Since the release of iOS 8, Apple has implemented many requirements that need to be met in order to avoid having your app application rejected. One of the major requirements (that often results in Apps being rejected where conditions are not met) is that of data privacy.
Data privacy is more important than ever across various companies and platforms; with major fines and sanctions being handed down for non-compliance, companies are paying attention – and Apple is no exception: Apple’s App Store Review Guidelines have been updated to better accommodate recent changes in Data Protection Law.
From October 3, 2018 App Store Connect requires a privacy policy for all new apps and app updates before they can be submitted for distribution on the App Store or through TestFlight external testing.
From October 3, 2018 App Store Connect requires a privacy policy for all new apps and app updates.
Article 5.1 of Apple’s App Store Review Guidelines provides an overview of Apple’s privacy guidelines (and grounds for rejection where these conditions are not met). Article 5.1.1 on Data Collection and Storage further specifies as follows:
5.1.1(i) Privacy Policies: All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:
- Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
- Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) — such as analytics tools, advertising networks and third-party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data — will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.
- Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.
In addition, your app’s privacy policy link or text will only be editable when you submit a new version of your app. Read the App Store’s privacy clause here.
Starting with iOS 14.5, new requirements will go into effect, that will make data collection and processing more transparent for users. You must:
A lot of people ask for sample privacy policies for apps. The exact required contents of a privacy policy depend upon the applicable law and may need to address requirements across geographical boundaries and legal jurisdictions.
For this reason, it’s always advisable that you approach your (legally mandated) privacy policy with the strictest applicable regulations in mind. You can read more about determining your law of reference here or read our in-depth Legal Overview Guide here.
Let’s start with the legal minimum requirements. These are the most basic elements that a privacy policy should have:
Here’s an example of privacy policy for an iOS app, created with our generator.
Terms and Conditions (also called ToS – Terms of Service, Terms of Use or EULA – End User License Agreement) set the way in which your product, service or content may be used, in a legally binding way. Not only are crucial for protecting you from potential liabilities, but (especially in cases where something is being sold to consumers) they often contain legally mandated information such as users’ rights, withdrawal or cancellation disclosures.
In general, you’ll likely need to set Terms and Conditions if you have an app that participates in some form of commerce (whether selling to users directly or facilitating trading). Additionally, some specific instances where they might be needed are where you:
Particular emphasis should be given to account termination clauses, payment conditions and the limitation of liability clauses (and disclaimers).
Our Term and Conditions Generator helps you to easily generate and manage documents that are engineered to meet the specific requirements of all major app stores and up to date with the main international legislations.
iubenda makes solving this issue easy: With hundreds of available clauses, our privacy policies contain all elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.
Our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.
The process is straightforward and intuitive, simply:
Click here to read the full guide on how to generate a Privacy Policy.
Enter:
Congratulations! Your policy has been created. Simply check that all the details are correct, then embed.
As we said above, you have to include a link to your privacy policy within the app and in the App Store Connect metadata field.
For apps, the direct link or direct text embedding methods are best. Apple specifically requires “a link” to the privacy policy, so the direct link method is sufficient in meeting Apples’s requirements, however if your app processes user data while offline, be sure to provide users with an in-app offline method of accessing the privacy policy in order to be legally compliant.
Whichever embed method you choose, remember that you’re required to choose a location that is easily accessible and visible to users.
When your app is ready, you have 2 options to choose from: you can either beta test it by using TestFlight or submit it for review. In both cases – in addition to the app’s internal link – you’ll have to include a link to your privacy policy in the App Store Connect metadata field. Here’s how to meet this requirement:
In App Store Connect, under “My Apps > TestFlight”, you will find “Test Information”, among which you will also find the privacy policy URL. Fill in the url for the translated privacy policy for each language that your app is translated into (iubenda offers 9 privacy policy languages out of the box):
In App Store Connect, under “My Apps > App Store”, you will find “App Information”, among which you will also find the privacy policy URL. As mentioned above, fill in a privacy policy URL for each language that your app is translated into:
Once your application is approved, you will find your privacy policy linked under “Information” on the Application landing page that App Store generates for you:
