App Privacy
Since your app collects user data, you must disclose its privacy practices and data collection methods.
Check out this Apple guide for more data collection information.
Privacy Policy
Go to the App Privacy section, then click ‘Edit.’
Add your privacy policy's URL link. Make sure to include these policy points in your privacy policy or create something similar by adjusting your information, such as the company name, email, date, and so on. This part will be found in the onboarding themes section.
It’s a critical declaration, as Google may reject your app if you provide information on how you collect information from users.
Then click ‘Get Started’ to begin adding all the data types you collect from users:
Mark “Yes, we collect data from this app” and click ‘Next.’
- Contact Info: If your app collects or shares a user's name, email address, phone number, physical address, etc.
Using these components/features necessitates this policy:
Login & Signup Methods
Signup Registration Form
Commerce/Booking & Events
Payment Components
Payment Methods
- Health & Fitness: If your app collects or shares health/fitness info.
- Financial Info: This part is related to any payment that takes place in your app.
Using these components/features necessitates this policy:
Channels/Groups with subscription
Commerce/Booking & Events
Payment Components
Payment Methods
- Location: If your app collects or shares location.
Using these components/features necessitates this policy:
Channel Features
Group Messaging
All-in-one Messenger
Commerce
Booking & Events
Payment Components
- Sensitive Info: If your app collects sensitive content.
- Contacts: If your app collects or shares contacts.
Using these components/features necessitates this policy:
Channel Features
All-in-one Messenger
Contacts Manager
Call Manager
Call Logs
Group Messaging
- User Content: If your app collects photos, videos, audios, or voice messages and requests media in customer support chats or channels.
⇒ Other User Content is optional according to what extra content you collect as an app owner.
Using these components\features necessitates this policy:
Channel Features
All-in-one Messenger
Group Messaging
- Browsing History: If your app uses a WebView tab or embedded browser and you log or track the websites or pages users visit.
- Search History: If your app includes a search component or if you have a search bar in custom component, Store or Booking Center component.
- Identifiers: mark ‘User ID’ and ‘Device ID.’
- Purchases: If your app has purchase transactions.
Using these components/features necessitates this policy:
Channels/Groups with subscription
Commerce/Booking & Events
Payment Components
Payment Methods
- Usage Data:
- Product Interaction
Using these components/features necessitates this policy:
Custom Component
Channels/Groups with subscription
Channels
Messaging Features
Commerce/Booking & Events
Payment Components
Payment Methods
List View
Push Notifications
Locations
- Advertising Data: If your app has ads.
- Other Usage data: session duration, how often users open the app, custom analytics events, or data from API integrations for monitoring or personalization.
- Diagnostics:
MANDATORY!
Mark ‘Crash Data.’
And when you’re done, click ‘Save.’
Any other type of privacy can be skipped, as the above ones are the most crucial to disclose.
Configure Each Policy
- Contact Info: Names, Email Address, Phone Number, Physical Address & Other User Contact Info.
Click ‘Set Up Name.’
MANDATORY!
Mark ‘App functionality,’
‘Yes, names collected from this app are linked to the user’s identity,’
‘No, we do not use names for tracking purposes,’
and click ‘Save.’
Mark the same answers for any type of Contact Info
- Financial Info: Payment Info.
MANDATORY!
Mark ‘App functionality,’
‘Yes, payment info collected from this app is linked to the user’s identity,’
‘No, we do not use payment info for tracking purposes,’
and click ‘Save.’
- Location: Precise Location & Coarse Location.
MANDATORY!
Mark ‘App functionality,’
‘No, precise location collected from this app is not linked to the user’s identity,’
‘No, we do not use the precise location for tracking purposes,’
and click ‘Save.’
Mark the same answers for Coarse Location
- Contacts:
MANDATORY!
Mark ‘App functionality,’
‘Yes, contacts collected from this app are linked to the user’s identity,’
‘No, we do not use contacts for tracking purposes,’
and click ‘Save.’
- User Content: Photos or Videos; Audio Data; Customer Support.
MANDATORY!
Mark ‘App functionality,’
‘No, photos or videos collected from this app are not linked to the user’s identity,’
‘No, we do not use photos or videos for tracking purposes,’
and click ‘Save.’
Mark the same answers for any type of User Content
- Browsing History:
MANDATORY!
Mark ‘App functionality,’
‘No, browsing history data collected from this app is not linked to the user’s identity,’
‘No, we do not use browsing history data for tracking purposes,’
and click ‘Save.’
- Search History:
MANDATORY!
Mark ‘App functionality,’
‘No, search history data collected from this app is not linked to the user’s identity,’
‘No, we do not use search history data for tracking purposes,’
and click ‘Save.’
- Purchases:
MANDATORY!
Mark ‘App functionality,’
‘No, purchase history data collected from this app is not linked to the user’s identity,’
‘No, we do not use purchase history data for tracking purposes,’
and click ‘Save.’
- Usage Data:
- Product Interaction
MANDATORY!
Mark ‘App functionality,’
‘Yes, product interaction data collected from this app is linked to the user’s identity,’
‘No, we do not use product interaction data for tracking purposes,’
and click ‘Save.’
- Advertising Data
MANDATORY!
Mark ‘App functionality,’
‘No, advertising data collected from this app is not linked to the user’s identity,’
‘No, we do not use advertising data for tracking purposes,’
and click ‘Save.’
