If you read tech news, you undoubtedly heard about the privacy fiasco involving Path and the revelation that the app was collecting and storing address data from iPhones—unbeknownst to the users. Morgan Reed, the executive director of the Association for Competitive Technology, talked with Innov8rs Network and tells what happened, and what lessons app developers can learn from Path’s story.

Here’s the deal: Path, a social networking app, was taking data from address books on iOS devices and not telling customers how or what was being collected, or how that information was being used.

This resulted in news stories and blog posts labeling Path as some sort of privacy scofflaws when, in fact, what they were doing isn’t unique and the method wasn’t particularly invasive. Other apps collect similar data in “find your friends” features, but the problem here is that Path made an assumption about customers’ knowledge and behavior—if you’re finding my friends for me, you’ve got to be getting that information from somewhere–and I think we all know the old adage about what happens when you assume.

The issue, as Reed points out, is that’s an assumption that a designer makes and not one that a consumer makes. So what’s the lesson here for designers and developers?

1. You own the relationship between your app and your customer. Be transparent with your customers. Have a clear, accessible privacy policy letting them know if/how your app collects data from them, and how that data is used. Don’t assume that they know.

2. Every time you update the app, review that policy and make sure it’s still applicable.  This is especially important for app developers who are not writing code themselves. Put the changes on your website, on your listing in the store(s) and have a pop-up on the app telling consumers about any changes. An informed customer is the best kind, and generally not a problem.

3. In the apps economy, you’ll often be putting together many disparate parts to make something great. If there are third parties involved in your apps, be sure that you know what information is being shared or collected by those SDKs or APIs.