Privacy Policy Requirements for the App Store: Everything You Need
Every app on both Apple's App Store and Google Play must have a privacy policy. But not just any privacy policy -- it must be specific, accurate, and accessible. Vague or generic policies are the #1 rejection trigger. Here is exactly what both platforms require.
Scan your app against 180+ review rules
Get a detailed compliance report in under 5 minutes. Single scan $9, Pro $29/mo.
Required Privacy Policy Content
Both platforms require your privacy policy to cover: what personal data you collect (specific data types, not vague categories), how you collect it (directly from users, through SDKs, from third parties), why you collect it (specific purposes for each data type), who you share it with (categories of third parties), how long you retain it, how users can access, correct, or delete their data, how you secure the data, whether you transfer data internationally, and your contact information for privacy inquiries.
Platform-Specific Requirements
Apple additionally requires: policy must match App Privacy nutrition labels exactly, must disclose all third-party SDK data collection, must explain data retention periods, and must describe data deletion procedures. Google requires: policy must be linked from your store listing AND within the app, must align with Data Safety section declarations, must describe data encryption practices, and must include information about data sharing with advertising partners.
Hosting and Accessibility
Your privacy policy must be: hosted at a stable, accessible URL (not behind a login wall), available worldwide (not geo-restricted), loading quickly on mobile devices, written in the language(s) your app supports, and updated whenever your data practices change. Both Apple and Google check that the URL works during review. A broken link is an automatic rejection.
Frequently Asked Questions
Can I use a privacy policy generator?
As a starting point, but you must customize it to accurately reflect YOUR data practices. Generic policies that do not mention your specific SDKs and data handling will be flagged.
How often should I update my privacy policy?
Whenever you change data collection practices, add or remove SDKs, modify data sharing arrangements, or when privacy laws change. At minimum, review quarterly.
Does my privacy policy need to be in multiple languages?
Your privacy policy should be available in every language your app supports. At minimum, it must be in English plus any primary languages of your target markets.
Related Resources
App rejected for privacy policy violations? Learn exactly what Apple and Google require in your privacy policy and how to fix compliance issues.
App Rejected for Data Collection IssuesFix data collection rejection issues for App Store and Google Play. How to properly disclose data practices, SDKs, and tracking.
App Store Compliance ToolAutomated app store compliance checking for iOS and Android. Scan against 180+ rules and fix issues before Apple or Google rejects your app.
Stop Guessing. Start Scanning.
Join developers who pass app store review on their first try.
Start Free ScanSingle scan $9 · Pro $29/mo · Team $79/mo