Every app hosted on the Apple App Store must have a privacy laws-compliant Privacy Policy. Your iPhone OS app also needs a Privacy Policy, independent of the functionalities of the app.
First, compliance with Apple’s app store guidelines is essential. If your Privacy Policy does not meet Apple's privacy requirements, your iOS app could be rejected, you will not be able to place your iOS app on the Apple App Store.
Second, you need to have a Privacy Policy to comply with global privacy laws and to avoid penalties for non-compliance. A Privacy Policy helps to ensure that you are following the privacy laws like GDPR, CCPA, UK’s DPA 2018, and others.
This article will explain Apple's requirements for a Privacy Policy.
Does My iOS App Need a Privacy Policy?
Every iOS app needs a Privacy Policy. It’s a requirement of Apple, Apple requires all iOS apps to have a Privacy Policy.
Even if your iOS app doesn't collect or manage any user data, you nonetheless need to have a Privacy Policy. If your app doesn't collect any personal data, simply say in your Privacy Policy about it. Users should know if their data is collected or not, and for what reasons.
In practice, every app needs a privacy policy, not just an iOS app. Every application hosted on the Google Play Store must also have a privacy policy.
Apple's Privacy Policy Requirements for iOS Apps
A Privacy Policy is a document that declares how your application collects, stores, and processes user personal data. These are the key requirements of privacy laws-compliant Privacy Policy for iOS Apps:
- Data collection. Explain what personal information your app collects. If your iOS app collects any personal information e.g. (name, username, password, email, address, IP address, device ID, location data), it must be clearly stated in a Privacy Policy. Inform users if your app collects this data itself or if it uses third-party tools.
- Data usage. Explain why you collect personal information. You should have a legitimate interest to collect user data. The data collection could be used for your app’s functionalities like buying a product on an e-commerce store, for providing user personalization, or for targeted advertising. Be specific and do not use general terms.
- Third parties. Reveal if you share or sell personal information to third parties and disclose the identity of these third parties. Explain the reasons why you share or sell personal information to them.
- User rights and consent. Inform users about their rights regarding their personal data and inform users how to exercise these rights, how to manage their data preferences, and how to revoke user consent for data collection. Under the GDPR, the app users have the following rights: the right to be informed, the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and the rights around automated decision-making and profiling.
- User rights to delete the data. One of the most important aspects is the user rights to delete the data. Users should be able to delete their data at any time and without any reason provided to you since the data belongs to them. Apple states that your iOS Privacy Policy must "describe how a user can [...] request deletion of the user's data." Thus, you must provide users with options to delete their data.
- Data retention policy. Explain your data deletion policy and practices. You must not keep user data longer than you need it. Think carefully about how long to store user data and when to delete it.
- Security measures. Inform users what security practices your app implements. Your iOS app could use encryption, access controls, Transport Layer Security (TLS) implements for end-to-end encryption, verification or authentication methods, refresh sessions more often, send less personal information or split the data into several requests, and other security measures. You should take adequate security measures to prevent unauthorized access and data breaches since this would affect users’ trust in your app and is strictly regulated by privacy laws.
- Cookies and similar tracking technologies. Inform users if your iOS app uses cookies (e.g. Tracking Cookies or advertising cookies), tracking pixels, or other similar tracking technologies. Explicitly inform users how to opt out of tracking, and if it is possible at all without losing the functionalities of your iOS app.
- Identity of the company. Disclose the identity of the company and provide contact information like email or phone number. It should be easy to reach the company regarding users’ personal data management and preferences. Provide contact details for users to contact you with privacy-related concerns.
- Children's privacy. If your app collects data from children, describe the procedure to obtain parental consent. Handle children's data with special care. Under the GDPR, this parental consent is needed for children below the age of 16 years. Under the CCPA, parental consent is needed if the child is under the age of 13 years old. In the US, the Children's Online Privacy Protection Act (COPPA) protects children under the age of 13.
- Updates to Privacy Policy. Since you may revise or update your app’s privacy policy, inform users about it, and provide details on how users will be informed of any changes. Every time you update your privacy policy, you need to inform users and get the user's consent.
The Privacy Policy must be easily accessible on your app via a link or through a Cookie Banner.
In addition to Apple's Privacy Policy requirements, you must obey the privacy law of the countries where your users are based, not just the country where you are based. There are privacy laws in Canada (PIPEDA), Brazil (LGPD), Turkey (KVKK), South Africa (POPIA), Saudi Arabia (SAPDPL), and other countries.
How to Write a Privacy Policy for iOS App?
The best way to get a Privacy Policy for an iOS app is to use a Privacy Policy Generator. With CookieScript Privacy Policy Generator you can create a professional and fully customizable Privacy Policy for an iOS app.
CookieScript Privacy Policy Generator can create a Privacy Policy for you with the following functionalities:
- Cookie Policy included. You can get a Cookie Policy with an automatically generated Cookie Declaration for your app.
- Compliance with all major privacy regulations.
- Pre-defined choices. It offers an easy-to-fill form with lists of pre-defined choices to pick from.
- Available in 9 languages. Generated Privacy Policy is fully translated into 9 languages by a team of professional translators.
Follow this three-step guide to create a Privacy Policy for your iOS app:
- Enter your business details.
- Choose which information you collect and how it is processed.
- Download your new Privacy Policy.
All done, you have created your iOS Privacy Policy!
Frequently Asked Questions
Does my iOS app need a privacy policy?
Yes. Every iOS app needs a Privacy Policy. First, it’s a requirement of Apple. First, if your app does not have a Privacy Policy or it does not meet Apple's privacy requirements, you will not be able to host your iOS app on the Apple App Store. Second, you need a Privacy Policy to comply with privacy laws and to avoid penalties for non-compliance. Use CookieScript Privacy Policy Generator to create a Privacy Policy for your app.
Does my iOS app need a privacy policy if it doesn't collect any user data?
Even if your iOS app doesn't collect or manage any user data, you nonetheless need to have a Privacy Policy. It’s a requirement of privacy laws and the Apple App Store. If your app doesn't collect any personal data, simply say in your Privacy Policy about it. Use CookieScript Privacy Policy Generator to create a quick and professional Privacy Policy.
What are Apple's privacy policy requirements for iOS apps?
To comply with privacy laws, your Privacy Policy for iOS apps must cover the following aspects: data collection, data usage, data selling or sharing to third parties, user rights and consent, user right to delete the data, security measures, cookies, and similar tracking technologies, the identity of the company, data retention policy, children's privacy, updates to the privacy policy. Use CookieScript Privacy Policy Generator to create a professional Privacy Policy for your app.
Do apps need a Privacy Policy?
Yes, every application hosted on the Apple App Store and on the Google Play Store, must have a privacy laws-compliant Privacy Policy that declares how the app collects, stores, and processes user personal data. It’s a requirement of Apple, Google, and privacy laws of the countries, where the users are based. You can create a Privacy Policy for your app easily with the help of CookieScript Privacy Policy Generator.