← Back to blog

The iOS privacy nutrition label, demystified

March 2026 · 6 min read

Apple's App Privacy nutrition label is one of the most user-facing trust signals on iOS. It's also one of the easiest places to accidentally lie - not because devs are malicious, but because the categories are confusing and the questions don't always map cleanly to your app. Here's the workflow we use.

What the label is

The App Privacy section on every App Store listing answers three questions:

  • What data does the app collect?
  • Is that data linked to the user's identity?
  • Is that data used for tracking?

You fill it out in App Store Connect → your app → App Privacy. Apple compares your answers against the actual binary during review and audit.

The decision tree

Our process: walk through every SDK, framework, and network call your app makes. For each, ask:

  • Does it collect personal data? Email, name, location, contacts, health data, etc.
  • Does that data leave the device? Sent to a server or third-party.
  • Is it associated with a user identifier? Apple ID, email, advertising ID, custom ID.
  • Is it used for cross-app tracking? (this is the strict definition of 'tracking' under ATT)

Most categories of our apps answer 'no' to all four. That fits the easiest label: 'Data Not Collected.'

Common categories explained

Identifiers: Apple's User ID (sub from Sign in with Apple), email if you ask for it, custom user IDs. RevenueCat's anonymous app-user-ID counts but isn't 'linked to identity' unless you call setAttributes with PII.

Diagnostics: Crash logs sent to your server count. Apple's automatic crash reporting (TestFlight) does not - that's between user and Apple.

Usage Data: Analytics events. If you run Mixpanel, Amplitude, or self-hosted analytics - declare it. Even page views count.

Where studios accidentally lie

Three common gotchas:

  • 'We don't share data' but we use Firebase Analytics. Firebase ships data to Google. That's third-party sharing, even if you don't explicitly send it.
  • 'No data linked to user' but we use a logged-in account. If your app has accounts, the user's email + their behavior is linked data. Declare it.
  • 'No tracking' but you have a Meta/Facebook SDK. Even non-attribution Meta SDKs phone home. Read each SDK's privacy disclosure carefully.

A walkthrough for our typical app

For a typical mk0.net app (local-first, no analytics, RevenueCat for subscriptions):

  • Data collected: Purchases (RevenueCat tracks subscription state)
  • Linked to user: No (RevenueCat uses an anonymous ID we never set to PII)
  • Used for tracking: No

Total time to fill out: about 5 minutes per app. Updating when SDKs change: about 2 minutes.

What this earns you

A clean privacy nutrition label is a real competitive advantage. Many users now scan it before installing - particularly in health, finance, and family categories.

We treat 'Data Not Collected' as our default and design every app to live up to it. It's the easiest 5-minute label to fill out, and it's also the most credible one to put your name on.