1. Introduction

P Mod For Xperia™ | Designed For SONY is a mobile application that provides themes for Sony Xperia devices. Its core function is to customize the visual appearance of the device’s user interface. This privacy policy aims to inform users about the data processing practices of this application and our commitment to user privacy, in compliance with relevant legal frameworks and platform requirements.

This application explicitly states that it does not collect any user personal data. This application operates entirely offline, and its core functionality does not require or use internet connectivity. This means that no information from users, including but not limited to usage data, device identifiers, or personal details, is transmitted from the user’s device to the developer or any third party.

Even though this application does not collect any data, we are still providing this privacy policy because many app stores, including the Google Play Store, require applications to have a privacy policy 1, and it is a good transparent practice to have one even when no data is collected.4 In this case, the primary purpose of the privacy policy is not to address GDPR data processing requirements in the traditional sense, but rather to meet the platform’s mandatory disclosure requirements regarding data practices, even if those practices involve no data collection. This highlights a key distinction between legal requirements for data processing and platform disclosure requirements.

2. Overview of Legal Frameworks

This privacy policy is intended to comply with the following legal frameworks:

• EU General Data Protection Regulation (GDPR): While the GDPR primarily focuses on the processing of personal data of EU residents 7, its principles of transparency and the right to be informed 7 still apply even when no data is collected.
• U.S. Children’s Online Privacy Protection Act (COPPA): This law aims to protect the online privacy of children under the age of 13.13 Even though this application is not targeted at children or does not collect their personal data, addressing this regulation is still important.
• Google Play Store Policy: Google requires all applications to provide a privacy policy that discloses how user data is handled.1 This includes explicitly stating if no data is collected.

These three frameworks have different triggers and requirements. GDPR focuses on the processing of personal data of EU residents, COPPA focuses on the collection of personal information from children under 13, and the Google Play Store focuses on the disclosure of data handling for all applications published on its platform. This privacy policy needs to cover all three aspects, even if its core message is the absence of data collection.

3. GDPR Compliance for Applications Not Collecting Data

Even without directly collecting data, GDPR is still relevant for the following reasons:

The GDPR applies to businesses that offer goods or services to EU residents, regardless of whether the business is located within the EU.4 If this application is offered on the Google Play Store and is accessible to EU residents, the principles of GDPR apply. The core principle of GDPR is the protection of personal data of individuals within the EU.7 “Personal data” is broadly defined as any information relating to an identified or identifiable natural person.5 While this application does not collect personal data, being transparent about this fact is still a requirement under GDPR’s right to be informed.9 Even if this application does not “process” personal data in the traditional sense (collect, use, store, share), GDPR’s emphasis on transparency means that EU users have the right to know this. This demonstrates that compliance is not just about what you do with data, but also about what you don’t do and clearly communicating that.

Article 13 of the GDPR outlines the information that data controllers must provide to data subjects when personal data is collected from them.23 This includes the controller’s identity and contact details, the purposes of the processing, the legal basis for the processing, the recipients of the data, the data retention period, and the rights of the data subject.9 When no personal data is processed, Article 13 needs to be addressed in the following way:

• Identity and Contact Details: The privacy policy must clearly state the identity and contact information of the application developer (as requested by the user).10
• Purposes and Legal Basis for Processing: The policy should clearly state that this application does not process any personal data. Its “purpose” is to provide theme functionality offline, and the “legal basis” for not processing personal data is simply that no such data is collected.23
• Recipients of the Data: The policy should state that since no personal data is collected, it is not shared with any third parties.10
• Data Retention Period: Since no personal data is collected, there is no need to specify a retention period. The policy should clearly state this.10
• Rights of Data Subjects: The policy should mention the rights of data subjects under GDPR (access, rectification, erasure, restriction of processing, data portability, objection) 7, but explain that these rights are not applicable as this application does not collect or process any personal data. However, acknowledging these rights shows an understanding of GDPR.2
• Right to Lodge a Complaint with a Supervisory Authority: Inform users of their right to lodge a complaint with a supervisory authority.10
• Whether the Provision of Personal Data is a Statutory or Contractual Requirement: State that the use of this application does not involve the provision of any personal data.23
• Existence of Automated Decision-Making, Including Profiling: State that this application does not engage in any automated decision-making or profiling because it does not collect or process personal data.9

Addressing Article 13 in the absence of data collection requires a shift in perspective. Instead of detailing how personal data is processed, the policy explains that no personal data is processed, and therefore many standard Article 13 requirements are not applicable. This demonstrates a nuanced understanding of GDPR requirements.

Clearly and concisely stating in the privacy policy that no data is collected, even if not directly required, builds trust with users.4 Users expect transparency regarding data handling.1 Transparency is not just a legal obligation; it is a key element of user trust and confidence in an application, especially in an era of increasing privacy awareness. Explicitly stating the absence of data collection can be a positive differentiator.

4. COPPA Compliance for Applications Potentially Used by Children

COPPA applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 years of age that collect, use, or disclose personal information from children.13 It also applies to general audience apps that have actual knowledge that they are collecting personal information from children under 13.14 Under COPPA, “personal information” is defined very broadly and includes: name, home address or email address, telephone number, Social Security number, geolocation data, photos, videos, or audio of the child, any unique device identifier or IP address.14 COPPA’s broad definition of personal information means that even seemingly innocuous data points could fall under its scope if collected from children. However, as this application is offline and does not collect any data, these triggers are avoided. The key is to clearly state this in the privacy policy.

