Free tool · Last reviewed
App Store privacy nutrition label generator
Walk through Apple's 14 data categories, get an App Store Connect-ready summary you can paste in directly, plus a PrivacyInfo.xcprivacy manifest file ready to drop into Xcode.
Runs entirely in your browser. No signup, no upload, no watermark — your answers never leave this page.
Wizard
Tracking
Does this app use ATT-tracking?
"Tracking" means combining data from your app with data from other companies for advertising or sharing with data brokers. If yes, you need an ATT prompt + must list every third-party tracking domain.
Data categories
0/14 collectedContact Info
Name, email address, phone number, mailing address. Apple Sign In + email auth flows collect this.
Health & Fitness
Heart rate, steps, workouts, calories, sleep. Required if you read from HealthKit.
Financial Info
Payment info, transaction history, credit info. Required for in-app purchases via 3rd-party processors (Stripe, etc.). StoreKit purchases handled by Apple alone do NOT count.
Location
Precise (within ~3 meters) or coarse (city-level) location. Anything from CLLocationManager qualifies.
Sensitive Info
Race, sexual orientation, pregnancy info, political opinion, religious beliefs, biometric data, union membership, etc.
Contacts
User's address book contacts. If you ask for Contacts permission and read names/numbers, declare this.
User Content
Messages, photos/videos, audio recordings, gameplay content, customer support tickets — content the user creates inside your app.
Browsing History
Information about the websites the user visits inside an in-app browser or via your app.
Search History
Searches the user performs inside your app.
Identifiers
User IDs (account ID, profile ID), Device IDs (IDFA, device fingerprint). Most analytics + auth SDKs collect at least one.
Purchases
What the user has bought inside or outside the app.
Usage Data
Product interaction (taps, navigation, time-in-app), advertising data, other usage signals. Firebase Analytics, Mixpanel, Amplitude, etc.
Diagnostics
Crash data, performance data (launch times, hangs), other diagnostic info. Crashlytics, Sentry, Bugsnag, etc.
Other Data
Any data type that doesn't fit the categories above. Use sparingly and explain in App Store Connect.
Privacy preview
Toggle a category above to start building your label preview.
Ready to export
ZIP includes PrivacyInfo.xcprivacy + App Store Connect summary + README
Reference
Apple's 14 data categories
Every app must declare which of these it (and its third-party SDKs) collects. The wizard above maps each category to the corresponding NSPrivacyCollectedDataType identifiers in your manifest file.
Contact Info
Name, email address, phone number, mailing address. Apple Sign In + email auth flows collect this.
Health & Fitness
Heart rate, steps, workouts, calories, sleep. Required if you read from HealthKit.
Financial Info
Payment info, transaction history, credit info. Required for in-app purchases via 3rd-party processors (Stripe, etc.). StoreKit purchases handled by Apple alone do NOT count.
Location
Precise (within ~3 meters) or coarse (city-level) location. Anything from CLLocationManager qualifies.
Sensitive Info
Race, sexual orientation, pregnancy info, political opinion, religious beliefs, biometric data, union membership, etc.
Contacts
User's address book contacts. If you ask for Contacts permission and read names/numbers, declare this.
User Content
Messages, photos/videos, audio recordings, gameplay content, customer support tickets — content the user creates inside your app.
Browsing History
Information about the websites the user visits inside an in-app browser or via your app.
Search History
Searches the user performs inside your app.
Identifiers
User IDs (account ID, profile ID), Device IDs (IDFA, device fingerprint). Most analytics + auth SDKs collect at least one.
Purchases
What the user has bought inside or outside the app.
Usage Data
Product interaction (taps, navigation, time-in-app), advertising data, other usage signals. Firebase Analytics, Mixpanel, Amplitude, etc.
Diagnostics
Crash data, performance data (launch times, hangs), other diagnostic info. Crashlytics, Sentry, Bugsnag, etc.
Other Data
Any data type that doesn't fit the categories above. Use sparingly and explain in App Store Connect.
