logo

App Privacy

Since your app collects user data, you must disclose its privacy practices and data collection methods.
Check out this Apple guide for more data collection information.

Privacy Policy

Go to the App Privacy section, then click ‘Edit.’
Image without caption
Add your privacy policy's URL link. Make sure to include these policy points in your privacy policy or create something similar by adjusting your information, such as the company name, email, date, and so on. This part will be found in the onboarding themes section.
Image without caption
It’s a critical declaration, as Google may reject your app if you provide information on how you collect information from users.
Image without caption
Then click ‘Get Started’ to begin adding all the data types you collect from users:
Image without caption
Mark “Yes, we collect data from this app” and click ‘Next.’
Image without caption
  • Contact Info: If your app collects or shares a user's name, email address, phone number, physical address, etc.
Image without caption
🧩
Using these components/features necessitates this policy:
Login & Signup Methods
Signup Registration Form
Commerce/Booking & Events
Payment Components
Payment Methods
Image without caption
Image without caption
Image without caption
Image without caption
  • Health & Fitness: If your app collects or shares health/fitness info.
Image without caption
  • Financial Info: This part is related to any payment that takes place in your app.
Image without caption
🧩
Using these components/features necessitates this policy:
Channels/Groups with subscription
Commerce/Booking & Events
Payment Components
Payment Methods
Image without caption
Image without caption
  • Location: If your app collects or shares location.
Image without caption
🧩
Using these components/features necessitates this policy:
Channel Features
Group Messaging
All-in-one Messenger
Commerce
Booking & Events
Payment Components
Image without caption
  • Sensitive Info: If your app collects sensitive content.
Image without caption
  • Contacts: If your app collects or shares contacts.
Image without caption
🧩
Using these components/features necessitates this policy:
Channel Features
All-in-one Messenger
Contacts Manager
Call Manager
Call Logs
Group Messaging
Image without caption
  • User Content: If your app collects photos, videos, audios, or voice messages and requests media in customer support chats or channels.
Other User Content is optional according to what extra content you collect as an app owner.
Image without caption
🧩
Using these components\features necessitates this policy:
Channel Features
All-in-one Messenger
Group Messaging
Image without caption
  • Browsing History: If your app uses a WebView tab or embedded browser and you log or track the websites or pages users visit.
Image without caption
Image without caption
  • Search History: If your app includes a search component or if you have a search bar in custom component, Store or Booking Center component.
Image without caption
Image without caption
Image without caption
  • Identifiers: mark ‘User ID’ and ‘Device ID.’
Image without caption
  • Purchases: If your app has purchase transactions.
Image without caption
🧩
Using these components/features necessitates this policy:
Channels/Groups with subscription
Commerce/Booking & Events
Payment Components
Payment Methods
Image without caption
Image without caption
  • Usage Data:
Image without caption
  1. Product Interaction
🧩
Using these components/features necessitates this policy:
Custom Component
Channels/Groups with subscription
Channels
Messaging Features
Commerce/Booking & Events
Payment Components
Payment Methods
List View
Push Notifications
Locations
Image without caption
Image without caption
  1. Advertising Data: If your app has ads.
  1. Other Usage data: session duration, how often users open the app, custom analytics events, or data from API integrations for monitoring or personalization.
  • Diagnostics: 
MANDATORY!
Mark ‘Crash Data.’
Image without caption
And when you’re done, click ‘Save.’
👉
Any other type of privacy can be skipped, as the above ones are the most crucial to disclose.

Configure Each Policy

  • Contact Info: Names, Email Address, Phone Number, Physical Address & Other User Contact Info.
Click ‘Set Up Name.’
Image without caption
MANDATORY!
Mark ‘App functionality,’
‘Yes, names collected from this app are linked to the user’s identity,’
‘No, we do not use names for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
Mark the same answers for any type of Contact Info
Image without caption
  • Financial Info: Payment Info.
MANDATORY!
Mark ‘App functionality,’
‘Yes, payment info collected from this app is linked to the user’s identity,’
‘No, we do not use payment info for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  • Location: Precise Location & Coarse Location.
MANDATORY!
Mark ‘App functionality,’
‘No, precise location collected from this app is not linked to the user’s identity,’
‘No, we do not use the precise location for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
Mark the same answers for Coarse Location
Image without caption
  • Contacts:
MANDATORY!
Mark ‘App functionality,’
‘Yes, contacts collected from this app are linked to the user’s identity,’
‘No, we do not use contacts for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  • User Content: Photos or Videos; Audio Data; Customer Support.
MANDATORY!
Mark ‘App functionality,’
‘No, photos or videos collected from this app are not linked to the user’s identity,’
‘No, we do not use photos or videos for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
Mark the same answers for any type of User Content
Image without caption
  • Browsing History:
MANDATORY!
Mark ‘App functionality,’
‘No, browsing history data collected from this app is not linked to the user’s identity,’
‘No, we do not use browsing history data for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  • Search History:
MANDATORY!
Mark ‘App functionality,’
‘No, search history data collected from this app is not linked to the user’s identity,’
‘No, we do not use search history data for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  • Purchases:
MANDATORY!
Mark ‘App functionality,’
‘No, purchase history data collected from this app is not linked to the user’s identity,’
‘No, we do not use purchase history data for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  • Usage Data:
  1. Product Interaction
MANDATORY!
Mark ‘App functionality,’
‘Yes, product interaction data collected from this app is linked to the user’s identity,’
‘No, we do not use product interaction data for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  1. Advertising Data
MANDATORY!
Mark ‘App functionality,’
‘No, advertising data collected from this app is not linked to the user’s identity,’
‘No, we do not use advertising data for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  1. Other Usage Data
MANDATORY!
Mark ‘App functionality,’
‘No, other usage data collected from this app is not linked to the user’s identity,’
‘No, we do not use other usage data for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
  • Identifiers: User ID & Device ID.
MANDATORY!
For User ID set up, you add, mark ‘App functionality,’
‘Yes, user IDs collected from this app are linked to the user’s identity,’
‘No, we do not use user IDs for tracking purposes,’
and click ‘Save.’
Image without caption
Image without caption
MANDATORY!
For Device ID set up, you add, mark ‘App functionality,’
‘No, device IDs collected from this app are not linked to the user’s identity,’
‘No, we do not use device IDs for tracking purposes,’
and click ‘Publish.’
Image without caption
Image without caption
  • Diagnostics: Crash Data.
MANDATORY!
Mark ‘App functionality,’
‘No, crash data collected from this app is not linked to the user’s identity,’
‘No, we do not use crash data for tracking purposes,’
and click ‘Publish.’
Image without caption
Image without caption

