Apple App Store Privacy Compliance
Apple requires every new app or app update in the Apple App Store to declare the data collected by the app or third-party SDK whose code is integrated in the application. Declaring this data allows users to understand if these data types are linked to them or its used to track them.
What does this mean for app developers?
When you upload a new app or update an existing app in the Apple App Store, you need to provide the information collected by the app and third-party SDKs (including the Responsys Mobile SDK) in the Apple App Store's Application Privacy section.
The Responsys Mobile SDK does not share data with data brokers, or advertisement platforms for targeted advertisements. We collect some data for app functionality and to understand the user's engagement and conversions.
Responsys Data Types
The following table outlines the data collected by the Responsys Mobile iOS SDK you need to provide to Apple.
| App Store Label | Data Type | Optional/Required | Description | Data Linked to you | App Channel List Column Name | Additional Details |
|---|---|---|---|---|---|---|
| Identifiers | ||||||
| DeviceID | Required | The Responsys Mobile SDK generates and stores unique device identifiers. This can be used to identify the app instance for promotional and transaction messaging. New app installations get a new DeviceID. DeviceID is removed when apps are uninstalled. | Data Linked to you | DEVICE_ID_ | ||
| User ID | Optional | Applications can set a "User Identifier" to identify logged in users in the app. The user identifier can be one of email address, phone number, or customer generated unique identifier. | Data Linked to you | USER_IDENTIFIER_ | If you are using User ID to identify users, you must declare it in your App Privacy section. | |
| External Device Tracking ID (EDTI) | Optional | Applications can set the EDTI to any custom value to recognize the user across different platforms. | Data Used to Track You | EXT_DEVICE_TRACKING_ID_ | If you are setting the EDTI with the SDK, you must declare it in your App Privacy section. | |
| IDFA | Optional | IDFA (Identifier for Advertisers) isn't captured by the Responsys Mobile SDK automatically. Apps can provide the IDFA using the SDK API. | Data Used to Track You | ADVERTISER_ID_ | IDFA is a random device identifier assigned by Apple to a user's device. You need to comply with Apple's Privacy guidelines to use IDFA and also declare it within the App Privacy section. | |
| IDFV | Optional | IDFV (ID for Vendors) isn't captured by the Responsys Mobile SDK automatically. Apps can provide the IDFV using the SDK API. | Data Used to Track You | VENDOR_ID_ | ||
| Push Device Tokens | Required | Push Device Tokens are provided by Apple (APNS) and collected by the Responsys Mobile SDK. | Data Linked to You | DEVICE_TOKEN_ | ||
| Diagnostics | The Responsys Mobile SDK provides APIs to enable/disable the collection of SDK's diagnostic information. If you enable the SDK's diagnostic collection, following are the data types required the App Privacy Declaration. | |||||
| Stack Trace | Required | The Responsys Mobile SDK can capture the app's stack trace, if a crash is detected in the SDK. | Data Linked to You | |||
| Device OS Version | Device OS Version | Version of OS where the SDK crashed. | Data Linked to You | |||
| Application Version | Required | Version of app where SDK crashed. | Data Linked To You | |||
| SDK Version | Required | Responsys SDK version where crashed. | Data Linked To You | |||
| Device Model | Required | Device model where SDK crashed. | Data Linked To You | DEVICE_MODEL_ | ||
| Is Jail Broken | Required | When a crash occurs on a device, this flag determines if the device is jail broken. | Data Linked To You | |||
| Usage Data | SDK records the notification button clicks and push open engagement. | Data Linked To You | ||||
| Other Data | ||||||
| Device Model | Required | The Responsys Mobile SDK collects the Device Model automatically. | Data Linked To You | DEVICE_MODEL_ | ||
| SDK Version | Required | The Responsys Mobile SDK collects the SDK Version automatically. | Data Linked To You | SDK_VERSION_ | ||
| Operating System | Required | The Responsys Mobile SDK collects the device operating system automatically. | Data Linked To You | |||
| OS Version | Required | The Responsys Mobile SDK collects the device's operating system version automatically. | Data Linked To You | OS_VERSION_ | ||
| Cellular Carrier | Required | The Responsys Mobile SDK collects the cellular carrier name used by the device. | Data Linked To You | CARRIER_ | ||
| Screen Scale | Required | Device's screen scale is collected by the SDK. | Data Linked To You | SCREEN_DENSITY_ | ||
| Screen Height | Required | Device's screen height is collected by the SDK. | Data Linked To You | SCREEN_HEIGHT_ | ||
| Screen Width | Required | Device's screen width is collected by the SDK. | Data Linked To You | SCREEN_WIDTH_ | ||
| Device Locale | Required | Device's current locale is collected by the SDK. | Data Linked To You | LOCALE_ | ||
| Device Manufacturer Name | Required | Device's manufacturer name is collected by the SDK. | Data Linked To You | MANUFACTURER_ | ||
| Device Timezone | Required | Device's most recent Timezone while sending the registration signal is collected by SDK. | Data Linked To You | TIME_ZONE_ | ||
| Device Timezone Offset | Required | Device's most recent Timezone Offset while sending the registration signal is collected by SDK. | Data Linked To You | |||
| Application Version | Required | Application's version is collected by SDK. | Data Linked To You | APP_VERSION_ | ||
| Application Install Time | Required | The time of application install. | Data Linked To You | INSTALLED_AT_DATE_ | ||
| Notification Badge Status | Required | Whether the application's notification badge is enabled or disabled. | Data Linked To You | PUSH_PERM_BADGES_ | Users need to explicitly give the permission for Push Notification badges to be enabled or disabled. | |
| Push Notification Permission Status | Required | User selected permission for push notification's opt-in or opt-out. | Data Linked To You | CHANNEL_PERMISSION_STATUS_ | Users need to give the explicit permission for Push Notification opt-in. | |
| Location | Optional | The Responsys Mobile SDK allows applications to pass location information, and apps can ask the SDK to track the location information automatically. Following are the information captured by the SDK if you ask the SDK to track the location automatically. | ||||
| Location Permission Status | Required | Users are prompted to select their location permission type (Always, When In Use, Undetermined, Never, and Restricted) | Data Linked To You | APP_LOCATION_PERMISSION_ | Users are presented with location permission types when the location prompt appears. | |
| Latitude, Longitude, Altitude, Horizontal Accuracy | Required, only when users give the permission to record the location. | Whenever a significant change in location info (Latitude, Longitude, Altitude, Horizontal Accuracy) is detected by the SDK, it's captured and recorded. | Data Linked To You | Users need to give explicit permission for location tracking. | ||
| TimeStamp | Required, only when users give permission to record the location. | The SDK collects location information with the current device timestamp value. | Data Linked To You | UPDATED_AT_DATE_ | Users need to give explicit permission for location tracking. |