Privacy Nutrition Label Helper

Work out your App Store privacy label — tracking, linked, and not-linked data — before you fill in App Store Connect.

Compliance & Publishing Tools100% freeNo sign-up required

0 of 21 complete

Progress is saved in your browser.

Understand the Three Buckets

Per-Category Walkthrough

Third-Party SDK Mapping

Validate & Maintain

Since December 2020, every new app and update on the App Store must declare its data practices in the App Privacy section — the “privacy nutrition label” shown on your product page. Apple sorts your declarations into three buckets users see at a glance: Data Used to Track You, Data Linked to You, and Data Not Linked to You. Getting the buckets wrong is easy, because the answers depend on definitions (what counts as “tracking”? what makes data “linked”?) that don’t match everyday intuition.

This helper walks through each data category Apple lists — contact info, identifiers, usage data, diagnostics, location, purchases, and more — and asks the classification questions in order: do you collect it, is it used for cross-app tracking, and is it tied to the user’s identity? The result is a worksheet you can transfer directly into App Store Connect.

How to prepare your privacy nutrition label

  1. 1

    Inventory every data type your app and its SDKs collect — analytics, crash reporting, ads, and authentication SDKs all count as your collection.

  2. 2

    For each type, decide if it is used for tracking: combining it with third-party data for targeted advertising, or sharing it with data brokers, is tracking under Apple’s definition.

  3. 3

    For non-tracking data, decide whether it is linked to the user’s identity — tied to an account, device ID, or profile — or kept truly anonymous.

  4. 4

    Note the purposes for each type (analytics, app functionality, advertising, personalization) as Apple’s form requires them per data type.

  5. 5

    Transfer the finished worksheet into App Store Connect under App Privacy, and revisit it whenever you add an SDK.

Tracking, linked, and not linked — what Apple actually means

“Tracking” has a precise definition in Apple’s world: linking data collected from your app with data collected from other companies’ apps and websites for targeted advertising or ad measurement, or sharing it with data brokers. Showing your own ads with your own data is not tracking; sending the IDFA to an ad network for cross-app targeting is — and since iOS 14.5, doing that also requires asking permission through App Tracking Transparency. Your label’s tracking section and your ATT prompt must tell the same story.

“Linked to you” means the data is connected to the user’s identity — via an account, device identifier, or any combination that can single a person out. Data is only “not linked” if you take active steps: stripping identifiers before collection, avoiding re-linkability, and not storing it alongside identified data. Analytics events keyed to a user ID are linked, no matter how harmless the events themselves feel.

The mistakes that get privacy labels flagged

The most common failure is forgetting SDKs. Apple holds you responsible for all data collected in your app, including by third-party code — a crash reporter capturing device identifiers, an ad SDK reading the IDFA, an analytics kit logging usage. Audit your dependency list against each vendor’s published privacy disclosures (many now ship privacy manifests that spell out exactly what they collect) rather than guessing from memory.

The second failure is label drift: the label reflects your app at launch, then the product evolves and the declaration never catches up. Apple requires you to keep labels current, researchers have repeatedly published audits of inaccurate labels, and a mismatch between your label, your privacy policy, and your app’s observed traffic is exactly the kind of inconsistency that triggers review problems. Make the label part of your release checklist, not a one-time chore.

Frequently asked questions

Are privacy nutrition labels mandatory on the App Store?

Yes. Since December 8, 2020, you cannot submit a new app or an update without completing the App Privacy questions in App Store Connect. Existing apps that never update keep their listing, but any release requires the declaration.

What counts as “Data Used to Track You”?

Data linked with third-party data — from other companies’ apps and websites — for targeted advertising or advertising measurement, or shared with data brokers. Using your own first-party data to show ads only within your own app is not tracking under Apple’s definition, but passing identifiers to an ad network for cross-app targeting is.

Do I have to declare data collected by third-party SDKs?

Yes — Apple explicitly makes you responsible for your entire app, including SDK behavior. Check each SDK vendor’s privacy documentation or privacy manifest for what they collect, and fold it into your label. “I didn’t know the SDK did that” is not an accepted defense.

How does the privacy label relate to App Tracking Transparency?

They must agree. If your label declares Data Used to Track You, your app needs the ATT permission prompt before doing that tracking on iOS 14.5 and later; if you claim no tracking but your app sends identifiers to ad networks, reviewers will question the mismatch.

What happens if my privacy label is wrong?

Inaccurate labels can lead to rejected updates, forced corrections, and in persistent cases removal — and they create regulatory exposure, since the label is a public representation of your practices. If you discover an error, correct it in App Store Connect promptly; label edits do not require a new binary.

Is Google Play’s Data safety section the same thing?

Same idea, different form. Google Play’s Data safety section also declares collection, sharing, and security practices, but the categories and questions differ — encryption in transit and deletion requests are asked explicitly. Use the Data Safety Helper to prepare the Play version separately.

Keep privacy declarations audit-ready

Appalize’s app privacy setup checklist tracks your nutrition label, privacy policy URL, and data declarations per app, and flags gaps before your next submission.

Audit my privacy setup free

Related free tools