How to fill out Google data safety form

  • 16 November 2021
  • 6 replies

Badge +4


I’m looking for an advice or a guidance how to fill the Data safety form in Google Play in regard to RevenueCat integration.


Our app is not collecting any private user data, no account is necessary, no ads, no analytics implemented, but offers subscription to Premium version with unlimited functionality. We are processing Premium subscriptions using RevenueCat SDK. We are getting anonymous information about users who started trial/purchased/canceled subscription. All we know is that “someone” (we get anonymous user ID, e.g. $RCAnonymousID:23kkjjj344kjkjkjkjkj3jkjjjkjkj) in Canada using Android device opened the app, started a trial, purchased the Premium subscription, or canceled trial, opt out from renewal of Premium subscription.


I assume the “data type” we collect is only “Financial info – Purchase history”.


I assume this data is “collected” and users can “choose whether this data is collected”, since users can use the app without purchasing the Premium subscription.


I assume the reason is “App functionality”, since it enables the unlimited features of the app.


I assume “data is encrypted in transfer.”


I assume “data can’t be deleted” since there is no connection to a real person/user id or email, I am not able to delete information about the particular purchase of Premium subscription.


Are my assumptions correct?


I would appreciate your help. We want our app to be private, to be clear and transparent.

Thank you.







Best answer by tina 1 December 2021, 18:55

View original

6 replies

Userlevel 5
Badge +10

Hi @fiduciary!

So far we don't have any documentation specific to Google's Data Safety requirements, but it's similar to Apple's App Privacy requirements. We have a guide for Apple's requirements that you can use for Google: RevenueCat only collects Purchase history by default. If you use any integrations, you'll want to select the appropriate data types collected by those integrations (e.g. email, app analytics, etc.) We'll work on a guide for this but I hope that helps in the meantime.

Badge +4


Thank you. It is similar to Apple’s App Privacy, however there are differences, so I would appreciate a guide :-)

Userlevel 5
Badge +10

Hey @fiduciary 

A guide is currently in the works and should be published this week. 😻

Badge +4

:pray: thank you :slight_smile:

Userlevel 5
Badge +10

Hey @fiduciary 

The documentation is published here: 

Badge +5

@tina I think there might be a small mistake in your documentation. There it says:

1. Is this data collected, shared, or both?

This data is collected by RevenueCat. If you are using custom app user IDs or collecting personal identifiable information (i.e: email) that can be linked back to an individual customer, you will need to also select 'Shared'.


I’m not sure if that’s actually the case. Here Google states that data that is transferred to a “Service Provider” does not need to be disclosed as “Shared”. 

  • Service providers. Transferring user data to a “service provider” that processes it on behalf of the developer.
    • “Service provider” means an entity that processes user data on behalf of the developer and based on the developer’s instructions.

To me it sounds like RevenueCat qualifies as a Service Provider. What do you think?