Google Play’s data deletion badge and Data deletion area within the Data safety section give users a new set of transparency and controls over their user data while providing developers a way to showcase how they treat user data responsibly. If your app allows users to create an account from within your app, our User data policy requires that it must also allow users to request for their account to be deleted.
Tip: To learn about best practices for designing your account deletion experience with users in mind, visit the Android Developers Blog.
Overview
The User Data policy's Account Deletion Requirement means that:
- All developers must complete new Data deletion questions in the Data safety form on the App content page in Play Console.
- If your app enables account creation, you must:
- provide users with an in-app path to delete their app accounts and associated data; and
- provide a web link resource where users can request app account deletion and associated data deletion. You have the opportunity to show users if you delete other data too.
Make sure to read the policy in full and ensure you understand and comply as some information you provide about account and data deletion will be visible on your app's store listing. Developers who are not in compliance by the deadline or after the extension period may be subject to enforcement actions.
In early 2024, Google Play users will begin to see reflected changes in your store listing where they can:
- view privacy control features your app offers with the refreshed data deletion badge in the Data safety section on your app’s store listing; and
- control their data by following your links in the Data deletion area, where they can submit requests to delete their account and/or other data where applicable.
You can expand the section below to see how this may look to users in your store listing if you support account deletion.
What users will see if your app supports account deletionNote: Images are examples and subject to change
Timeline information
We anticipate the following timeline for roll-out in Play Console and Google Play. Note that this is subject to change; updates will be posted in this article.
- April 2023: We announced the new account deletion requirements and added the new Data deletion questions within your Data safety form. You can find this form on the App content page in Play Console.
- You can now fill out and submit the form to receive early feedback on identified issues. Complete these questions early to make sure your information is reviewed and approved before the feature launches to consumers next year.
- If there are issues with your answers to the Data deletion questions in your Data safety form, new submissions and app updates will be rejected in Play Console. You can temporarily proceed with app and Data safety form updates by clearing your responses to the Data deletion questions.
- December 7, 2023: Deadline to complete the Data deletion questions.
- Without an extension (available now within Play Console), app updates will require completed Data deletion questions in your Data safety form. You will no longer be able to publish a new app or app update if these questions are incomplete or have unaddressed issues.
- If you need more time to complete the Data deletion questions of the Data safety form, you can request an extension to May 31, 2024.
- Early next year: Users can start to see the new data deletion badge and Data deletion area on your app’s store listing in Google Play.
- The previous data deletion badge will be removed and no longer shown for all apps.
- In order for your app to show the new badge, you must have an approved Data safety form, including the Data deletion questions in Play Console.
- After May 31, 2024: Non-compliant apps may face additional enforcement actions in the future, such as the removal of your app from Google Play.
Frequently asked questions
What is an app account?An app account is a unique user identity that developers provide as a user-facing feature to serve the user across applications and/or devices (can often include use of usernames, email addresses, and passwords). App accounts provide a mechanism for a user to authenticate and generally include a mechanism to verify an identity, such as password, phone number OTP (one-time password), 2FA (two-factor authentication), biometric, SSO (single sign-on), and so on.
Your app supports account creation within the app if a user can complete creating an app account directly in the app or if the app directs the user to an app account creation flow outside of the app.
If your app offers account creation in any part of the app experience, then you still need to offer app account deletion even if some features can be accessed without an account.
A full end-to-end mobile first account deletion can be a great user experience. However, we understand that this may not yet be feasible for some developers, so we’re giving you options on how to meet this requirement. As an alternative, you can choose to provide a link within your app that takes users to your app account deletion web resource.
When you delete an app account based on a user’s request, you must also delete the user data associated with that app account. It is possible that your app may need to retain certain data for legitimate reasons such as security, fraud prevention or regulatory compliance. Examples of user data include: personal and sensitive user data, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call-related data, health data, Health Connect data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data. All user data indicated as collected in your data safety section is within scope. Those apps within highly regulated industries that require additional retention periods must clearly inform users within their data retention policies.
If your app relies on service providers to process user data, you should delete the data from your own servers and request the service provider to do the same.
You should let users know what to expect and complete their requests within a reasonably quick period of time. Make sure to check with your legal advisors as laws and regulations in some countries impose specific requirements and restrictions concerning data deletion and retention.
Yes, all developers will be prompted and required to answer a new set of questions in the Data safety form focused around deletion practices. If your app is within the scope of the policy requirements, you must disclose if your app provides account deletion and provide the web link within your Data safety form in Play Console. Some updates to your form will be reflected on your app store listing’s Data safety section.
Some users may have already uninstalled your app or not be able to access your in-app experience for a variety of other reasons. We want to ensure that all users can still exercise control over their data by being able to go to the web link based deletion resource that developers provide. This means that your web resource should give users a way to request that their data be deleted without sending the user back to the app and requiring them to re-download it to submit their request.
The weblink must be functional (for example, loads without error), relevant in scope (for example, the pathway to request account deletion should be prominently featured and easily discoverable on the page) and reference the app or developer name (that is, as it appears on your store listing in Google Play). The user must be able to request deletion of their account through the pathway. You can offer this in many ways, like an additional link that initiates account deletion, a customer service email or a form they can submit a request through. If the user needs to take additional steps before deleting their account (for example, canceling a subscription), this must be clearly outlined, and a support flow must be available for users to initiate. If you plan to use existing privacy or data retention policies to fulfill this requirement, the data deletion section should be highlighted and reasonably prominent (for example, through an anchor link).
Permanently private and enterprise device management apps are exempt from this policy requirement. Please note if your app falls within a highly regulated industry (such as utilities, healthcare, or financial services, for example), it is permissible if you need to provide additional flows to facilitate account deletion requests to completion. As a reminder, accounts that are created and operated offline are not app accounts and do not fall within policy scope.
It is possible that your app may need to retain certain data for legitimate reasons such as security, fraud prevention or regulatory compliance. In that case, you must clearly inform users about your data retention practices, for example, within your privacy policy.
The requirements for your in-app path to deletion should be intuitive for the user. Meaning, the pathway should be prominent (for example, within the account settings or a similar section). We recognize that there are many ways developers can implement this within their apps.
We understand that a non-mobile in-app account deletion experience can be challenging for both the developer and the user. That is why non-mobile apps do not have to provide an option to initiate app account deletion from within the app. They are still required to have a readily discoverable option to initiate account deletion outside the app (for example, by visiting your website), and they must enter a link to this web resource in the designated URL form field within Play Console. Common non-mobile app surface experiences can include those on: web, Android TV, Wear OS, and similar.