Privacy policy clauses for Expo AV
Expo AV is a media library integrated into Expo apps that enables audio and video playback and recording functionality. Websites and applications use it to deliver multimedia content and capture user-generated audio or video data.
Free scan · No signup · Results in 60 seconds
What data Expo AV collects
Your privacy policy must disclose each of the following data types when you use Expo AV.
When does Expo AV trigger privacy obligations?
Installation triggers immediate obligations
Adding Expo AV to your Expo app initiates data collection the moment a user grants microphone permission and begins recording audio, or when playback analytics are enabled. This is not passive—recorded audio is actively transmitted to Expo (650 Industries) in the United States for processing.
### GDPR (if users are in EU/EEA)
If any user is in the EU, GDPR Article 6 requires a lawful basis for processing audio recordings. Article 13 or 14 requires you to provide a privacy notice *before* collection. Article 28 requires a Data Processing Agreement (DPA) with Expo since they are a processor. The act of recording audio is high-risk personal data under GDPR Article 9 (special category), requiring explicit consent unless another lawful basis applies.
### CCPA (if users are in California)
CCPA Section 1798.100 grants users the right to know what personal information is collected. Audio recordings qualify as personal information under CCPA Section 1798.140(o). You must disclose that Expo is a service provider and provide an opt-out mechanism if applicable.
### First concrete step
Before users can record: (1) obtain a signed DPA with Expo covering audio data processing; (2) update your privacy policy to disclose audio recording, Expo's role, and data retention; (3) implement consent UI that explains what will be recorded and where it flows.
