Set up Your Windows 8 Privacy Policy in Five Minutes (or Less)

  • Article

There are three certainties in life: death, taxes, and the fact your Windows 8 application will fail certification if it’s network-capable and you don’t have a privacy policy. I can’t fix the first two, but I can help with the last one.

If you read the full text of the requirement, you’ll note that the policy needs to be accessible from the description of the app as it appears in the Windows Store (as well as from the Settings Charm when the application is running), and that means you’ll be hosting it on the web at a minimum.

Enter Windows Azure Web Sites – create a free site and publish your policy in less than five minutes (yes, I timed it!)

1. Get your free Windows Azure account

Sign up for the 3-month Windows Azure Trial account, and your account should be ready in about a minute. You’ll need to provide a credit card, but the free-instance Web Sites offering is, well, free, even beyond the trial period.

Note, that when a 3-month trial account expires, all your compute assets are removed, including free-instance model Windows Azure Web Sites you may have set up. In order to have your site run without interruption, be sure to transition to a pay-as-you-go plan by turning off the spending limit associated with your subscription before the trial expires. At that point you would be charged for any other services you do use from Windows Azure, but if you stick with just the free-instance model of a Windows Azure Web Site, your bill will be $0.

2. Create a Windows Azure Web Site

Once your subscription is active, access the portal and create a new Windows Azure Web Site. If you’re using an existing Windows Azure subscription and don’t see the Web Sites option, visit the Preview Features page and enable Web Sites.

Creating your first Windows Azure Web Site

Upon following the CREATE A WEB SITE link, a popup will appear (below), requesting the name of your site. I’d suggest using the name of your Windows 8 application, or something close to it, but you will be bound by the URI naming restrictions and the fact that your site name must be unique across all Windows Azure Web Sites (specifically, the azurewebsites.net domain)

You’ll also need to pick which data center to house your site. Generally, you’ll pick the location closest to the majority of your users; however, since you’re just serving up a static page, latency is not a huge concern.

Specifying your Windows Azure Web Site name and location

Click the checkmark in the lower right corner of the page and in less than a minute, your site should be accessible. Mine, at yourwindows8appname.azurewebsites.net, took a mere 17 seconds to provision!

Your new Windows Azure Web Site up and running

3. Download your Publishing Profile

Select your new Web Site from the portal page shown above to bring up the default “Getting Started” page for the site. If this isn’t the page you see right away, select the cloud/thunderbolt icon on the menu bar (highlighted below).

From this page, you can download the publishing profile for your application. The profile is an XML file that contains credentials allowing you to deploy your Web Site from client tools like Visual Studio and WebMatrix. As such, you’ll want to make sure the file is managed securely on your machine

Download publishing profile

3. Record your FTP publication information

Open the publishing profile. By default, it will have an extension of PublishSettings, but you can open it any text editor. The file will contain a profile for using Web Deploy and a second profile for using FTP. Within the FTP section, make note of the publishUrl, userName, and userPWD attributes, as shown below.

 <publishProfile profileName="YourWindows8AppName - FTP" publishMethod="FTP" 
       publishUrl="ftp://waws-prod-blu-001.ftp.azurewebsites.windows.net/site/wwwroot" 
       ftpPassiveMode="True" 
       userName="YourWindows8AppName\$YourWindows8AppName" 
       userPWD="apHqnl6KqHtEBdGJ...Pat9Q8M7vyPRP9bezw1tQmo" 
       destinationAppUrl="https://yourwindows8appname.azurewebsites.net" 
       SQLServerDBConnectionString="" mySQLDBConnectionString="" 
       hostingProviderForumLink="" controlPanelLink="https://windows.azure.com">
   <databases/>
</publishProfile>

4. Write your privacy policy

IANAL, so I can’t guide you as to what your privacy policy should say; consult your legal team or take a look at some of the policies out there for existing apps. They range from fairly sparse statements of “we don’t use your data” to multiple pages of legalese.

Format whatever you do end up with into a text, HTML, or even a PDF file and save it on your local machine. For sake of example, I’ve named mine privacy.html

Thanks to my colleague G. Andrew Duthie for pointing out Pete Brown’s post on characteristics of a good privacy policy.

That same day, a newly-published Windows 8 dev (thanks E B!), passed on a link to a Mobile Privacy Policy template that may be helpful to you.

5. Access your Windows Azure Web Site via FTP

If you have an FTP client, great! If not, simply paste your site’s FTP URL into an instance of File Explorer, and you’ll be prompted for the user name and password, all of which are included in the PublishSettings file.

Browsing to Web Site via FTP

Press the Log On button, and you’ll see the files within your Azure Web Site. For a newly created site, you’ll see a single file, hostingstart.html, which is the default page you see when you visit your Web Site via a browser.

6. Copy your local privacy policy to the FTP folder

Simply drag and drop your privacy policy file into the FTP folder containing hostingstart.html to copy it to Windows Azure. In my case, the policy becomes accessible via

https://yourWindows8AppName.azurewebsites.net/privacy.html

In the Dev Center dashboard for your account, add the privacy policy URL to the Description section of your application’s profile:

Description section of application profile

8. Add the privacy policy to your application’s Settings

Your privacy policy also needs to be part of your application, available as an option on the Settings Charm. Depending on your choice of programming language and the desired polish of the end-user experience, there are many ways to implement this.

Below is rather minimalistic code in C# (added to App.xaml.cs) that inserts a Privacy Policy command in the Settings Charm and launches the privacy policy in Internet Explorer. For a nicer user experience, you might consider incorporating the policy within your application, perhaps using a flyout. See the Callisto project and the App Settings example on the Dev Center for some ideas on accomplishing that.

 protected override void OnWindowCreated(WindowCreatedEventArgs args)
{
    SettingsPane.GetForCurrentView().CommandsRequested += (s, e) =>         
      e.Request.ApplicationCommands.Add(
         new SettingsCommand("privacypolicy", "Privacy policy", ShowPrivacyPolicy)
      );
}
  

 private async void ShowPrivacyPolicy(IUICommand c)
{
    await Launcher.LaunchUriAsync(
               new Uri("https://yourwindows8appname.azurewebsites.net/privacy.html"));
}

9. Don't stop there! Build a community around your app

You’ve got access to an IIS-hosted Web Site in the cloud – free – so make the most of it. In Step 7 above, you’ll notice the Description section of the app profile also requests a website URL and even requires support contact info, which could also be a website.

Between Visual Studio Express 2012 for Web and WebMatrix, you have free IDEs available that can deploy ASP, ASP.NET, Node.js, and PHP sites directly to your Windows Azure Web Site. Beyond that you could spin up an instance of a CMS like WordPress or Drupal and host a great landing spot for new and existing users of your application.