Applications that may target children or knowingly collect data from them typically need to:

• Post a clear and comprehensive privacy policy.13
• Provide direct notice to parents and obtain verifiable parental consent before collecting personal information.13
• Give parents the right to review, delete, and manage their child’s personal information.13
• Implement reasonable procedures to protect the confidentiality, security, and integrity of the collected information.13
• Retain personal information only for as long as is reasonably necessary.13

These requirements highlight the extensive obligations for applications that collect children’s data. Since this application does not collect any such data, the focus of the privacy policy will be to clearly state this fact to address potential COPPA concerns.

When an application does not collect any personal data, the approach to addressing COPPA requirements should emphasize the commitment to children’s privacy:

• Explicitly state in the privacy policy that this application does not knowingly collect any personal information from children under the age of 13.43
• Even though no data is collected, it is prudent to mention that if the developer becomes aware that personal information from a child under 13 has been inadvertently collected, steps will be taken to promptly delete it.43
• Reiterate that this application is purely offline and does not transmit any data from the user’s device, thus inherently protecting children’s privacy by not collecting their personal information.
• Consider including a statement that the application is designed for a general audience, and while children may use it, it does not actively target them or collect their personal information.

Addressing COPPA even in the absence of data collection demonstrates due diligence. By clearly stating that no children’s data is collected and the offline nature of the application, the policy proactively addresses potential concerns from parents and regulatory bodies.

5. Google Play Store Privacy Policy Requirements

The Google Play Store policy requires all applications to have a privacy policy, which must be posted in the Play Console and preferably also within the application itself.1 This requirement applies even to applications that do not collect any personal user data.1 The privacy policy must be available through a valid URL (not a PDF), be non-editable, and specifically cover user privacy.1 Google’s requirement for all apps to have a privacy policy underscores the platform’s commitment to user transparency, regardless of the application’s data handling practices. This makes having a clear “no data collection” policy crucial for listing an application.

Developers need to complete a Data safety form in the Play Console, declaring how their application collects, uses, and shares user data.3 Even if the application does not collect any data, this must be stated in the form.21 The information provided in the privacy policy should be consistent with the declarations in the Data safety form to avoid policy violations.22 The Data safety form is a key part of Google Play’s transparency efforts. Accurately stating “no data collected” in both the form and the privacy policy is essential for compliance and user trust. Any discrepancies could lead to the application being rejected or suspended.

If an application’s target audience includes children, it must comply with Google Play’s Families Policy requirements.20 This includes using only Families Self-Certified Ads SDKs if the application shows ads to children (this application is offline and does not show ads, so it is not applicable).20 Even if an application is not exclusively targeted at children but might appeal to them, Google may review the app store listing to ensure it does not unintentionally attract younger audiences in a way that suggests it is primarily directed at them.51 Given the theme of this application, it is important to ensure that the app store listing and any associated marketing materials do not primarily target children under 13, unless the application is specifically designed for them and complies with all Families Policy requirements (including obtaining parental consent if any data is collected). Since no data is collected, the focus should be on accurately representing the intended audience of the application. While this application does not collect data, its theme might contain visual elements that could appeal to children. It is important to consider Google’s Families Policy and ensure that the application’s listing and marketing clearly indicate its intended audience (likely a general audience or specifically Xperia phone users) and avoid any unintentional targeting of young children that could trigger more stringent requirements.

6. Draft Privacy Policy for P Mod For Xperia™ | Designed For SONY

Introduction

Welcome to P Mod For Xperia™ | Designed For SONY. This privacy policy describes how we handle any information related to this application. This application is provided by [Developer Name] and is a theme application for Sony Xperia devices. We value your privacy. Please read this privacy policy carefully.

Information Collection

We do not collect any personal information from you when you use P Mod For Xperia™ | Designed For SONY. This application operates entirely offline, and its core functionality does not require or use internet connectivity.

“Personal information” includes any information relating to an identified or identifiable natural person, such as name, address, contact details, device identifiers, etc. We emphasize that this application does not collect any such information.

Information Use

Since we do not collect any personal information, we do not use your personal information for any purpose.

Data Sharing

We do not share any personal information with any third parties because we do not collect any personal information.

Children’s Privacy

P Mod For Xperia™ | Designed For SONY is a general audience application. We do not knowingly collect any personal information from children under the age of 13. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us at the email address provided below, and we will take steps to delete any such information if we become aware of it. However, as this application does not collect any user data, this scenario is highly unlikely.

Contact Us

If you have any questions about this privacy policy, please contact us at the following email address: google[at>@]hee.ink.

Updates to This Privacy Policy

We may update this privacy policy from time to time. You are advised to review this policy periodically for any changes. The effective date of this policy is April 15 2025.

7. Conclusion

In conclusion, P Mod For Xperia™ | Designed For SONY is a mobile theme application that respects user privacy by not collecting any personal data and operating entirely offline. The developer is committed to ensuring transparency and complying with GDPR, COPPA, and Google Play Store policies by providing a clear and concise privacy policy that reiterates this commitment to user privacy and compliance.