I am not sure that this is a right place to ask. But this question is definitely associated with coding.
I want to collect user location, device (model), and device OS information. To do this, I know I need user consent (e.g., privacy police and Terms of Use). The consent documents are on the VC for sign up. But before user click the agreement for collecting this information, the VC already collects the information. Then user clicks the "sign up" button, this information is stored on FireStore. User can't sign up without agreeing with the privacy police and Terms of Use. I know after the agreement I am ok with storing and using the information but even I collect this information before user agrees them. Is it ok?
Thanks,
Thank you for sharing your question. It seems to be a slightly complicated doubt to solve. I explain on next paragraphs my point of view about the topic.
First of all, users should have the opportunity to explicitly state their agreement or opposition to this data collection before starting to collect it.
You should know what kind of data you are collecting and whether it is directly related to the user, and how you process this data and where. You need to know GDPR if you are getting data about the user or something related.
If you do not want to have any doubts, it presents a modal with for example verification buttons or switches to collect only the data that the user wants. For example, a modifier that shows that it uses analytics to improve application performance or for the purpose of collecting location, device model, or other data (data that it processes and analyzes on a backend or storage in a database). If the data only serves a functionality purpose, for example, to collect the location to display a route, but does not store or process this data on a backend, a system alert is normally fine to get explicit consent from the user.
It's recommended to display the terms and conditions of acceptance on the first screen at the first launch.
The user must have the opportunity to delete this agreement, the server data that is directly related to it, or delete his account.
This should be fine with a request, which could be done from the app or email address according to the law of the country that is selling the app.
In your case, I assume you want to collect data for analysis and have a location permission. First it needs to be resolved with a permission modal view and second with a dedicated system alert for this.