Apple Privacy Nutrition Label Generator
Answer Apple's privacy questionnaire step by step, then export the result as JSON or Markdown. No signup, runs entirely in your browser
App and data collection
Start with your app name, then tell Apple whether you or your third-party SDKs collect any data
All Apple privacy data categories
| Category | Data types | Example |
|---|---|---|
| Contact Info | Name, Email Address, Phone Number, Physical Address, Other User Contact Info | Email used to send a receipt |
| Health & Fitness | Health, Fitness | Heart rate from HealthKit |
| Financial Info | Payment Info, Credit Info, Other Financial Info | Card last 4 stored for receipts |
| Location | Precise Location, Coarse Location | Lat/lng for nearby search |
| Sensitive Info | Race or Ethnicity, Sexual Orientation, Pregnancy or Childbirth Information, Disability, Religious or Philosophical Beliefs, Trade Union Membership, Political Opinion, Genetic Information, Biometric Data | Pregnancy data in a tracker app |
| Contacts | Contacts | Address book uploaded for invites |
| User Content | Emails or Text Messages, Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content | Photos saved to your cloud |
| Browsing History | Browsing History | In-app browser visits |
| Search History | Search History | In-app search queries |
| Identifiers | User ID, Device ID | User ID, IDFV, account ID |
| Purchases | Purchase History | In-app purchase history |
| Usage Data | Product Interaction, Advertising Data, Other Usage Data | Screen views, button taps |
| Diagnostics | Crash Data, Performance Data, Other Diagnostic Data | Crash logs, performance traces |
| Surroundings | Environment Scanning | AR room scans |
| Body | Hands, Head | Hand or head pose for AR |
| Other Data | Other Data Types | Anything not covered above |
What is Apple's privacy nutrition label
Apple introduced privacy nutrition labels in December 2020 with iOS 14. Every app on the App Store must declare what data it collects, whether that data is linked to a user, and whether it is used to track them across other apps and websites. The result appears on your App Store product page in the "App Privacy" section, before users tap Get.
The label covers 14 data categories and 30+ specific data types. You answer the questionnaire once in App Store Connect, then keep it updated as your app evolves. Inaccurate labels are a frequent rejection reason and can trigger app removal if Apple finds discrepancies.
How to fill it out without lying or oversharing
The honest answer is usually messier than "we collect nothing" and less alarming than "we collect everything". Map every external SDK in your app, then for each one read its data safety statement. Firebase Analytics, Sentry, Mixpanel, Meta SDK, RevenueCat all collect different things. Add them up, then declare the union.
When in doubt, declare more rather than less. Apple penalizes underreporting much harder than overreporting. If you collect an email address only to send transactional receipts, you still declare Email Address with purpose "App Functionality". Skipping it because it "feels harmless" is how apps get pulled from the store.
Tracking vs not tracking, the SDK trap
Tracking has a specific Apple definition that catches most founders off guard. If your analytics SDK stores a User ID and that ID is shared with the SDK vendor, who then correlates it with data from other apps, that is tracking even if you never see the cross-app data yourself. Meta SDK, AppLovin, ironSource, AppsFlyer, Adjust, Branch all default to tracking.
If any SDK in your app does tracking, you must show the App Tracking Transparency prompt before that SDK fires. You also flag every data type collected by that SDK as "Used for Tracking: Yes" on the label. Skipping the prompt while shipping the SDK is grounds for guideline 5.1.2 rejection or post-release removal.
Common privacy label rejections in App Review
The top three reasons Apple rejects a privacy label are mismatched declarations (you say no data, your binary calls Firebase), missing tracking flag (you ship Meta SDK without ATT prompt), and undisclosed data types (you collect health data but only declare User ID). Reviewers run automated checks plus manual sampling.
If your label gets flagged, fix it in App Store Connect first, then resubmit. You can update the label without a new binary if the changes are purely declarative. If you need to remove an SDK or add an ATT prompt, that requires a new build. Replying to the rejection without fixing the underlying issue almost always triggers an escalation.
Frequently asked questions
Do I need to fill this out for a free app?
Yes. Apple requires every app on the App Store to declare data collection, free or paid. Even if you collect zero data, you still have to submit the label answering "no" to data collection. Apps without a label cannot be released.
What counts as 'linked to user'?
Data is linked when it can be tied back to an identity, account, device, or profile, directly or through correlation with other data you hold. If your analytics tool stores a user ID alongside the event, it's linked. If you store only fully anonymous aggregated counts with no identifier, it's not linked.
What is 'tracking'?
Tracking means linking user or device data from your app with data from other apps, websites, or offline sources for advertising or sharing with data brokers. If you use any SDK that builds cross-app advertising profiles (Meta SDK, AppLovin, ironSource, most attribution networks), you are tracking and you must show the App Tracking Transparency prompt.
Can I update the privacy label later?
Yes. You can edit your privacy label at any time in App Store Connect, even outside of an app submission. Apple recommends keeping it accurate as your data practices evolve. The label is reviewed during app review, so changes ship live without a binary update if done between submissions.
What if I use a third-party SDK?
You are responsible for the data your SDKs collect, even if you didn't write the code. Read the SDK's data safety documentation, then declare every data type the SDK collects on your label. Common offenders are Firebase Analytics (collects User ID, Device ID, Usage Data), Meta SDK (Advertising Data, tracking), and crash reporters (Crash Data, Performance Data).
Related resources
Ship your app faster, polish included
ScreenMagic generates App Store and Play Store screenshots in every required size. AI handles the design, you keep the privacy work focused
Get started free