application for the Apple App store and how you manage the submission and adhere to customer data and privacy policies. 

The first thing to deal with is the major changes Apple recently made to their iOS around Tracking. This has created serious ripples in the mobile advertising industry and has been credited with impacting Meta’s long-term revenue base. It essentially means you can track a user across mobile apps and re-target them with personalized advertisements. Apple now requires you to ask the user if they want to be tracked. AlphaStream does not have a need to track users across other mobile applications, we are only looking to capture user behavior within the mobile app that we are personalizing. 

If AlphaStream is powering the in-app financial experience, it is ok to block tracking as this is not related to the behavior capture we employ within the application to personalize the financial markets for each user. 

AlphaStream offers a JavaScript SDK which contains a client which supports React so works with mobile app code base such as or iOS to capture behavior within the app which we send up to our platform. We do not store any data on the device and only collect basic device data such as device detail.

Disclosing the data capture that is undertaken, the nature of it and its purpose is key to a good app store submission and the AlphaStream use case is in line with accepted usage and indeed could probably be deployed with optional disclosure on the app product page.  

We normally work with regulated financial institutions which makes the data collection disclosure paradoxically simpler. Apple’s disclosure requirements for regulated financial services is specifically dealt with in the Apple App Store policy under the following points: 

  • Collection of the regulated data is in accordance with a legally required privacy notice under applicable financial services or data protection laws or regulations (e.g., GDPR or GLBA).
  • Collection by the app of that data occurs only in cases that are not part of your app’s primary functionality and which are optional for the user.
  • Such notice provides that data is not shared with unaffiliated third parties to market other products and services.
  • Such data is not linked with third-party data for advertising purposes or shared with a data broker except for purposes of fraud detection or prevention or security purposes or with a consumer reporting agency for credit reporting.

If all criteria are met then disclosure of data capture on the app store product page is optional, although we would suggest appropriate disclosure on the product page is desirable as the data capture is used in improving the user experience and the data is not used for any advertising purposes. 

App builders will need to consider how they manage personalization within the app as an opt-in or opt-out. It is advisable the users have the option to not have a personalized experience as this is more in line with GDPR and financial regulation more generally even though with appropriate disclosure a personalized experience might not be optional within the app. 

Managing personalization in an omni channel world is complex, particularly for financially regulated services, however a consistent approach to data capture, storage and usage that is defined by the policy framework gives you clear guardrails of how you should operate within the mobile application policies and app store submission. Data collection for personalization of the product is great but using the data for 3rd party advertising requires more in depth user consent and app submission information. 

For more information on the Apple App store submission and policies in relation to Privacy please review the following Apple guidance.  

https://developer.apple.com/app-store/app-privacy-details/

Written by
Adam Howard

Might Interest You

Elon Musk’s Tweet Throttle: The Consequences for Retail Traders

Read more

Elevating Financial Experiences: The Unseen Power of a Structured Content Approach

Read more

AlphaStream Personalization and Suggestion Systems 

Read more

Elon Musk’s Tweet Throttle: The Consequences for Retail Traders

Read more

Elevating Financial Experiences: The Unseen Power of a Structured Content Approach

Read more

AlphaStream Personalization and Suggestion Systems 

Read more