LaunchTrust
Log inStart trial

Detector registry

Google Play Data Safety Form Detection on Your Listing

Detect whether your Play listing shows a privacy policy and Data safety section before submitting. See what Google expects and how to fix gaps.

Updated 2026-06-19google play data safety formSignals, not a verdict
Run free scanStart trial

Every app on Google Play has to complete the Data safety form, and the answers you give there get rendered straight onto your public store listing as the "Data safety" section. Alongside it, Google expects a reachable privacy policy link. For a solo developer or small studio shipping a Play release, these are exactly the kind of details that quietly hold up a review or get flagged after launch when the listing and your declared data practices do not line up.

LaunchTrust passively fetches your public Play listing by package id and reports whether two expected signals are present: a privacy-policy reference and a Data safety section. It does not read your form answers, judge whether they are accurate, or decide whether your data practices satisfy any law. It only tells you whether the markers a reviewer would expect to see are actually showing up on the live page.

What LaunchTrust checks

This detector (play_listing) takes the package id on file for your mobile app and fetches your public listing from play.google.com/store/apps/details?id=<package> with an English language hint. It then inspects the returned HTML for two case-insensitive markers — the phrase "privacy policy" and the phrase "data safety" — and reports one of these outcomes:

  • Detected: Both markers are present in the fetched HTML. The listing shows a privacy-policy reference and a Data safety section. This is the signal you want: the page carries the elements Google surfaces from a completed Data safety form plus your policy link.
  • Unable to determine: Anything short of a confident positive. This covers several real cases — no package id on file, a 404 (no listing found for that package id), any non-OK HTTP response, an error during the fetch, or a partial read where the scanner could see the page but could not positively confirm both phrases.

This is a positive signal: the thing you want is for it to be present. Notice there is deliberately no hard "not detected" result here. Google Play markup is heavily localized and largely rendered by JavaScript, so a single server-side read can easily miss text that a browser would render. Rather than risk a false alarm that says your Data safety section is missing when it is really just rendered client-side, the detector returns "unable to determine" and tells you to re-check manually. All outcomes are reported at informational severity — this check flags a thing to confirm, not a defect to panic over.

Why it matters

The two markers this detector looks for map to concrete Google Play expectations:

  • Google Play Data safety: Google requires every developer to complete the Data safety form declaring what data the app collects and shares, how it is handled, and your security practices. Those answers are published in the Data safety section of your listing. An incomplete or unsubmitted form is a common pre-launch blocker, and declarations that contradict your app's actual behavior can lead to enforcement after the fact.
  • Privacy policy link: Google Play generally expects a privacy policy, set in the Play Console and reflected on the listing, particularly where your app handles personal or sensitive user data. It ties directly into the Data safety declarations.
  • GDPR: Where you process personal data of people in the EU, transparency about what you collect and why is a core expectation. A clear, accessible privacy policy is the usual way that information is surfaced, and your Data safety answers should be consistent with it.

These are commonly expected practices, not a guarantee that any particular form answer or policy satisfies the law. The detector's job is narrow and useful: confirm the live listing actually carries these signals before a reviewer — or a user — goes looking.

A concrete example

When the detector reads your listing, a confident positive means both phrases appear in the markup, roughly like this:

<!-- public Play listing markup (simplified) -->
<a href="https://yourapp.example/privacy">Privacy Policy</a>
...
<section aria-label="Data safety">Data safety</section>

With both "privacy policy" and "data safety" present, the result is detected. If your listing is brand new, the package id is mistyped, or the Data safety text only paints in after the page's JavaScript runs, the scanner may see neither phrase on the raw HTML and return unable to determine — which is a prompt to verify in a browser and in the Play Console, not a claim that the section is absent.

How to address it

  1. Complete the Data safety form in the Play Console. Answer every section — data collected, data shared, handling and security practices, and deletion options — based on what your app actually does, including any third-party SDKs that send data off the device.
  2. Set a reachable privacy policy URL in the Play Console listing, pointing to a stable, live page that matches your Data safety answers. Confirm it resolves with no 404 or redirect loop.
  3. Publish or update the listing so the Data safety section and policy link are live on the public page, then open the listing in a normal browser to confirm both appear.
  4. Check the package id on file in LaunchTrust matches your real Play package name exactly — a wrong or unpublished id is a frequent cause of an "unable to determine" result.
  5. Re-scan, and if it stays "unable to determine," verify manually. Because the listing is localized and JS-rendered, treat that outcome as "confirm in a browser," not as evidence of a gap.

Check this in 30 seconds

Run your app through the free LaunchTrust scanner. It fetches your live Play listing by package id and tells you immediately whether the privacy-policy reference and Data safety section are showing up, so you can catch a missing section or a wrong package id before review. Pair it with the privacy policy check and the App Store privacy check to cover both stores, and walk the full Google Play Data safety checklist when you fill out the form.

FAQ

Does this check confirm my app meets Google Play requirements? No — it surfaces a signal, not a verdict. The detector only reports whether the words "privacy policy" and "data safety" appear on your fetched listing. It does not read your form answers, verify they are accurate, or confirm your data practices satisfy Google's policies or GDPR. It is a compliance aid, not legal advice or certification.

Why does it never say "not detected"? Google Play listings are localized and rendered largely with JavaScript, so a single server-side read can miss text a browser would show. To avoid falsely claiming your Data safety section is missing, the detector returns "unable to determine" instead of a hard negative, and asks you to re-check manually.

The scan says "unable to determine" but my listing looks complete. What now? That is expected behavior, not a failure. Confirm the package id on file matches your published app, open the listing in a browser to see the Data safety section and policy link, and verify the form is submitted in the Play Console. The scanner is conservative on purpose.

Does the detector check whether my Data safety answers are correct? No. It only confirms the section and a policy reference appear on the page. Whether your declarations match what the app actually collects and shares is on you — see the account data deletion check and the GDPR checklist for indie apps for related practices.

Compliance aid, not legal advice. LaunchTrust reports signals, not a verdict or certification.