Apple Privacy Manifest

Supported on ios-logo

Declare to Apple the data collected by your app or by third-party SDKs.

Apple’s privacy manifest is a file type that outlines the privacy practices of an app or its third-party SDKs. In the manifest, you declare the types of data you collect, using specific categories they provide, and the purpose for collecting the data.

See Apple’s developer documentation detail about its purpose, data collection categories, and more:

Using Xcode 15+, all privacy manifests in an app and its third-party SDKs automatically roll up into a single privacy report. The report provides a full list of the required reason APIs, and it can be used to help developers create more accurate Privacy Nutrition Labels and protect end users from being tracked through fingerprinting.

Apple provides steps for creating your app’s privacy report .

The remainder of this document describes Apptimize’s privacy manifest and data collection information as related to Apple’s privacy manifest.

Apptimize’s SDKs are configurable by you, both in the data we collect on your behalf and how you use that data. Apptimize’s privacy manifest describes what Apptimize’s SDK collects and the settings at default. However, you should identify all possible data collections and uses based on your configuration of the Apptimize SDK, even if not outlined here or even if certain data will be collected and used only in limited situations. Your answers should follow the Apple App Store Review Guidelines and any applicable laws. You are solely responsible for keeping your responses accurate and up to date. If your practices change, you must update your responses in your Privacy Nutrition Label as needed.

Apptimize privacy manifest

Apptimize includes its own privacy manifest in SDK 3.5.23 and above. For apps using an SDK version older than 3.5.23, refer to the Required reason API usage defined below when creating an Apple privacy manifest.

Tracking

Apptimize does not track any data that is protected by the App Tracking Transparency framework. Therefore, tracking is set to false and the tracking domains are empty in Apptimize’s privacy manifest.

Required reason API usage

Apple provides a list of required reason APIs that could potentially be abused for fingerprinting a user. Usage of these APIs alone does not indicate that the app or third-party SDK is being abused to track users, but the APIs must be listed in the manifest with a valid reason of usage.

The Apptimize SDK uses three APIs that must be declared in the manifest:

API type

Reason

Notes

User Defaults

1C8F.1

Apptimize uses user defaults to persist some SDK settings, such as pairing token or anonymous user ID.

System Boot Time

35F9.1

Apptimize uses system boot timestamp to make sure analytics events order.

File Timestamp

C617.1

Apptimize uses file date creation timestamp to determine app install date.

Customers must audit their app’s API usage to see if any of the restricted APIs are being used. If so, the app must create its own privacy manifest that declares the APIs and the reasons for using them.

Collected data

Apptimize’s privacy manifest only defines data categories that Apptimize collects by default. Customers must review their own implementation and verify what data they are collecting with attributes and events, as well as how they use this data outside of Apptimize.

Default Apptimize collected data categories:

Data type

Purpose

Notes

User ID

  • Developer’s advertising or marketing

  • App functionality

  • Product personalization

By default Apptimize generates an anonymous user ID. This ID is used during experiments enrollment and when organizing analytics events.

Product Interaction

  • Analytics

  • App functionality

  • Product personalization

Apptimize collects experiment participation and application lifecycle events.

Other Data Types

  • Analytics

  • Product personalization

Apptimize collects additional data, such as device model, versions, and carrier, that can be used for segmentation and personalization.