Best practices
Filling out your privacy label without tripping App Review
Audit your SDKs first. Apple holds you accountable for data collected by every SDK you ship. Before answering the wizard, list every dependency in your Xcode project and check each provider's privacy manifest. Common ones: Firebase Analytics (Identifiers + Usage Data), Crashlytics (Diagnostics), RevenueCat (Identifiers), OneSignal (Identifiers + Usage Data), Sentry (Diagnostics).
"Linked" doesn't mean "Tracking." Tracking specifically means combining your app's user activity with data from OTHER companies' apps or websites. If you only use data inside your own app and don't share with third-party advertising networks, that's Linked but NOT Tracking. Only check "Used for Tracking" when you ship an ATT prompt.
Be conservative on Sensitive Info. Apple takes Sensitive Info (race, sexual orientation, health, biometrics, etc.) very seriously. If your app touches any of these — even tangentially — declare it. Under-declaring here is one of the fastest paths to App Review rejection.
Drop the .xcprivacy in the right target. For an app with multiple targets (extensions, watch app), each target needs its own PrivacyInfo.xcprivacy. The same goes for first-party SDKs you ship as separate frameworks. Apple validates this at submission time.
Re-run when your stack changes. Adding a new analytics SDK, swapping payment processors, turning on a remote-config tool — any of these changes data collection. Re-export the label and update App Store Connect for the next version submission.
FAQ
Quick answers
- What is an App Store privacy nutrition label?
- Privacy nutrition labels are the data-collection summary Apple shows on every App Store listing under "App Privacy." Since iOS 14.3 (December 2020), every app must declare the data it (and any third-party SDK it embeds) collects, whether that data is linked to the user, and whether it's used for cross-app tracking. The label is auto-generated from your answers in App Store Connect.
- What is PrivacyInfo.xcprivacy and do I need it?
- PrivacyInfo.xcprivacy is the privacy manifest file Apple has required since May 2024 for new app submissions and updates. It lives in your Xcode project (one in your app target, plus one in each first-party SDK target) and declares your tracking domains, Required Reason APIs, and collected data types. This generator outputs a starter .xcprivacy file you can drop into Xcode → File → New → File → App Privacy.
- What's the difference between Linked and Tracking?
- Linked: data is associated with a specific user identity (an account, a device ID, an email). Tracking: that data is used to combine your app's user activity with data from OTHER companies' apps or websites for advertising or sharing with data brokers. Tracking implies Linked, but Linked does not imply Tracking. If you only use the data inside your own app and don't share it with third parties for advertising, that's Linked but NOT Tracking.
- Do I need to declare data my third-party SDK collects (like Firebase or Sentry)?
- Yes — Apple holds the developer responsible for everything embedded in their app, including SDKs. Check each SDK provider's documentation: Google Firebase, Sentry, Mixpanel, RevenueCat, OneSignal, etc. all publish privacy manifests. For most apps, declaring Identifiers (Device ID), Diagnostics (Crash Data), and Usage Data (Product Interaction) covers the typical analytics + crash-reporting stack.
- How often do I have to update my privacy nutrition label?
- Whenever your data collection changes — adding a new SDK, adding analytics, adding a payment processor, or changing what data is shared with third parties. The label auto-republishes when you submit a new app version. You don't have to re-submit just to update the label, but you must keep it accurate; misleading labels are a guidelines violation.
- Will Apple verify my answers?
- No, the label is self-declared. Apple does NOT audit individual labels, but they do hold you accountable for accuracy under their App Store Review Guidelines (5.1.2). Misrepresenting collection can result in app removal. The safe rule: declare every data type any code in your bundle collects, including third-party SDKs you embed.
Now ship the screenshots that match
Privacy label sorted? Next you need screenshots that convert. Ryplix Studio generates App Store-ready iPhone and iPad screenshots from raw app screens, with AI-written headlines tuned for App Store search. Free to start — 5 credits on signup, no card.
More free tools: character counter, screenshot resizer. Related guides: App Store screenshots guide.