Location data privacy checklist

Location data can help you build a wide range of product and service experiences, from delivery tracking to store locators to address autocomplete to location-based push notifications.

But location data is sensitive, and must be collected and managed with care.

In this post, we share a ten-point location data privacy checklist to help you collect location data and build location-based experiences in the right way.

1. Get clear opt-in and consent

First, get clear opt-in and consent. Collecting location data on iOS and Android requires the user to grant location permissions. Your permissions prompts and privacy policy should show exactly what information is being collected and how it is being used.

You should also consider providing additional context in a pre-prompt or onboarding screen. Finally, you should provide a privacy settings screen to allow the user to learn more or opt-out at any time.

The biggest location data privacy issues stem from a gap between the information the user thought you were collecting and what information you are actually collecting. The best permissions prompts and privacy policies eliminate that gap.

The McDonald's app shows a pre-prompt after starting an order with a detailed description of location features and location data collection, as well as a link to a privacy policy.

The Target app shows an onboarding screen with a detailed description of location features and location data collection.

Radar respects standard iOS and Android location permissions and does not collect location data unless permissions are granted. It is up to you as a developer or company to craft clear, complete permissions prompts and a privacy policy to get clear opt-in and consent.

2. Deliver value to the end user

Second, deliver value to the end user. Ideally, the user wants to grant location permissions because sharing location data helps them get what they need faster, see relevant content, or unlock an offer.

Radar can help you build a wide range of product and service experiences, from delivery tracking to store locators to address autocomplete to location-based push notifications.

3. Minimize location data collection

Third, only collect the data that you need. This includes the frequency (foreground or background? if in the background, how often?) and accuracy of location data collection, as well as any derivative data (e.g., geofence entry or place visit events).

If using a geofencing platform, only create geofences or turn on place categories relevant to your use case (e.g., store visits for shopping apps, airport visits and traveling detection for travel apps).

Radar provides tracking options to control location data collection, as well as geofence management capabilities, place filters, and event filters to control event generation.

4. Use short data retention periods

Fourth, only store the data for as long as you need. This might be a year, a month, a week, a day, or even not at all, depending on your use case.

For example, if you are building a location-based user segment for targeting (e.g., "McDonald's visitors"), you may only need to store events for the last 30 days. If you are building a curbside pickup tracker, you may only need to store location updates for a week.

Radar supports custom data retention periods for enterprise customers, as well as a context API that supports geofencing and place detection without storing any location data at all.

// stateful, user and events retained on server
Radar.trackOnce { (status, location, events, user) in
  // do something with user?.geofences, user?.place
}

// stateless, no device or user identifiers sent to server
Radar.getContext { (status, location, context) in
  // do something with context?.geofences, context?.place
}

5. Stop collection when no longer necessary

Fifth, stop collection when no longer necessary. If a user opts out, stop location tracking immediately. If you are building a travel reminders app, you may want to stop location data collection when the user returns from vacation. If you are building a delivery tracker, you may want to stop location data collection when the delivery is complete. And so on.

Radar allows you to stop tracking immediately with one line of code and also supports custom tracking options to start or stop tracking at specific times.

// stop tracking immediately
Radar.stopTracking()

// stop tracking in one hour
let oneHourFromNow = Date().addingTimeInterval(60 * 60)
let trackingOptions = RadarTrackingOptions.responsive
trackingOptions.stopTrackingAfter = oneHourFromNow
Radar.startTracking(trackingOptions: trackingOptions)

6. Minimize PII associated with location data

Sixth, minimize personally identifiable information (PII) associated with location data, like name or email.

By default, Radar identifies a device only with an anonymous install ID and device ID. Radar allows you to associate a user ID and other metadata with a user, but does not collect PII like name or email by default.

7. Transfer and store data securely

Seventh, transfer and store data securely. Data should be encrypted in transit using TLS 1.2+ and at rest using AES-256.

At Radar, we take security as seriously as privacy. Radar uses recommended encryption standards, is SOC 2 type II-certified, and undergoes regular third-party audits and penetration tests.

8. Limit and audit access to data

Eighth, limit and audit access to data. Ensure that only authorized and trained employees can access location data in production, and ensure that any access is monitored.

The Radar dashboard supports single sign-on (SSO), advanced access controls, and audit logs to limit and monitor access to data.

9. Comply with privacy regulations

Ninth, ensure that you comply with regulations: GDPR in the EU, CCPA in the US, and so on.

Radar is CCPA-compliant and GDPR-compliant as a processor. We provide export and deletion capabilities both programmatic (through the API) and manual (through the dashboard).

10. Work with trusted vendors

Finally, only work with trusted vendors. While there are many location and geofencing platforms, few are truly enterprise-ready. Radar has experience supporting the location data privacy and security needs of Fortune 500 companies and high-growth startups alike.

If you're looking to build amazing location-based experiences in the right way, reach out to our team directly. We'd love to hear from you.