Before you can publish your app to the App Store, you must transparently declare exactly how you handle user data.
Apple introduced "Privacy Nutrition Labels" to give users a simple, at-a-glance summary of an app's privacy practices before they even download it.
Navigating this process accurately is a strict requirement for App Store approval.
First and foremost, you absolutely must have a valid Privacy Policy hosted on a publicly accessible website.
You will paste this URL into App Store Connect when submitting your app.
The policy must clearly state what data you collect, how it is stored, how long it is kept, and who you share it with.
In App Store Connect, you will be asked a series of questions regarding data collection.
"Collection" means transmitting data off the device in a way that allows you (or third-party partners) to access it for longer than what is necessary to immediately service a request.
You must declare whether you collect:
For every piece of data you collect, you must declare whether it is "Linked to the User."
If you collect crash logs anonymously, it is not linked.
However, if you collect crash logs and attach a specific User ID or Email Address to that log so you can identify the exact person, you must declare that the data is linked to them.
You must also disclose if the data is used to "Track" the user.
Tracking specifically refers to linking data collected from your app with data collected from other companies' apps or websites for targeted advertising.
If you declare that you track users, you are legally required by Apple to implement the App Tracking Transparency (ATT) framework prompt.
import AppTrackingTransparencyfunc requestTracking() { // This triggers the infamous "Ask App Not to Track" prompt ATTrackingManager.requestTrackingAuthorization { status in if status == .authorized { print("User allowed tracking for targeted ads.") } else { print("Tracking denied. You must respect this choice.") } } }
If your app analyzes photos using Machine Learning, but the analysis happens entirely on the iPhone's processor and the data never leaves the device, this is not considered data collection.
Apple highly encourages on-device processing to maximize user privacy!
If your app analyzes a user's location, but the data never leaves their physical iPhone, do you have to declare "Location Data Collection" on the App Store?