TermsDock

May 28, 2026

Privacy Policy for Mobile Apps: What iOS and Android Require

Both Apple App Store and Google Play require a privacy policy for all apps. Here's exactly what your mobile app privacy policy must include — and how to generate one free.

App Store Privacy Policy Requirements

If you publish on the Apple App Store or Google Play, a privacy policy is mandatory — not optional. Both stores will reject your app if it collects any personal data and lacks a privacy policy URL.

Apple App Store Requirements

Apple requires:

  • A privacy policy URL in App Store Connect before submission
  • Accurate completion of the "App Privacy" nutrition labels (data linked to user, data used to track, etc.)
  • Compliance with App Store Review Guidelines Section 5.1 (Privacy)

Apple's privacy nutrition labels require you to disclose what data you collect and how it's used — directly in the App Store listing. Your privacy policy must be consistent with these labels.

Google Play Requirements

Google requires:

  • A privacy policy link in the Play Console
  • Disclosure in the Data Safety section (similar to Apple's nutrition labels)
  • Compliance with Google Play Developer Program Policies

Google's Data Safety form asks about data types collected, how they're used, whether data is shared, and security practices.

What Mobile App Privacy Policies Must Cover

Beyond standard website privacy policy requirements, mobile apps often collect:

  • Device identifiers (IDFA on iOS, GAID on Android)
  • Precise location data (GPS coordinates)
  • Camera and microphone access
  • Contacts and calendar data
  • Health and fitness data (HealthKit, Google Fit)
  • Financial data (for payment apps)
  • Sensitive user content (photos, messages)

Your privacy policy must disclose every type of data your app accesses, even if it's not stored — the act of accessing device sensors or permissions is itself data collection.

App Tracking Transparency (iOS 14.5+)

Apple's App Tracking Transparency (ATT) framework requires apps to ask permission before tracking users across other apps and websites. If your app uses advertising networks or cross-app tracking, you must:

  • Request ATT permission before tracking
  • Disclose this in your privacy policy
  • Provide a mechanism to opt out

Children's Privacy (COPPA)

If your app targets children under 13, COPPA (Children's Online Privacy Protection Act) applies. You cannot collect personal information from children without parental consent. Most app stores require additional disclosures and have stricter review for apps targeting children.

Generating a Mobile App Privacy Policy

TermsDock's Privacy Policy Generator is designed to cover all standard requirements including mobile-specific disclosures. For iOS and Android apps, include device identifiers and usage tracking in the "data you collect" field.

Free Legal Document Tools

🔒Privacy Policy Generator📜Terms of Service Generator🤝NDA Generator💼Freelance ContractCease & Desist Letter🍪Cookie Policy Generator↩️Return & Refund Policy💿EULA Generator⚠️Disclaimer Generator
← Back to Blog