Set up Your Windows 8 Privacy Policy in Five Minutes (or Less)
There are three certainties in life: death, taxes, and the fact your Windows 8 application will fail certification if it’s network-capable and you don’t have a privacy policy. I can’t fix the first two, but I can help with the last one.
If you read the full text of the requirement, you’ll note that the policy needs to be accessible from the description of the app as it appears in the Windows Store (as well as from the Settings Charm when the application is running), and that means you’ll be hosting it on the web at a minimum.
Enter Windows Azure Web Sites – create a free site and publish your policy in less than five minutes (yes, I timed it!)
1. Get your free Windows Azure account
Sign up for the 3-month Windows Azure Trial account, and your account should be ready in about a minute. You’ll need to provide a credit card, but the free-instance Web Sites offering is, well, free, even beyond the trial period.
Note, that when a 3-month trial account expires, all your compute assets are removed, including free-instance model Windows Azure Web Sites you may have set up. In order to have your site run without interruption, be sure to transition to a pay-as-you-go plan by turning off the spending limit associated with your subscription before the trial expires. At that point you would be charged for any other services you do use from Windows Azure, but if you stick with just the free-instance model of a Windows Azure Web Site, your bill will be $0.
2. Create a Windows Azure Web Site
Once your subscription is active, access the portal and create a new Windows Azure Web Site. If you’re using an existing Windows Azure subscription and don’t see the Web Sites option, visit the Preview Features page and enable Web Sites.
Upon following the CREATE A WEB SITE link, a popup will appear (below), requesting the name of your site. I’d suggest using the name of your Windows 8 application, or something close to it, but you will be bound by the URI naming restrictions and the fact that your site name must be unique across all Windows Azure Web Sites (specifically, the azurewebsites.net domain)
You’ll also need to pick which data center to house your site. Generally, you’ll pick the location closest to the majority of your users; however, since you’re just serving up a static page, latency is not a huge concern.
Click the checkmark in the lower right corner of the page and in less than a minute, your site should be accessible. Mine, at yourwindows8appname.azurewebsites.net, took a mere 17 seconds to provision!
3. Download your Publishing Profile
Select your new Web Site from the portal page shown above to bring up the default “Getting Started” page for the site. If this isn’t the page you see right away, select the cloud/thunderbolt icon on the menu bar (highlighted below).
From this page, you can download the publishing profile for your application. The profile is an XML file that contains credentials allowing you to deploy your Web Site from client tools like Visual Studio and WebMatrix. As such, you’ll want to make sure the file is managed securely on your machine
3. Record your FTP publication information
Open the publishing profile. By default, it will have an extension of PublishSettings, but you can open it any text editor. The file will contain a profile for using Web Deploy and a second profile for using FTP. Within the FTP section, make note of the publishUrl, userName, and userPWD attributes, as shown below.
<publishProfile profileName="YourWindows8AppName - FTP" publishMethod="FTP" publishUrl="ftp://waws-prod-blu-001.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="YourWindows8AppName\$YourWindows8AppName" userPWD="apHqnl6KqHtEBdGJ...Pat9Q8M7vyPRP9bezw1tQmo" destinationAppUrl="https://yourwindows8appname.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="https://windows.azure.com"> <databases/> </publishProfile>
4. Write your privacy policy
IANAL, so I can’t guide you as to what your privacy policy should say; consult your legal team or take a look at some of the policies out there for existing apps. They range from fairly sparse statements of “we don’t use your data” to multiple pages of legalese.
Format whatever you do end up with into a text, HTML, or even a PDF file and save it on your local machine. For sake of example, I’ve named mine privacy.html
Thanks to my colleague G. Andrew Duthie for pointing out Pete Brown’s post on characteristics of a good privacy policy.
That same day, a newly-published Windows 8 dev (thanks E B!), passed on a link to a Mobile Privacy Policy template that may be helpful to you.
5. Access your Windows Azure Web Site via FTP
If you have an FTP client, great! If not, simply paste your site’s FTP URL into an instance of File Explorer, and you’ll be prompted for the user name and password, all of which are included in the PublishSettings file.
Press the Log On button, and you’ll see the files within your Azure Web Site. For a newly created site, you’ll see a single file, hostingstart.html, which is the default page you see when you visit your Web Site via a browser.
6. Copy your local privacy policy to the FTP folder
Simply drag and drop your privacy policy file into the FTP folder containing hostingstart.html to copy it to Windows Azure. In my case, the policy becomes accessible via
7. Add the link to your application profile
In the Dev Center dashboard for your account, add the privacy policy URL to the Description section of your application’s profile:
8. Add the privacy policy to your application’s Settings
Your privacy policy also needs to be part of your application, available as an option on the Settings Charm. Depending on your choice of programming language and the desired polish of the end-user experience, there are many ways to implement this.
Below is rather minimalistic code in C# (added to App.xaml.cs) that inserts a Privacy Policy command in the Settings Charm and launches the privacy policy in Internet Explorer. For a nicer user experience, you might consider incorporating the policy within your application, perhaps using a flyout. See the Callisto project and the App Settings example on the Dev Center for some ideas on accomplishing that.
protected override void OnWindowCreated(WindowCreatedEventArgs args) { SettingsPane.GetForCurrentView().CommandsRequested += (s, e) => e.Request.ApplicationCommands.Add( new SettingsCommand("privacypolicy", "Privacy policy", ShowPrivacyPolicy) ); }
private async void ShowPrivacyPolicy(IUICommand c) { await Launcher.LaunchUriAsync( new Uri("https://yourwindows8appname.azurewebsites.net/privacy.html")); }
9. Don't stop there! Build a community around your app
You’ve got access to an IIS-hosted Web Site in the cloud – free – so make the most of it. In Step 7 above, you’ll notice the Description section of the app profile also requests a website URL and even requires support contact info, which could also be a website.
Between Visual Studio Express 2012 for Web and WebMatrix, you have free IDEs available that can deploy ASP, ASP.NET, Node.js, and PHP sites directly to your Windows Azure Web Site. Beyond that you could spin up an instance of a CMS like WordPress or Drupal and host a great landing spot for new and existing users of your application.
Comments
Anonymous
February 14, 2013
I am sorry; if I have Win8 - I have to create a Web-site? What kind of moron has designed that system?! #^$&%!Anonymous
February 14, 2013
Erving, It's not about Win8, it's about mobile applications. IF your Windows Store application reaches out to the Web, then indeed, somewhere on the Web you'd need to provide your users an indication of what you are doing (or will do) with information they may be entering into your application. What other way would there be? you can't require they install the application to see a policy that they may not be in agreement with. That said, you can certainly host a static document somewhere publicly as well, like SkyDrive or DropBox. But since Azure Web Sites is free, and enables you to provide a more compelling and professional experience than just a static site - why not?