❓ FAQs

Q: How do I set privacy and data collection rules when publishing to the App Store?

A: In App Store Connect, open your app and complete App Privacy. You will:
  • Add a Privacy Policy URL.
  • Complete Apple’s Privacy Questionnaire.
  • Declare every data type your app collects or uses, and answer Apple’s 3 questions for each: purpose, linked to identity, and used for tracking.
For most nandbox apps, the safe default purpose is App Functionality.

Q: Where do I start setting app privacy in App Store Connect?

A:
  1. Go to App Privacy → Edit.
  1. Paste your Privacy Policy URL. It must be public and clearly explain the data collected, how you use it, and your company details.
  1. Click Get Started to begin the questionnaire.
Apple verifies the policy during review, so keep it live and up-to-date.

Q: What’s the Apple Privacy Questionnaire, and how do I fill it out?

A:
  1. Click Get Started.
  1. Select Yes, we collect data from this app.
  1. Work through the data types Apple shows and declare only what your app actually collects.
  1. For each selected type, answer:
      • Purpose: usually App Functionality for nandbox.
      • Linked to identity: Yes, if it can identify a user. Otherwise No.
      • Used for tracking: Usually No unless you or partners track users across apps or sites.

Q: What types of user data do I need to declare? (nandbox-focused)

A: Declare only what applies to your build. Common nandbox mappings:
  • Contact Info
    • Names, Email, Phone, Address.
      Triggers: Login and Signup, Signup Form, Commerce, Booking & Events, and Payment components.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: Yes
    • Tracking: No
  • Financial Info
    • Payment Info.
      Triggers: Store/Commerce, Booking & Events, and Payment Methods.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: Yes
    • Tracking: No
  • Location
    • Precise or Coarse.
      Triggers: Maps, Booking, Delivery, sharing location in chats.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: No
    • Tracking: No
  • Contacts
    • User’s address book.
      Triggers: Messenger contact sync, invite flows, Channels/Groups that use contacts.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: Yes
    • Tracking: No
  • User Content
    • Photos, Videos, Audio, Voice messages, and Customer Support uploads.
      Triggers: Messenger, Channels, Groups, Support chats.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: No
    • Tracking: No
  • Browsing History
    • Visited pages inside a WebView if you log them.
      Default nandbox: not collected, not linked, not used for tracking.
      Suggested answers if collected:
    • Purpose: App Functionality
    • Linked: No
    • Tracking: No
  • Search History
    • Queries in search bars or list views if you store them.
      Default nandbox: not collected, not linked, not used for tracking.
      Suggested answers if collected:
    • Purpose: App Functionality
    • Linked: No
    • Tracking: No
  • Purchases
    • In-app purchases and subscriptions.
      Triggers: Store/Commerce, Booking & Events, paid Channels/Groups.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: No
    • Tracking: No
  • Usage Data
      1. Product Interaction—interactions with tabs, menus, list views, messages, bookings, and carts.
          • Purpose: App Functionality
          • Linked: Yes
          • Tracking: No
      1. Advertising Data—only if you integrate ad SDKs.
          • Purpose: App Functionality
          • Linked: No
          • Tracking: No (becomes Yes if your ad partner tracks across apps)
      1. Other Usage Data—session duration, open frequency, and custom analytics events if collected.
          • Purpose: App Functionality
          • Linked: No
          • Tracking: No
  • Identifiers
    • User ID and Device ID.
      Suggested answers:
    • User ID → Purpose: App Functionality, Linked: Yes, Tracking: No
    • Device ID → Purpose: App Functionality, Linked: No, Tracking: No
  • Diagnostics
    • Crash Data.
      Suggested answers:
    • Purpose: App Functionality
    • Linked: No
    • Tracking: No
Health & Fitness and Sensitive Info only if your app truly collects them.

Q: How do I answer Apple’s privacy questions for each data type?

A: Use this pattern:
  • Purpose: choose App Functionality unless you genuinely use data for analytics, marketing, or ads.
  • Linked to identity:
    • Yes for Contact Info and User ID.
    • No for Device ID, Location, User Content, Purchases, and Browsing/Search history by default.
    • Product Interaction is Yes.
  • Used for tracking: No unless you or your partners use the data to track users across apps or sites.
Repeat for each selected data type, then Save or Publish.