Users will hand over a lot of data to an application, sometimes without even noticing that’s what they’re doing. Unless you’re working with a particularly savvy group of users, the only time your users will pay attention to what information they’ve provided is when something goes wrong. You have to make the decisions to protect them and minimize those problems ahead of time — a smooth experience means that you can land and keep more users.
As Little as Possible
When you’re considering what information to ask your users for in the first place, and what you need to save, there is a simple rule to stick to: ask for as little as possible. It’s tempting to ask for a lot of data; after all, you can do all sorts of analysis and use it to help you land even more customers. But the reality is that you usually don’t need all that much information for an app to actually work. Since you can’t really predict when you’ll get around to that big analysis project, why ask for data you don’t need yet? You can always get some of it with a customer survey later on, plus perhaps some more useful information.
Go through what fields you’re considering asking your users to fill out when they sign up. Eliminate everything you can — it’s not a bad option if you’re only asking for an email address and a password. Heck, you might not even need that. The same goes for what information you’re collecting that your users might generate. It’s much harder for a security vulnerability to expose information that wasn’t actually saved.
Dealing with Financial Information
Financial details, like credit card numbers, are in a class of their own when it comes to keeping them secure — there’s so much more incentive for someone to try to get ahold of such information. If you’re selling something, you’re going to have to accept payments in some fashion. In general, it’s a good idea to make credit card numbers and other financial data someone else’s problem.
Handing the issue over to a payment processor that has already invested their resources into safeguarding payment information will make your life easier, but it can also make you appear more trustworthy to your users, especially if they recognize the payment processor you’ve chosen.
Your Legal Obligations
Just what your legal situation is when it comes to storing data about your users depends greatly both on where you’re based and where your users are based. In the U.S, for instance, there are laws specifically governing what information you can store about minors, particularly those under the age of 13, as well as about financial and medical data. Do your research so that you don’t have to deal with a legal problem right off the bat.
Security and privacy issues are only going to get more press in the future, so invest whatever you need to make sure that you’re saving user information correctly and safely.
Image by Flickr user Daniil Vasiliev