Privacy Policy for iOS Apps

If you have an iOS app it's essential that your app has a Privacy Policy. This is a requirement from Apple as well as from numerous privacy laws across the world. Let's take a look at this requirement and learn how to satisfy both Apple and the laws your app may have to comply with.

Apple Requirements for a Privacy Policy

Apple has issued a set of guidelines that detail the privacy requirements of an iOS App.

Firstly, the guidelines state that all apps must have a Privacy Policy.

Let's break down exactly what the guidelines require and how to comply.

Data Collection and Storage

The developer must include an easily accessible link to their Privacy Policy both within the app itself and within App Store.

5.1.1 Data Collection and Storage
(i) Privacy Policies: All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:

• Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
• Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) -- such as analytics tools, advertising networks and third-party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data -- will provide the same or equal protection of user data as stated in the app's privacy policy and required by these Guidelines.
• Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user's data.

Your app's Privacy Policy must advise users:

• What data is collected
• How long personal information is stored
• Who the data is shared with (including analytics tools such as Google analytics)
• What rights users have over their data (such as deletion of data)

Permission

The guidelines state that your app must get consent from users before collecting their data:

(ii) Permission Apps that collect user or usage data must secure user consent for the collection, even if such data is considered to be anonymous at the time of or immediately following collection. Paid functionality must not be dependent on or require a user to grant access to this data. Apps must also provide the customer with an easily accessible and understandable way to withdraw consent. Ensure your purpose strings clearly and completely describe your use of the data. Apps that collect data for a legitimate interest without consent by relying on the terms of the European Union's General Data Protection Regulation ("GDPR") or similar statute must comply with all terms of that law. Learn more about Requesting Permission.

Minimization

There is also a section about not collecting or using personal data unnecessarily. The only data your app should collect is data it needs to function properly and accomplish relevant tasks:

(iii) Data Minimization: Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task. Where possible, use the out-of-process picker or a share sheet rather than requesting full access to protected resources like Photos or Contacts.

Access

The access part of the guidelines make it clear that apps must never try to manipulate or force users to consent to unnecessary data collection. Apple provides an example of manipulation in the following clause:

(iv) Access Apps must respect the user's permission settings and not attempt to manipulate, trick, or force people to consent to unnecessary data access. For example, apps that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos. Where possible, provide alternative solutions for users who don't grant consent. For example, if a user declines to share Location, offer the ability to manually enter an address.

Account Sign-in

This clause also warns developers against collecting data unecessarly.

For example, your app shouldn't require users to enter personal information unless it's needed to function - this includes login details. If you don't need users to have a user account your app should let people use it without one. The clause makes it clear that retrieving profile information, sharing to social networks or inviting friends are not considered necessary to function.

If users can link to their social network, your app must have an option to revoke this access.

The user must give their explicit consent for their personal data to be accessed - any app that collects personal data indirectly or secretly will be removed from the App Store:

(v) Account Sign-In: If your app doesn't include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality. The app must also include a mechanism to revoke social network credentials and disable data access between the app and social network from within the app. An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.

Using and Sharing Data

Firstly, it's essential that you advise users how you use their data and who their data is shared with. Any data you collect cannot be used for a different purpose than the one you gained consent for, without gaining further consent.

The guidelines also state that developers must not build a user profile from the data they collect or collect data about which other apps user's have installed for the purpose of advertising or marketing to them.

Apple also restricts the use of data gathered from its built in API's for the purposes of advertising or use-based data mining:

5.1.2 Data Use and Sharing

(i) Unless otherwise permitted by law, you may not use, transmit, or share someone's personal data without first obtaining their permission. You must provide access to information about how and where the data will be used. Data collected from apps may only be shared with third parties to improve the app or serve advertising (in compliance with the Apple Developer Program License Agreement.). Apps that share user data without user consent or otherwise complying with data privacy laws may be removed from sale and may result in your removal from the Apple Developer Program.

(ii) Data collected for one purpose may not be repurposed without further consent unless otherwise explicitly permitted by law.

(iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an "anonymized," "aggregated," or otherwise non-identifiable way.

(iv) Do not use information from Contacts, Photos, or other APIs that access user data to build a contact database for your own use or for sale/distribution to third parties, and don't collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing.

(v) Do not contact people using information collected via a user's Contacts or Photos, except at the explicit initiative of that user on an individualized basis; do not include a Select All option or default the selection of all contacts. You must provide the user with a clear description of how the message will appear to the recipient before sending it (e.g. What will the message say? Who will appear to be the sender?).

