Guide

App Store privacy "nutrition labels": complete guide

Apple's data-collection labels, App Tracking Transparency, and the Privacy Manifest.

Generate matching privacy policy Free · no signup · hosted public URL

The 14 data-collection categories

Apple groups collection into 14 categories: Contact Info, Health & Fitness, Financial Info, Location, Sensitive Info, Contacts, User Content, Browsing History, Search History, Identifiers, Purchases, Usage Data, Diagnostics, Other Data. For each you declare three things: (a) is data collected, (b) is it linked to identity, (c) is it used for tracking.

App Tracking Transparency (ATT)

iOS 14.5+ requires requestTrackingAuthorization() before reading IDFA or sharing identifiers across apps. ATT sits on top of nutrition labels — you must declare tracking on the label and obtain the runtime permission. Lying on either side is grounds for App Store rejection.

Privacy Manifests (iOS 17+)

Since iOS 17, third-party SDKs must ship a PrivacyInfo.xcprivacy file declaring data collected and "required reasons" for using sensitive APIs (file timestamps, system boot time, disk space, user defaults, active keyboards). Apple now blocks app submissions whose dependencies are missing manifests for the apps on Apple's commonly-used SDK list.

Ready to publish?

Answer six questions, get a hosted public URL the App Store, Google Play, and ad networks accept. No credit card.

Generate matching privacy policy

Frequently asked questions

Does my privacy policy have to match the nutrition label?

Yes. Reviewers cross-check. If your label says "no data collected" but your policy mentions Firebase Analytics, you will be rejected.

What if a third-party SDK does not ship a Privacy Manifest?

Pressure the vendor to publish one. As of 2024 most major SDKs comply; if yours does not, look for a maintained fork.