Privacy Policy for Sign In With Amazon Button


The "Login with Amazon" service gives developers one more option when it comes to website log-in and registration.

"Login with Amazon" makes it possible for Amazon customers to use their Amazon accounts to log in and register on a website quickly and easily.

It also triggers the need for a Privacy Policy. Let's explore this more.

About Login with Amazon

When your users see the "Login with Amazon" button on your website, they'll know that they can log into your website without needing to manually enter some of their personal information.

Pharmaca: Login with Amazon screen - highlighted

That's because "Login with Amazon" allows developers to get information from Amazon user profiles such as names, email addresses and zipcodes:

Login with Amazon allows users to login to registered third party websites or apps ('clients') using their Amazon user name and password. Clients may ask the user to share some personal information from their Amazon profile, including name, email address, and zip code.

Facebook and Twitter are already providing this via their APIs. Those are the famous Sign-in with Facebook or Sign-in with Twitter buttons:

Buffer - Sign In With Facebook

Amazon released an introductory video, titled "Meet Login with Amazon":

{{ youtube url="https://www.youtube.com/watch?v=rwJCI2lyWMk" }}

Amazon requires all developers who are signing up for this service to have a Privacy Policy available and published on their own websites.

This requirement is outlined in the Login with Amazon Developer Guide for Websites:

Login with Amazon Developer Guidelines for Websites: Client Application clause

Besides Amazon requiring you to have this agreement, the Privacy Policy agreement is required by law (for example, by CalOPPA in the US) if you collect any kind of personal data from users: email address, pictures, name, shipping address etc.

The Privacy Policy must inform users of how you (the website owner, the mobile app developer, etc.) will use the personal information that Amazon is providing to you through the "Login with Amazon" functionality:

A Privacy Policy is a legal statement that specifies what the owner of a business (website, mobile app, Facebook app, etc.) will and will not do with the personal data collected from users.
What is a Privacy Policy agreement

The Privacy Notice URL field in the Register Your Application section, inside the account dashboard, is defined as:

"The URL address of your application's privacy policy. This is displayed on the consent screen the first time the user logs into your website or mobile app."

Login with Amazon: Register Your Application/Application Information - Privacy Notice URL definition

The "Privacy Notice URL" field is mandatory to be filled. It applies regardless of how you register your application:

Why is a Privacy Policy required?

A Privacy Policy is required by law if you collect personal information from users, regardless of what kind of data you collect as long as it is considered personal data. Using "Login with Amazon" falls under this requirement because Amazon is sending you personal information of Amazon users.

As a result, you must disclose what you're going to do with the user's personal data received from Amazon. You disclose this through a Privacy Policy agreement.

This requirement is similar to Facebook's requirement of having a URL to your Privacy Policy or the URL to the Terms of Service.

The URL of this legal agreement should be added in the Privacy Notice URL field in the "Login with Amazon" dashboard, but you should also place it on your website pages or embedded in your mobile app.

Amazon provides Zappos.com as an example of using "Login with Amazon":

Zappos example of Login with Amazon app

Notice how the Zappos Privacy Policy, which can be found at www.zappos.com/privacy-policy, is added in the Privacy Notice URL field.

What to include in your Privacy Policy

There's no need to have a separate Privacy Policy when you register for "Login with Amazon."

Amazon requires you to include the link to your current Privacy Policy, not to provide a separate agreement just for using their service.

If you already have a Privacy Policy, update it to include a section where you inform users that their personal information can also be collected via third-party tools that are making it easier to register for an account on your website.

The Upwork Privacy Policy mentions that personal information might be collected when users register via third party social networking services, such as Facebook:

Upwork Privacy Policy: Excerpt of Social Networking Services clause

Summary

The "Login with Amazon" feature makes it easier for developers to allow Amazon users to quickly register or log in on developers' websites or mobile apps.

Your Privacy Policy should be updated to mention that you use third-party log in features. It should also be made available on your website, typically in the footer section of your web pages. If you're not sure where to place the agreement, follow these best practices on where to place a Privacy Policy on your website.

The same URL found on your website should be added in the Privacy Notice URL field in Amazon's Application Registration Information form.