Apple requires a privacy policy for apps that access personal information, including apps that offer subscriptions, accept Apple Pay, or use Apple frameworks such as HomeKit, HealthKit, or CareKit. However, Apple has announced that all new apps and app updates will require a privacy policy. This will be effective from 3rd October 2018. The App Store privacy policy will be submitted for distribution or through TestFlight for beta testing purposes. This new requirement will be compulsory for all apps, including the basic ones that do not share data. However, this new App Store privacy policy will not affect existing apps on the App Store until they are updated on October 3rd or later.
If those apps are no longer maintained, the long outdated apps may remain without a privacy policy. The app’s privacy policy link or text will only be editable when a new version of the app is submitted. To add or edit the privacy policy for the App Store, the users need to go to My Apps in App Store Connect and click on the app. Under the App Store, click on App Information. In the top right corner, add your privacy policy link for iOS apps or macOS apps, or enter text directly for tvOS apps. The users need to save all of this.
To add your privacy policy link to your app for external TestFlight distribution, users need to go to My Apps in App Store Connect and click on the app. Under TestFlight there is an option called Test Information. In Test Information users will have to add their privacy policy link for iOS apps or enter text directly for tvOS apps and save the details. Apple has clearly stated their privacy policy and those are the following:
1. All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner. The privacy policy must clearly and explicitly:
2. Identify what data, if any, the app/service collects, how it collects that data, and all uses of that data.
3. Confirm that any third party with whom an app shares user data (in compliance with these Guidelines) – such as analytics tools, advertising networks and third-party SDKs, as well as any parent, subsidiary or other related entities that will have access to user data – will provide the same or equal protection of user data as stated in the app’s privacy policy and required by these Guidelines.
4. Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.
For the Apple TV, App Store Connect has a text box for developers to past the full text of their privacy policy displayed in the app.