Is it necessary to include a privacy list? We already have a privacy agreement, what do we need to do to sign third-party SDKs?