App Review Checklist
As part of the app review, Dataswift has to set up a legal contract between your app and your users. This contract enables your users to give your app the permission and the rights to use a namespace within your users' own database (each user has his/her own database). If your app is requesting for any other data from another namespace of their databases, a data debit must also be specified within the contract. This contract is set up by Dataswift before your app goes live and will be autogenerated when your users sign into your app.Dataswift requires information for the review and for the contract to be set up. We also require the application to declare the rating of application based on the HATDeX Rating Assurance system. Below is a checklist that can help you prepare for review.
- Are you putting third party data into the PDA? Make sure it belongs to the PDA owner and that you have all the necessary permissions from the third party data provider to be written into the PDA.
- If you also hold the data outside the PDA, either ensure it's not identifiable or if it is, ensure it is secure. If the data has PII, note that your app rating for the first letter will go down to a B or lower, and you would need to ensure that you are compliant with data regulation for that data.
- Be ready to accurately declare what data will be in the PDA, what data will sit on both your product server and the PDA, and what data is not in the PDA
- Be ready to declare any conditions imposed on a PDA owner for reuse and resharing of the data you place in his/her database.
- If you collect sensitive data, be ready to declare your data conduct in terms of collection, storage, usage, processing and sharing.
- If you are requesting for other namespace data (e.g. calendar or FB), be ready to answer questions on duration, purpose and what specific data is required.
- Ensure that your app meets the consumer law requirements of all applicable laws in any jurisdiction that you intend to offer your services.
- If you are sharing PDA data with third parties, ensure you will get the owner's consent. The platform will not cover any legal agreement outside of what your app is doing with the PDA owner's data in the PDA.
- Ensure that the provision of essential goods or service is not dependent on your app as this would impact on your uer's acceptance of the data contract? (housing, food & medicine)
- Ensure that no other service contingent on the acceptance of this data contract of the PDA owner's data usage by your app
- Ensure that your app will not result in any prejudice or harm to the PDA owner. Get a PIA and DPIA (Privacy Impact Assessment and Data Protection Impact Assessment) done if in doubt.
- Ensure that your app and the data contract do not propose any specific or general risk
- Ensure you have all your app information (submitted within the developers portal). You won't be able to pass review if they are not included in the submission.
- Ensure that you have a set of login credentials so that the review team can go through the entire user journey of the app. The list of information needed is available within the developer's portal
If you need other features for the PDAs (children PDAs, elderly PDAs or special PDAs for health sector), please check with Dataswift support team. Our policy is that no new features will be enabled or worked on unless the first version of the application has gone live and have live users. All the best for your app!