(vi) Data gathered from the HomeKit API, HealthKit, Consumer Health Records API, MovementDisorder APIs, ClassKit or from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs) may not be used for marketing, advertising or use-based data mining, including by third parties. Learn more about best practices for implementing CallKit, HealthKit, ClassKit, and ARKit.

(vii) Apps using Apple Pay may only share user data acquired via Apple Pay with third parties to facilitate or improve delivery of goods and services.

Health Information

Any data related to health is classed as sensitive personal data.

Apple states that the only time it is appropriate to use and store data relating to the users health and fitness is when it is providing a direct benefit to the user. It is essential in these cases that you disclose the specific health data which is being collected:

5.1.3 Health and Health Research

Health, fitness, and medical data are especially sensitive and apps in this space have some additional rules to make sure customer privacy is protected:

(i) Apps may not use or disclose to third parties data gathered in the health, fitness, and medical research context - including from the Clinical Health Records API, HealthKit API, Motion and Fitness, MovementDisorderAPIs, or health-related human subject research - for advertising, marketing, or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission. Apps may, however, use a user's health or fitness data to provide a benefit directly to that user (such as a reduced insurance premium), provided that the app is submitted by the entity providing the benefit, and the data is not be shared with a third party. You must disclose the specific health data that you are collecting from the device.

(ii) Apps must not write false or inaccurate data into HealthKit or any other medical research or health management apps, and may not store personal health information in iCloud.

(iii) Apps conducting health-related human subject research must obtain consent from participants or, in the case of minors, their parent or guardian. Such consent must include the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process.

(iv) Apps conducting health-related human subject research must secure approval from an independent ethics review board. Proof of such approval must be provided upon request.

Children

The guidelines remind app owners of the importance of complying with the Children's Online Privacy Protection Act (COPPA). Apps can ask for children's date of birth and parent's contact information for the sole purpose of complying with these laws:

5.1.4 Kids

For many reasons, it is critical to use care when dealing with personal data from kids, and we encourage you to carefully review all the requirements for complying with laws like the Children's Online Privacy Protection Act ("COPPA"), the European Union's General Data Protection Regulation ("GDPR"), and any other applicable regulations or laws.

Apps may ask for birthdate and parental contact information only for the purpose of complying with these statutes, but must include some useful functionality or entertainment value regardless of a person's age.

Apps intended primarily for kids should not include third-party analytics or third-party advertising. This provides a safer experience for kids. In limited cases, third-party analytics and third-party advertising may be permitted provided that the services adhere to the same terms set forth in Guideline 1.3.

Moreover, apps in the Kids Category or those that collect, transmit, or have the capability to share personal information (e.g. name, address, email, location, photos, videos, drawings, the ability to chat, other personal data, or persistent identifiers used in combination with any of the above) from a minor must include a privacy policy and must comply with all applicable children's privacy statutes. For the sake of clarity, the parental gate requirement for the Kid's Category is generally not the same as securing parental consent to collect personal data under these privacy statutes.

As a reminder, Guideline 2.3.8 requires that use of terms like "For Kids" and "For Children" in app metadata is reserved for the Kids Category. Apps not in the Kids Category cannot include any terms in app name, subtitle, icon, screenshots or description that imply the main audience for the app is children.

Location Services

Your app should only use location services if it's 'directly relevant to the features and services provided.'

5.1.5 Location Services

Use Location services in your app only when it is directly relevant to the features and services provided by the app. Location-based APIs shouldn't be used to provide emergency services or autonomous control over vehicles, aircraft, and other devices, except for small devices such as lightweight drones and toys, or remote control car alarm systems, etc. Ensure that you notify and obtain consent before collecting, transmitting, or using location data. If your app uses location services, be sure to explain the purpose in your app; refer to the Human Interface Guidelines for best practices on doing so.

Laws Require a Privacy Policy

Another reason your iOS app requires a Privacy Policy is because it's likely to collect personal data. This could be in the form of the user's email address, name, date of birth, sex, sexual orientation, geographic location, IP address or health information.

If your app is an e-commerce app it will likely also collect billing and shipping information. Alternatively, a third party processor may do this on your behalf.

There are various laws which state that any business that collects personal data must have a Privacy Policy.

For example, the EU's General Data Protection Regulation (GDPR) and the California Online Privacy Protection Act (CalOPPA) both state that Privacy Policies are a legal requirement for companies that collect personal data.

