New online platforms and the ease of app development makes market entry simple for even amateur developers.
If you perform app or website development outside of your regular day job or wish to test your market first before committing more time to development, it may not be on your immediate to-do list to incorporate.
Many people prefer to check the success of their ideas before taking the steps to officially starting a company.
Even as an individual developer, you still have legal requirements. You are not exempt from privacy laws just because you are a person rather than a company. These laws affect you and require that you draft a Privacy Policy if your app or website collects personal data.
If you review examples of Privacy Policies, you will see they reference a company, not an individual. Even individuals who perform business as sole proprietors often transact their business as an incorporated entity rather than using their own names.
This is due to the need to avoid personal liability.
Being personally connected to a business transaction or a privacy breach risks your personal assets. A successful lawsuit against you can attach your own real estate or bank accounts in addition to funds and property you hold exclusively for business purposes.
That is why you will not find Privacy Policies written for individuals. Tim Ferriss runs a blog that features his name prominently:
You would think Tim's Privacy Policy agreement connected to his name would work the same way. However, it places privacy burdens and responsibilities on a company name, not Tim Ferriss personally:
Tim Ferriss is not alone in this practice. Ed Gandia sells products that teach copywriting and business writing. His website focuses more on his name rather than the name of his company. This changes when you go to his Privacy Policy:
This does not mean you can't develop and sell an app or website product without establishing a company first.
It's understandable and not unheard of to do so if you want to test the market without putting in a giant investment, or just want to see if you like developing and distributing apps in the first place. However, the decision to release an app or website as an individual rather than as a corporation does not relieve you of legal requirements.
Privacy Policies are required anytime you collect personal data from users.
This is the case whether you run a large multinational company like Apple or if you create apps from your basement office.
Privacy protection laws address personal data. If you handle personal data, you must follow the requirements of these laws. Personal data for privacy law purposes is defined as any information that can be used to identify an individual. Some common examples of "personal data" include:
Before you make an effort to draft a Privacy Policy, first assess whether you request personal data from your users. If you collect any of this information, ask yourself if it is truly necessary for the functioning of your app or website. The best way to protect privacy is to not request information in the first place.
If your service or product works fine without users revealing this information, consider never requesting it in the first place.
However, if you need personal data, being an individual does not exempt you from privacy protection laws.
Laws concerning privacy typically refer to "organizations."
An organization for these purposes includes anyone who creates, runs, and manages an app or website that requests personal data.
While it's often assumed that these rules only apply to corporations, that is not the case.
The California Online Privacy Protection Act is the most extensive privacy act in the United States. Since California is a heavily populated state, it is impossible to run an app or website in the U.S. without engaging California citizens. You need to pay attention to this law as if it contained federal requirements.
The act applies to any person or entity that runs a commercial website or online service available to California residents.
The Canadian law, Personal Information Protection and Electronic Documents Act (PIPEDA), applies to organizations:
Individuals are included in its definition of organizations:
You will also find this in Australia with the Privacy Act 1988. Organizations also include individuals:
The E.U. places strict privacy requirements on its member states. Individuals are also held to these laws, although it refers to "controllers" and "processors" rather than organizations:
Finally, as an example of following the E.U. requirements, the U.K. passed an extensive privacy protection law called the Data Protection Act 1988. This law does not exempt individual developers if they collection personal information:
Knowing that individual developers are bound by privacy laws helps you make informed decisions. If you handle personal data within a website or app, you may want to consider incorporation.
Privacy breaches are burdensome to all corporations, even the largest ones. If the data you store is compromised, you can face penalties which may include fines and civil liability.
However, rather than enjoying the protection of a corporate structure, users pursue you personally for damages when you aren't incorporated. This can leave you financially destitute in addition to undermining your business efforts.
That is why if you handle personal data, you should consider creating a company first. This offers advantages over doing this on your own, including:
If you decide to proceed with your plans in an individual capacity, that remains an option for you. Incorporation remains an option as your app or website expands. Just be aware that requirements for protecting data and drafting a complete Privacy Policy remain even though you do not operate through a company.