Documentation index

Guide ›

Privacy Policy for iOS Apps


Welcome. This post answers the question how and why you should add a privacy policy to your iOS app.

privacy policy for iOS Apps and the App Store

Let’s say you want to include a privacy policy into your iOS application: what do you need to do?

In Short

1) Do I have to include a privacy policy in my iOS app?

  1. Well, that depends on what the app is doing. But consider the fact, that you can never be wrong including a link or a full page view of your privacy policy. It is however very likely that you are required by law to include a privacy policy into your iOS application. Easy CHECK: Am I collecting/storing/sharing personal information like email, names or sensitive data like payments info or using a third party service that accesses my info?
  2. You are likely using a third party service in your app that requires you to add a privacy policy to your app. Additionally to a legal requirement it is often an additional prerequisite to use a specific service. Check in your service provider’s terms. A very popular third party service that requires you to post a privacy policy in their TOS is Google Analytics (they also have a mobile solution).

2) Am I required by Apple’s App Store to post a privacy policy?

iTunes Connect privacy policy requirements 

You could post an app to the store that is non-compliant with privacy laws. However since WWDC 16, there has been a lot of change and general consolidation in Apple’s App Store Review Guidelines. You can now find all the relevant information regarding privacy policies in section 5.1. It will tell you when you are indeed required to add a privacy policy:

  • (i) Apps that collect user data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologies, HomeKit, Keyboard extensions, Apple Pay, include a login, or access user data from the device (e.g. location, contacts, calendar, etc.). – (from 5.1.1)
  • iOS 11 adds new requirements “apps that utilize ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information,” to the list of apps that are required to offer a privacy policy.
  • Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must include a privacy policy and must comply with all applicable children’s privacy statutes. For the sake of clarity, the parental gate requirement for the Kid’s Category is generally not the same as securing parental consent to collect personal data under these privacy statutes. – (from 5.1.4)

Now, Apple got very good at making these rules very clear.

3) How do I add/edit my privacy policy on the App Store?

privacy policy iTunes Connect

This section is for the link to your privacy policy on the App Store and not in the actual app. There is a link form for privacy policy URLs when you submit your app for review. Fill that in.

In iTunes Connect, under “My Apps”, you will find “Localisable Information”, among which you will also find the privacy policy URL. Fill in a privacy policy for each language that your app is translated into (iubenda offers 8 privacy policy languages out of the box at the moment)

When you visit the app page that the store generates for you, e.g.

https://itunes.apple.com/app/idxXxxXXXetc,

you will not find that privacy policy link (yet). This is only the case however, because Apple decided not to show it there yet, for some reason. You will find the link when opening the app in an iTunes window:

app_store_privacy_policy_link

4) An example privacy policy for iOS apps?

A lot of people ask for sample privacy policies for apps. Let’s start with the legal minimum requirements. A good starting point is the California Online Privacy Protection act (CalOPPA), and even better Europe’s minimum requirements since they are more refined:

CalOPPA minimum requirements:

Provide info about the personally identifiable information (PII) like:

  • a description of the types of PII collected and disclosed by the operator;
  • a description of the process by which a consumer can access and request changes to his or her PII, if available;
  • a description of the process by which the operator will notify consumers of material changes to the privacy policy; and
  • an effective date

EU Privacy Directives minimum requirements:

Provide a readable, understandable and easily accessible privacy policy, which at a minimum informs users about:

  • who you are (identity and contact details),
  • what precise categories of personal data the app wants to collect and process,
  • why the data processing is necessary (for what precise purposes),
  • whether data will be disclosed to third parties (not just a generic but a specific
    description to whom the data will be disclosed),
  • what rights users have, in terms of withdrawal of consent and deletion of data

Here are some helpful docs by authorities about privacy policies.

Helpful docs:

  1. Privacy on the Go
  2. Article 29 Working Group

Our Approach of Generating an iOS Privacy Policy

So here’s where iubenda’s privacy policy generator will come in very handy:

1) Define the services and categories of data collection your app is making use of.

2) Add the services (and categories of data collection like “access to address book”) you are using to your policy and it will generate the full text privacy policy in a condensed easily scannable fashion as well as an entire document your users can read if they want.

3) You can either link to your policy or embed the text into your app.

4) Any additional texts can be added by you manually.

5) Add many other languages for localised versions of your app.

6) Modify and change your privacy policy at any time

Generate your iOS Privacy Policy now

Since we’ve launched our mobile apps privacy policy generator we’ve started to publish guides on how to submit your app to the app stores with a privacy policy. You are reading the guide on the App Store by Apple. 

All our other guides can be found here:

Read this guide also in German “Datenschutzerklärung für iOS Apps


Still have questions?

Visit our support forum Email us