It's important to note that the GDPR will apply to you if your app is accessible to people located in the EU. Equally, CalOPPA will apply if your app is accessible to residents of California.

What Clauses to Include in Your App's Privacy Policy

You should tailor your Privacy Policy to your app, however there are some clauses you will definitely want to include:

What Data You Collect

This is a good opening clause as it advises users what types of personal data your app collects and how it is collected.

Expedia advises what personal information the app collects and why it's collected. The app separates the data it collects into information provided by the customer directly and information that is collected automatically. Each section has a detailed account of why information is collected:

There's a special section here to cover what information is collected through the Expedia app:

How Long Data is Stored For

Your app should tell users how long you will retain their personal data for.

Etsy advises that the retailer will only retain data for as long as necessary and does not provide a set period of time. Since Etsy is a platform for e-commerce retailers, the policy also advises that Etsy sellers may be required to retain data to comply with their legal obligations:

Calm advises that the app retains data for as long as necessary:

How Data is Used

Both the law and the App Store Guidelines require app owners to inform users how they use personal data.

The Choices: Stories You Play app's Privacy Policy includes a detailed explanation of how data is used. It notes that data is used to provide technical support, send emails, improve services and address prohibited activities amongst other things:

Who Has Access to Data/Data Shared With Third Parties

You should include a clause which tells users who can or might access their data. When drafting this clause, consider who can access user's data internally, as well as externally (third parties).

If your app is an e-commerce app, it's likely you share data with third party payment processors. Make sure you advise users who their data is shared with and why.

Ideally, you should provide a link to any third party policies to enable users to find and view them easily.

Property app Rightmove includes a clause about access to data which explains who can access data both internally and externally. The clause informs users that if the business was sold or merged, users data may be disclosed to the buyer:

Choices includes a clause about information sharing in the app's Privacy Policy. The clause explains that personal data is shared with business partners, such as payment processing companies, game developers and customer support services:

Urban Outfitters explain that data is shared with the 'corporate family' and may also be shared with sister companies or third parties used to fulfill services, such as processing data and payments. The clause also advises users where data is stored and stresses that the company only grants access to data on a need-to-know basis:

The clause includes information about how users can update or delete personal information, which is useful in case someone has shared information with UO and wants to make sure it won't be shared with anyone else.

Security of Data

Your app's Privacy Policy should inform users of all the methods you have of keeping their personal data secure.

For example, e-commerce app ShopClues states that the app uses a secure server which encrypts all information sent by users. The clause goes on to explain how the retailer prevents unauthorized access of data:

Similarly, Paypal includes a clause which advises users of the security measures in place with regard to data protection. The company states that these measures include firewalls, encryption and physical access controls. The clause also reminds users that they are responsible for keeping their passwords secure:

Clothing app Nasty Gal discloses its security measures and reassures users that any third party contracted to process data is required to have security measures in place. The clause also states that users will be notified in the event of a breach:

Payment Processing

If your app processes payments (for example, if it's an e-commerce app) you should advise users what data you collect to do so. It's also important to inform users if a third party payment processor is used (such as the App Store) and ideally, provide a link to the third party's Privacy Policy.

Calm advises who processes customer payments and what personal data they may collect to do so:

User Rights

You should also include a clause which informs users of their rights. If your app is accessible to EU citizens it's important to include all of the rights given by the GDPR, including the right to:

• Be informed
• Withdraw consent
• Access information
• Erase data
• Correct inaccurate data
• Object to or restrict processing
• Data portability

There are also rights involving automated decision making and profiling.

Nasty Gal list all of the rights given under the GDPR and advises how customers can exercise the rights:

Rather than simply listing user rights, Candy Crush breaks down each right individually:

After going into detail about each right, the app suggests alternative ways for users to control what information is collected. For example, users can disconnect their Facebook from the game or limit ad tracking using their cell phone settings:

Cookies

Not all apps use cookies, however if an app uses a browser to access certain content, it's likely to use cookies. It's important to include a cookies clause if your app uses cookies, especially if you don't have a separate Cookies Policy.

Rightmove explains why the app uses cookies and directs users to the full Cookie Policy:

Candy Crush provides a detailed cookies clause which explains why cookies and ad identifiers are used:

Nasty Gal briefly explains why cookies are used and links to a separate Cookies Policy. In addition, the retailer advises how to opt out of cookies but warns users they will not be able to access all features if they do so:

Do Not Track (DNT) Clause

It's a legal requirement under CalOPPA to have a DNT clause if your app is accessible to residents of California.

