Since the release of iOS 8, Apple has implemented many requirements that need to be met in order to avoid having your app application rejected. One of the major requirements (that often results in Apps being rejected where conditions are not met) is that of data privacy.
Data privacy is more important than ever across various companies and platforms; with major fines and sanctions being handed down for non-compliance, companies are paying attention – and Apple is no exception: Apple’s App Store Review Guidelines have been updated to better accommodate recent changes in Data Protection Law.
Article 5.1 of Apple’s App Store Review Guidelines provides an overview of Apple’s privacy guidelines (and grounds for rejection where these conditions are not met). Article 5.1.1 on Data Collection and Storage further specifies as follows:
- Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
- Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.
- Who is the app owner?
- What data is being collected? How is that data being collected?
- What is the Legal basis for the collection? (e.g consent, necessary for your service, legal obligation etc.) – This is more specifically related to the GDPR and EU Law, however, even if you fall outside of GDPR obligations, it’s likely that under many other legislations, you’ll still need to say why you’re processing the personal data of users.
- For which specific purposes are the data collected? Analytics? Email Marketing?
- Which third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook Connect)?
- What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data? (under European regulations most of this is mandatory)
How you can meet these requirements
iubenda makes solving this issue easy: With hundreds of available clauses, our privacy policies contain all elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.
Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.
The process is straightforward and intuitive, simply:
- click to add your services;
- fill out your web/app owner and contact details;
1. Add your services
- If you use Twitter or other auth (=OAuth) services for user management, then add the respective service by clicking “Add a service” then start typing the name of the service you’d like to add. Remember to include all services processing personal information. If you handling user registration yourself, don’t forget to add the “Direct Registration” service.
Select each applicable service from the list of suggestions that show up and customize by simply adding the specific types of personal data you collect. Our lawyer-crafted clauses automatically include the relevant user-rights disclosures and service definitions based on your input here.
If you’d like to add a custom service clause, simply click the “Create custom service” button and fill out the built-in form.
2. Fill out your app owner and contact details
- name and full address;
- email address.
Congratulations! Your policy has been created. Simply check that all the details are correct, then embed.
Within the app
Whichever embed method you choose, remember that you’re required to choose a location that is easily accessible and visible to users.
App Store Connect metadata field
TestFlight Beta Testing