I spoke to Jacob Rogers, who deals with our privacy policy for WMF. Here's the policy I outlined:

• We'd like to give the app developers statistical information about how many calls their app has been making. "Your app EvanTool made 50,000 out of your allowed 100,000 API calls per day."
• We'd also like to have some historical data, so that app developers can see if their API usage is going up or down with time.
• We won't share individual API call information, like date and time, inputs, outputs, etc. with the app developer. This is an aggregate count of total API calls for an app, across all users of that app, for a given time period (a day).
• The app usage information would only be shown to the app developer, not to the public.
• It's sufficient for our requirements to only keep historical API usage information on a rolling 90-day window, and discarding it after 90 days, if needed.

Here was Jacob's reply:

I've taken a look through the info you provided as well as double checking with Security. You're approved to share this information as it's currently presented, we don't see any privacy policy issues and it may even be valuable for you to request a retention period exception to keep the data longer if there's ever a need to prove to someone that they did receive their allotted API calls.

If in future you intend to make the data more granular in some way (e.g., reporting out details of each individual API call in a way that could be used to identify the requester) please send us another request to review that.

I'm going to see what it takes to get a retention period extension, but for now I think we should stick with the 90-day retention.

I dropped the checkbox for collecting and storing the data; that's covered in the API Rate Limiting epic T246269.

@eprodromou Great!

Will we need to communicate this policy to users of the Portal?