- Other Usage Data
MANDATORY!
Mark ‘App functionality,’
‘No, other usage data collected from this app is not linked to the user’s identity,’
‘No, we do not use other usage data for tracking purposes,’
and click ‘Save.’
- Identifiers: User ID & Device ID.
MANDATORY!
For User ID set up, you add, mark ‘App functionality,’
‘Yes, user IDs collected from this app are linked to the user’s identity,’
‘No, we do not use user IDs for tracking purposes,’
and click ‘Save.’
MANDATORY!
For Device ID set up, you add, mark ‘App functionality,’
‘No, device IDs collected from this app are not linked to the user’s identity,’
‘No, we do not use device IDs for tracking purposes,’
and click ‘Publish.’
- Diagnostics: Crash Data.
MANDATORY!
Mark ‘App functionality,’
‘No, crash data collected from this app is not linked to the user’s identity,’
‘No, we do not use crash data for tracking purposes,’
and click ‘Publish.’
❓ FAQs
Q: How do I set privacy and data collection rules when publishing to the App Store?
A: In App Store Connect, open your app and complete App Privacy. You will:
- Add a Privacy Policy URL.
- Complete Apple’s Privacy Questionnaire.
- Declare every data type your app collects or uses, and answer Apple’s 3 questions for each: purpose, linked to identity, and used for tracking.
For most nandbox apps, the safe default purpose is App Functionality.
Q: Where do I start setting app privacy in App Store Connect?
A:
- Go to App Privacy → Edit.
- Paste your Privacy Policy URL. It must be public and clearly explain the data collected, how you use it, and your company details.
- Click Get Started to begin the questionnaire.
Apple verifies the policy during review, so keep it live and up-to-date.
Q: What’s the Apple Privacy Questionnaire, and how do I fill it out?
A:
- Click Get Started.
- Select Yes, we collect data from this app.
- Work through the data types Apple shows and declare only what your app actually collects.
- For each selected type, answer:
- Purpose: usually App Functionality for nandbox.
- Linked to identity: Yes, if it can identify a user. Otherwise No.
- Used for tracking: Usually No unless you or partners track users across apps or sites.
Q: What types of user data do I need to declare? (nandbox-focused)
A: Declare only what applies to your build. Common nandbox mappings:
- Contact Info
- Purpose: App Functionality
- Linked: Yes
- Tracking: No
Names, Email, Phone, Address.
Triggers: Login and Signup, Signup Form, Commerce, Booking & Events, and Payment components.
Suggested answers:
- Financial Info
- Purpose: App Functionality
- Linked: Yes
- Tracking: No
Payment Info.
Triggers: Store/Commerce, Booking & Events, and Payment Methods.
Suggested answers:
- Location
- Purpose: App Functionality
- Linked: No
- Tracking: No
Precise or Coarse.
Triggers: Maps, Booking, Delivery, sharing location in chats.
Suggested answers:
- Contacts
- Purpose: App Functionality
- Linked: Yes
- Tracking: No
User’s address book.
Triggers: Messenger contact sync, invite flows, Channels/Groups that use contacts.
Suggested answers:
- User Content
- Purpose: App Functionality
- Linked: No
- Tracking: No
Photos, Videos, Audio, Voice messages, and Customer Support uploads.
Triggers: Messenger, Channels, Groups, Support chats.
Suggested answers:
- Browsing History
- Purpose: App Functionality
- Linked: No
- Tracking: No
Visited pages inside a WebView if you log them.
Default nandbox: not collected, not linked, not used for tracking.
Suggested answers if collected:
- Search History
- Purpose: App Functionality
- Linked: No
- Tracking: No
Queries in search bars or list views if you store them.
Default nandbox: not collected, not linked, not used for tracking.
Suggested answers if collected:
- Purchases
- Purpose: App Functionality
- Linked: No
- Tracking: No
In-app purchases and subscriptions.
Triggers: Store/Commerce, Booking & Events, paid Channels/Groups.
Suggested answers:
- Usage Data
- Product Interaction—interactions with tabs, menus, list views, messages, bookings, and carts.
- Purpose: App Functionality
- Linked: Yes
- Tracking: No
- Advertising Data—only if you integrate ad SDKs.
- Purpose: App Functionality
- Linked: No
- Tracking: No (becomes Yes if your ad partner tracks across apps)
- Other Usage Data—session duration, open frequency, and custom analytics events if collected.
- Purpose: App Functionality
- Linked: No
- Tracking: No
- Identifiers
- User ID → Purpose: App Functionality, Linked: Yes, Tracking: No
- Device ID → Purpose: App Functionality, Linked: No, Tracking: No
User ID and Device ID.
Suggested answers:
- Diagnostics
- Purpose: App Functionality
- Linked: No
- Tracking: No
Crash Data.
Suggested answers:
Health & Fitness and Sensitive Info only if your app truly collects them.
Q: How do I answer Apple’s privacy questions for each data type?
A: Use this pattern:
- Purpose: choose App Functionality unless you genuinely use data for analytics, marketing, or ads.
- Linked to identity:
- Yes for Contact Info and User ID.
- No for Device ID, Location, User Content, Purchases, and Browsing/Search history by default.
- Product Interaction is Yes.
- Used for tracking: No unless you or your partners use the data to track users across apps or sites.
Repeat for each selected data type, then Save or Publish.