Hello,
We are preparing App Privacy section for our app, and there is one thing that is not clear: what is "user identity"?
Firstly, the app does not identify users - it does not ask for name, address, contact information, etc. The user can enter an email address for data recovery purposes, but as 1) it is not used for tracking purposes, 2) it is not used for advertising or marketing purposes, 3) it is not part of the app's primary functionality, and it is optional for entry by the user, 4) it is clear in the app's interface what data is entered (i.e., email), we consider "Email address" data type collection being optional to disclose.
Secondly, the app collects certain data as a part of functionality (e.g., user-entered notes) that are stored on our servers associated with our internal userID. This means that the app Collects (transmits off device) type of data Other User Content, which is used for App Functionality.
Our question is about linking to the user's identity.
In App privacy details on the App Store, there is a statement about "... specific privacy protections put in place before collection to de-identify or anonymize it, such as [...] Manipulating data to break the linkage and prevent re-linkage to real-world identities."
In our case, we don't need to "break the linkage and prevent re-linkage to real-world identities" because we don't have this linkage in the first place. We don't know anything about the user's real-world identity (as described above, email is optional for entry by the user.)
Thus, is it correct to understand "user identity" in Data linked to the user question as "real-world identity"?
I.e., in our case, Other User Content collected by the app (linked to our anonymous userID) is not "linked to the user's identity".
Is the above correct?
Help and guidance would be much appreciated.
We are preparing App Privacy section for our app, and there is one thing that is not clear: what is "user identity"?
Firstly, the app does not identify users - it does not ask for name, address, contact information, etc. The user can enter an email address for data recovery purposes, but as 1) it is not used for tracking purposes, 2) it is not used for advertising or marketing purposes, 3) it is not part of the app's primary functionality, and it is optional for entry by the user, 4) it is clear in the app's interface what data is entered (i.e., email), we consider "Email address" data type collection being optional to disclose.
Secondly, the app collects certain data as a part of functionality (e.g., user-entered notes) that are stored on our servers associated with our internal userID. This means that the app Collects (transmits off device) type of data Other User Content, which is used for App Functionality.
Our question is about linking to the user's identity.
In App privacy details on the App Store, there is a statement about "... specific privacy protections put in place before collection to de-identify or anonymize it, such as [...] Manipulating data to break the linkage and prevent re-linkage to real-world identities."
In our case, we don't need to "break the linkage and prevent re-linkage to real-world identities" because we don't have this linkage in the first place. We don't know anything about the user's real-world identity (as described above, email is optional for entry by the user.)
Thus, is it correct to understand "user identity" in Data linked to the user question as "real-world identity"?
I.e., in our case, Other User Content collected by the app (linked to our anonymous userID) is not "linked to the user's identity".
Is the above correct?
Help and guidance would be much appreciated.