Users can make DNT requests through their browsers in an attempt to stop companies from tracking their online behavior. Your clause must state how your app responds to DNT requests.

Your app does not legally need to respond to these requests or follow the DNT setting - it simply needs to notify users of your policy.

Calm explains what DNT is and informs users that the app does not respond to such requests:

Episode also includes a DNT clause in its Privacy Policy which states that the app does not respond to DNT requests:

Children

This clause advises whether you collect data from minors. It's essential to include since The Children's Online Privacy Protection Act (COPPA) makes it unlawful to collect the data of children under 13 without obtaining their parents or guardians consent.
Calm advises that the app is not intended to be used by children under the age of 13. The policy also states that if the developers learn that the app has collected the data of a child under 13, it will be deleted:

Similarly, the Wish app states that the app does not knowingly collect personal data from children under the age of 13 and the retailer will delete any information of this kind. This clause is quite detailed and includes a paragraph specific to EU residents regarding consent:

Changes to the Policy

You should include a clause which explains your app's policy is subject to change. It's also a good idea to advise users whether they will be notified of any changes and via what method(s).

Ideally, users should be asked to consent to any changes to the terms - particularly in the case of material changes.

Rightmove advises that users may be required to accept a change of terms in order to continue to use the app:

Etsy informs users that they will be told about any material changes:

Choices also notes that the app will inform users of any changes, however this time the app says they will do this before the changes are made:

Contact Information

A great way to end your Privacy Policy is to provide contact details. This way users can contact you with any questions about your policy.

Etsy provides a link to the store's 'Help Center,' alongside an email address and two physical addresses depending on what part of the World the user is in:

Your users will greatly appreciate this clause in case they wish to reach out to you.

Where to Add Your Privacy Policy Link

There are a few places to add your link, but the most important thing is to make sure your links are clear and accessible. This will help if there is a dispute as you will be able to show that your Privacy Policy is clearly linked and easy for users to find.

The key point is that the link to your Privacy Policy must be displayed in both the App Store and within the app itself. This is required by the Apple Store guidelines:

App Store Listing

To add your Privacy Policy to the App Store Connect metadata field you will need to open connect and click 'app details.'

Then select 'ready for sale' which is found underneath the 'versions' tab. From here you can add you link to the field labeled 'privacy policy url.'

Once you've added your link, make sure you press 'save'!

Here's Netflix's app information in the App Store with its Privacy Policy displayed:

When a user clicks the above link, they are taken to Netflix's website to view the full Privacy Policy. The user is able to do this before deciding if they'd like to download the app.

From the website, the user can return to the App Store by clicking the button at the top left:

Within Your App

There are a few places you could add your Privacy Policy within your app.

Settings Menu

It's a good idea to put your Privacy Policy within the Settings menu since this is usually where users will look for it.

Candy Crush places the app's policy directly under Settings:

Etsy does a similar thing, except the app has a 'legal' section under settings which leads to the retailer's legal policies:

After you tap the Legal link section you'll be taken to a list of important links including the Privacy Policy:

Login Screen or Pop-Up on Opening the App

You could choose to put policies on your login screen so that users can see it as soon as they open your app. This is also a good opportunity to get users to agree to your Privacy Policy.

You may choose to do this in the form of a pop-up, like H&M has done in this example:

Checkout Page for E-commerce Apps

Placing a link to your Privacy Policy at checkout is ideal as this ensures all customers can access it.

If you want to gain user's consent, add a checkbox and an 'I agree' statement. This is a good idea since customers will not be able to say they didn't agree to your terms.

H&M's app gains consent at checkout by requiring users to tick a box stating that they agree to their personal data being processed in accordance with the Privacy Policy:

About Section

You may wish to display your Privacy Policy in your app's 'About' section, like the Calm app has done:

Summary

If you have an iOS App you must have a Privacy Policy.

There are various laws that make Privacy Policies a legal requirement for any business that collects personal data. In addition, Apple guidelines state that all iOS apps must have a Privacy Policy.

The guidelines state that the Policy must be linked to in the App Store Connect metadata field, as well as within the app itself.

When drafting your Privacy Policy it's important to include:

• What types of personal data you collect
• How and why you collect the data
• Who has access to the data
• How you protect the data
• What rights users have over their data