Iubenda logo
Start generating

Documentation

Table of Contents

Privacy Policy for iOS and macOS Apps

Since the release of iOS 8, Apple has implemented many requirements that need to be met in order to avoid having your app application rejected. One of the major requirements (that often results in Apps being rejected where conditions are not met) is that of data privacy.

Data privacy is more important than ever across various companies and platforms; with major fines and sanctions being handed down for non-compliance, companies are paying attention – and Apple is no exception: Apple’s App Store Review Guidelines have been updated to better accommodate recent changes in Data Protection Law.

From October 3, 2018 App Store Connect requires a privacy policy for all new apps and app updates before they can be submitted for distribution on the App Store or through TestFlight external testing.

From October 3, 2018 App Store Connect requires a privacy policy for all new apps and app updates.

Article 5.1 of Apple’s App Store Review Guidelines provides an overview of Apple’s privacy guidelines (and grounds for rejection where these conditions are not met). Article 5.1.1 on Data Collection and Storage further specifies as follows:

5.1.1(i) Privacy Policies: All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:

  • Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
  • Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third-party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data — will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.
  • Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.

In addition, your app’s privacy policy link or text will only be editable when you submit a new version of your app. Read the App Store’s privacy clause here.

Starting with iOS 14.5, new requirements will go into effect, that will make data collection and processing more transparent for users. You must:

  • Answer privacy questions in App Store Connect, to explain how you handle users’ data and which third-parties are involved. This will provide users with relevant information on:
    • the types of data you or third-party partners collect, unless the data meets all the criteria for optional disclosure;
    • how their data may be used;
    • your privacy policy.
  • Use the AppTrackingTransparency framework to obtain the users’ permission to track them or to access their device’s advertising identifier. The AppTrackingTransparency framework will:
    • Present an app-tracking authorization request to the user: the prompt contains a purpose string that explains why you’d like to track the user.
    • Provide the tracking authorization status. Unless you receive permission from the user to enable tracking, the device’s advertising identifier value will be all zeros (meaning that you cannot not track the user).

Privacy policy requirements for iOS/macOS apps

A lot of people ask for sample privacy policies for apps. The exact required contents of a privacy policy depend upon the applicable law and may need to address requirements across geographical boundaries and legal jurisdictions.

For this reason, it’s always advisable that you approach your (legally mandated) privacy policy with the strictest applicable regulations in mind. You can read more about determining your law of reference here or read our in-depth Legal Overview Guide here.

Let’s start with the legal minimum requirements. These are the most basic elements that a privacy policy should have:

  • Who is the app owner?
  • What data is being collected? How is that data being collected?
  • What is the Legal basis for the collection? (e.g consent, necessary for your service, legal obligation etc.) – This is more specifically related to the GDPR and EU Law, however, even if you fall outside of GDPR obligations, it’s likely that under many other legislations, you’ll still need to say why you’re processing the personal data of users.
  • For which specific purposes are the data collected? Analytics? Email Marketing?
  • Which third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook Connect)?
  • What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data? (under European regulations most of this is mandatory)
  • Description of process for notifying users and visitors of changes or updates to the privacy policy
  • Effective date of the privacy policy

Example privacy policy for iOS/macOS apps

Here’s an example of privacy policy for an iOS app, created with our generator.

Terms and Conditions for Mobile Apps

Terms and Conditions (also called ToS – Terms of Service, Terms of Use or EULA – End User License Agreement) set the way in which your product, service or content may be used, in a legally binding way. Not only are crucial for protecting you from potential liabilities, but (especially in cases where something is being sold to consumers) they often contain legally mandated information such as users’ rights, withdrawal or cancellation disclosures.

In general, you’ll likely need to set Terms and Conditions if you have an app that participates in some form of commerce (whether selling to users directly or facilitating trading). Additionally, some specific instances where they might be needed are where you:

  • need to make legally required disclosures related to consumer rights (especially withdrawal and cancellation rights);
  • have different user levels (eg. registered vs non-registered);
  • your platform allows users to sell or trade with other users;
  • facilitate or otherwise process payments and/or other sensitive user data;
  • want to set the rules for user behavior and state grounds for termination of accounts;
  • participate in affiliate programs;
  • provide a software or service which can potentially cause harm if misused;
  • would like to have some legally enforceable control over, and set rules about, how your app may be used.

Particular emphasis should be given to account termination clauses, payment conditions and the limitation of liability clauses (and disclaimers).


Our Term and Conditions Generator helps you to easily generate and manage documents that are engineered to meet the specific requirements of all major app stores and up to date with the main international legislations.

How to add a privacy policy to your iOS/macOS app

iubenda makes solving this issue easy: With hundreds of available clauses, our privacy policies contain all elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.

Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.

The process is straightforward and intuitive, simply:

  1. click to add your services;
  2. fill out your web/app owner and contact details;
  3. embed.

Click here to read the full guide on how to generate a Privacy Policy.

1. Add your services

  • If you use Twitter or other auth (=OAuth) services for user management, then add the respective service by clicking “Add a service” then start typing the name of the service you’d like to add. Remember to include all services processing personal information. If you handling user registration yourself, don’t forget to add the “Direct Registration” service.
  • Select each applicable service from the list of suggestions that show up and customize by simply adding the specific types of personal data you collect. Our lawyer-crafted clauses automatically include the relevant user-rights disclosures and service definitions based on your input here.
  • If you’d like to add a custom service clause, simply click the “Create custom service” button and fill out the built-in form.
How to create a custom service

2. Fill out your app owner and contact details

Enter:

  • name and full address;
  • email address.

Congratulations! Your policy has been created. Simply check that all the details are correct, then embed.

3. Embed

As we said above, you have to include a link to your privacy policy within the app and in the App Store Connect metadata field.

Within the app

For apps, the direct link or direct text embedding methods are best. Apple specifically requires “a link” to the privacy policy, so the direct link method is sufficient in meeting Apples’s requirements, however if your app processes user data while offline, be sure to provide users with an in-app offline method of accessing the privacy policy in order to be legally compliant.

Whichever embed method you choose, remember that you’re required to choose a location that is easily accessible and visible to users.

App Store Connect metadata field

When your app is ready, you have 2 options to choose from: you can either beta test it by using TestFlight or submit it for review. In both cases – in addition to the app’s internal link – you’ll have to include a link to your privacy policy in the App Store Connect metadata field. Here’s how to meet this requirement:

TestFlight Beta Testing

In App Store Connect, under “My Apps > TestFlight”, you will find “Test Information”, among which you will also find the privacy policy URL. Fill in the url for the translated privacy policy for each language that your app is translated into (iubenda offers 9 privacy policy languages out of the box):

App Store Connect / TestFlight Beta Testing - Privacy Policy URL
App submission

In App Store Connect, under “My Apps > App Store”, you will find “App Information”, among which you will also find the privacy policy URL. As mentioned above, fill in a privacy policy URL for each language that your app is translated into:

App Store Connect - Privacy Policy URL

Once your application is approved, you will find your privacy policy linked under “Information” on the Application landing page that App Store generates for you:

Learnji on the App Store - Privacy Policy link

Create a privacy policy for your iOS/macOS app

Start generating

See also