Apple Privacy Manifests

Starting with recent Xcode and App Store requirements, many iOS apps must ship a Privacy Manifest (PrivacyInfo.xcprivacy) that declares which APIs your app uses for tracking or fingerprinting, which data types you collect, and whether data is linked to the user.

Store reviewers and automated checks compare your manifest against your App Store privacy questionnaire and your public privacy policy URL. Mismatches are a common reason for rejection or follow-up questions.

What goes in a Privacy Manifest

  • Required-reason API usage (e.g. UserDefaults, disk space, system boot time) with an approved reason code.
  • Collected data types and whether they are linked to identity or used for tracking.
  • Third-party SDK manifests merged into your app’s final report.

Keeping manifests accurate over time

Treat the manifest as part of your release checklist: when you add an SDK, change analytics, or collect a new field, update PrivacyInfo.xcprivacy and your hosted privacy policy at the same time.

If you need a stable privacy policy URL for App Store Connect, generate one that you can update without resubmitting a new link.

Generate your privacy policy URL