Privacy Policy for iOS (iPhone) Template

Your mobile app (iOS, Android, Windows, BlackBerry) must have a Privacy Policy if the app collects personal data from users.

You'll need the Privacy Policy even if you do not collect this kind of data yourself but instead use third-party tools (such as Google Analytics Mobile, Flurry) that will collect this data for you.

Personal data is any kind of data that could identify an individual:

  • Email address
  • Device ID
  • First and last name
  • Billing or shipping information
  • And so on

Requirements for mobile apps

A Privacy Policy is required by law in most countries:

  • CalOPPA law in the US
  • Privacy Act of 1988 in Australia
  • Data Protection Act in the UK
  • PIPEDA in Canada
  • PDPA in Singapore and Malaysia
  • And many others

FTC Logo

The FTC, in the US, requires all apps that collect and use personal information from users to properly inform about the collection and use of users' personal information.

The FTC has provided guidance for developers and businesses on what to be aware of to ensure compliance.

The "Executive Summary" of the FTC's "Mobile Privacy Disclosures: Building Trust Through Transparency" document states that developers of mobile app should have a Privacy Policy in place and make sure it's easily accessible through app stores.

This requirement applies to all app stores, including iOS and Android:

App developers should - from FTC Mobile Privacy Disclosures

If you're submitting the app to an app store and your app collects personal information from users that will be using your app, then you must have a Privacy Policy.

You must make the policy easily accessible through the app profile page of for users to view and read the Privacy Policy before they download and install your app.

Depending on your mobile app and your business, you may be subject to other legal requirements:

  • If your app collects personal data from users under the age of 13, you'll need to comply with COPPA
  • If your app collects personal data from minors (under the age of 18), comply with the Content Eraser law.
  • If you collect personal data from students, comply with the SOPIPA law
  • If you are using remarketing/retargeting tracking code with Google AdWords or AdRoll or any other third-party, you'll need to update the the Privacy Policy to inform users about this practice.

Privacy Policy for iOS apps

Your iOS app (developed for iPhone or iPad) is required to have a Privacy Policy if you access, collect and transmit personal information from users. This requirement is enforced by Apple for all iOS apps operating in the App Store.

Requirements from Apple App Store

Available on iOS App Store

"Apple's App Store Review Guidelines" states that apps that collect user data must get consent for the collection.

Apple App Store Review Guidelines: Data Collection and Storage - Permission clause

It also states that all apps must include a link to their Privacy Policy in the App Store Connect metadata field and within the app.

Apple App Store Review Guidelines: Data Collection and Storage - Privacy Policies clause

The "Review Guidelines" is a summary version based on their "Program License Agreement (PLA)" and other legal documents that iOS developers must read and agree to in order to have their apps published on Apple App Store.

Based on these documents, iOS developers should consider the following:

  1. Have the Privacy Policy available on the profile page of your app. This is how users are able to read about your privacy practices before downloading the app.
  2. Have the policy within the app, either with a direct link to a URL from your website or embedded in the app. Users must be able to easily find and read any legal agreements they are subject to.
  3. Your Privacy Policy must inform what type of personal information you collect from users, how you are using that information, for what purposes you are using the information and if you share that information with any third parties.

You may be subject to more requirements related to user data if:

  • You're planning to use HealthKit
  • You're planning to use HomeKit
  • You're working with third party keyboards
  • You're integrating Apple Pay

How to add Privacy Policy URL for iOS app

Follow these steps to add the URL of your Privacy Policy for your iOS app:

  1. Open iTunes Connect
  2. Go to App Details
  3. From the Versions tab, select the version of your app which as the Ready for Sale status
  4. Edit the "Privacy Policy URL" field
  5. Click Save

Following the above steps would meet Apple's requirement of getting the Privacy Policy URL on the app's profile page:

iOS Privacy Policy Link in the App Store

Your iOS app may get rejected if you don't add the URL to your Privacy Policy when you submit the app for review. This rejection message happens if you don't have a URL to your Privacy Policy:

Apps should have all included URLs fully functional when you submit it for review, such as support and privacy policy URLs.

You must host the Privacy Policy on your own website. Apple isn't providing any hosting solutions for iOS developers to host the legal page.

Even if your website is merely a placeholder website, where users can only read intros about your app, host the policy on your website and make the URL available to users who just happen to browse your website.

The most common way to do this is to place the URL in the footer of your website:

HubSpot website footer with links to Legal stuff and Privacy

The same URL from the footer of your website is the URL you need to add when submitting your app to Apple App Store.

Examples of Privacy Policies from iOS apps

Here are some examples of popular iOS apps and how they integrated their Privacy Policies in the app.

Slack

Slack Logo

The Privacy Policy of Slack is placed in their iOS app at the Settings screen:

Slack: Take a minute to review Privacy Policy

Thir policy is available on their website as well:

Slack Website Footer

It's also available on the Apple App Store profile page. The URL links directly to the same page as above:

Slack iOS Featured Page on App Store

However, Slack's Privacy Policy is not available on their desktop app. Below is a screenshot of Slack's Mac OS X app:

Slack OS X App Help Section

Slack's legal pages has all the information for users to learn about Slack's privacy practices:

Dropbox

Dropbox's iOS app embeds its legal agreements (both Dropbox's Terms of Service page and Dropbox's Privacy Policy page) rather than force opening the user's mobile browser to read the agreement:

Dropbox embeds its Terms of Service

The same legal agreements are available on Dropbox's official website:

Dropbox Website Footer

Booking.com

Booking.com's iOS app simply adds the links to its legal agreements (its Terms and Conditions page and its Privacy Statement page) at the "Information" screen in the app:

Screenshot of Booking iOS App: Information Screen

When a user taps on any of those links the Booking.com app force opens the mobile browser to open the legal agreement requested by the user.

Mint

Another example shows how the Mint's iOS app is letting users read the Privacy Policy of Mint.com before downloading the app and signing up for an account:

Mint iOS App on App Store Screen: Additional Links

Including the link to your Privacy Policy on the App Store's profile page is a great way to keep users informed how your app may use personal information (including sensitive information such as with Mint's financial data).

Pinterest

Another example from Pinterest's iOS app shows how Pinterest handles their Privacy Policy page that is also linked from their app's profile page on App Store:

  1. A user who might want to download the app clicks on the "Privacy Policy" link from within the App Store's profile page
  2. That link opens the Privacy Policy of Pinterest
  3. The user can then choose to either go "Back to App Store" (added in iOS 9) or click on the "Get the App" button that's been added on the web page

    This is how it looks:

  4. Privacy Policy of Pinterest shows Get the App button

This makes it easy for a user to learn how the personal information will be used by Pinterest before downloading the app. The "Get the App" button added to the legal page makes it easy for a user to download the mobile app once the contents of the policy are reviewed.

Amazon Kindle

Another example is from the login and sign-up screens of Amazon's Kindle iOS app.

Kindle app can be downloaded from the App Store, but before the app can be opened and used (i.e. to read e-books) the user must register an account with Amazon.

By placing a link to the Privacy Policy agreement of Amazon on this screen, Amazon has a good case to prove that the user knew of these two legal agreements and agreed to adhere to the agreements before continuing to login or signing-up for a new account:

Amazon Kindle iOS: Privacy Policy, Terms and Conditions

If you place the link to your Privacy Policy within the app and only make it available for the user after the user signed up it will be harder to prove - if necessary - that the user actually agreed to be bound by your legal terms upon signing up for a new account.