App Start Up Basics: Compliance by Design

The “wild west” of app building is long gone. Emerging privacy laws and rapidly proliferating best-practices make it clear that just updating app notices and policies is not enough. Compliance must be built into the front and back end tech stack and it must be done with technical agility. Compliance demands change frequently. Staying on top of it helps avoid getting flagged by an AV monitor, kicked off an ad platform or being denied access to payment processing services. Any of these events could leave you without customers or the good reputation you are working hard to build up.


It all starts with the app roadmap.

The basic roadmap for apps is a two-fold path involving 1.) Harnessing existing and emerging technology for optimum performance and 2.) Client-side functions that serve business goals and operations. Both must follow their own set of compliances but it is #2 that often attracts the most scrutiny. To run an app business, one must be consistent in communicating value, follow app store and platform practices, meet security and antivirus industry requirements, heed payment processing rules and be fully localized with regard to laws everywhere you do business. Staying “clean” is a critical concern at the roadmap stage of app development and influences many steps of the process.


Doing right by the customer

A key concern in the development of an app roadmap is how customer-side engagement is handled. The linear sales funnel that converts prospects into customers has given way to a flywheel that captures the momentum of a customers’ participation and continually reengages them. This significantly increases the amount of data, money and contractual agreements generated. In fact, apps now represent a major source of consumer financial transactions and data collection. This is one reason why they are a prime target of financial and privacy regulations.


Compliance proliferation

Regulatory bodies and compliance rules are growing daily and it’s not just government. General Data Protection Regulation (GDPR EU) and the California Consumer Privacy Act (CCPA), to name two, are being enforced by Google and Bing Ads. Visa’s new negative option requirements, e.g. free trials that require an upfront credit card, go into effect in March of 2020. Antivirus companies can tag an app for security violations. Payment processors can shut down a transaction. The list goes on.

The kinds of compliances a start-up app faces depends on its type and function as well as how it monetizes. When an app launches, even with the best of intentions, it enters a “great chain of economy” that is a closely connected universe of rules and best-practices with multiple trigger points.

What’s the worst that can happen?

An app is a point of trust within the digital community and with the end user. Non-compliant companies can see their app and their customers disappear overnight from the platform they are doing business on.

Some app companies have been blindsided by violations they were completely unaware of. Even when corrected within days, the impact on income and overhead can be considerable. The key to a sustainable business is predictability of revenue and for that to occur potential external changes must be understood and planned for. Ongoing app compliance is crucial to keeping an app business afloat – even when the game keeps changing. If ignored, a thriving business can disappear quickly.

Violations invariably translate to negative customer and blogger reviews which translate to diminished brand reputation, increase in costs related to customer acquisition, chargebacks and refunds, and many other revenue related metrics.
One example involves a highly respected software brand whose entire account was shut down overnight by a major ad platform without so much as an email warning from the ad platform. And this account was not a small account at several thousand dollars in ad-spend per day, generating a significant percentage of the company’s revenue.

After threemonths of concerted effort to discover the reason for the account shutdown, the software company in question found out that their particular class of software did not meet new requirements the ad platform had published a few weeks before the shutdown . Armed with this new information, the software vendor made the necessary changes and had their account re-instated. The opportunity cost in lost revenue was several million dollars.

How to keep your apps compliant

Because there are so many compliance related aspects to having a successful app business, a group had to evolve to keep out in front of the continual changes occurring in the industry. CleanApps is a non-profit business association founded by company owners who had been hit by unknown new rules that resulted in the shutting down of large ad campaigns, their apps removed from platforms and even the loss of customer data.

CleanApps includes app makers, distributors, marketers and app enablers such as device platforms, ad platforms, payment processors and call centers.

CleanApps 3-Prong Approach


The power of CleanApps is in its three-prong approach.

It is first and foremost a comprehensive repository of information critical to app compliance. Newsletters, blogs, webinars and conferences empower business owners to make effective plans rather than react after the fact. Knowledge is power. Prediction is king.

It is also a vital and growing community of like-minded business owners who share best practices, sound alarms when changes are afoot, and network for new contacts, markets, partners and customers.

As CleanApps is growing in membership, its voice has become stronger in advocacy for reasonable rules and laws governing the whole spectrum of the app business and particularly the app store and ad platform perspectives.

Membership in this group is a vital first step on your app roadmap. Join before you start planning. For more information: