Apple's commitment to user privacy continues to evolve with the introduction of privacy manifests. These manifests are designed to provide app developers and users with transparency regarding data collection practices.
This guide explains the following concepts:
- What is a privacy manifest?
- Insider SDK and Apple's Privacy Manifests
- Insider Privacy Manifest and SDK Versions
- Data Tracking and Transparency
- Data Collection with Insider SDK
- Customer's Responsibility: Identifying Additional Data Collection
What is a privacy manifest?
A privacy manifest acts as a disclosure document for your app. It outlines the types of data Insider SDK collects, along with its reasons. This information is integrated into your app's overall privacy disclosures and presented to users in the App Store and, potentially, within the app itself.
What data does Insider SDK collect?
Insider considers data privacy as a top priority for its customers. Our commitment to transparency extends to clearly outlining the data categories collected by Insider SDK. We leverage Apple's predefined data categories to ensure clear communication and adhere to their privacy guidelines.
Why does Insider SDK collect data?
The data collected by Insider SDK serves specific purposes that directly enhance the functionality and user experience within your app. This guide explains the specific data categories and how they are used to provide value for your app and its users.
We strongly recommend you refer to official Apple Developer resources for a more comprehensive understanding of privacy manifests.
Refer to Apple's Privacy Manifest Documentation and Describing Data Use in Privacy Manifest for further information.
Simplifying privacy reporting with Xcode 15
Xcode 15 automatically aggregates all privacy manifests within your app and its third-party SDKs into a single consolidated privacy report. This report streamlines the process and provides a comprehensive view of all required reason APIs used by your app.
This streamlined report offers several advantages:
- Accurate Privacy Nutrition Labels: The consolidated view helps ensure your app's Privacy Nutrition Label accurately reflects all data usage practices. Privacy Nutrition Labels are accessible to users on the App Store.
- Enhanced User Privacy: Developers can clearly identify the required reasons for APIs, understand, and potentially minimize data collection, ultimately protecting user privacy from techniques like fingerprinting.
Refer to Apple's Developer Documentation for detailed instructions on generating your app's privacy report.
Understanding Insider SDK and Apple's Privacy Manifests
This section explains how Insider SDK interacts with Apple's Privacy Manifests. We'll explain the data collection practices of Insider SDK and how they are reflected within the manifest.
Configurable data collection
The power of Insider SDK lies in its flexibility. You can configure the data it collects on your behalf, tailoring it to your specific app needs. It's important to remember that the data collection practices outlined in our Privacy Manifest reflect the default settings.
Identifying all data collection and use
Our customers are responsible for fully understanding and identifying all potential data-collection and use cases within their apps that leverage the Insider SDK. This includes cases beyond the defaults or those mentioned here, especially if data collection is limited or situational.
Meeting App Store review guidelines
Your app's data collection practices must adhere to Apple's App Store Review Guidelines. Additionally, ensure compliance with any other applicable laws and regulations.
Maintaining accuracy and user trust
The accuracy and ongoing review of your app's Privacy Nutrition Label are crucial. As your data collection practices evolve, you must update the label accordingly to maintain user trust and transparency.
Insider One's customers are responsible for ensuring their apps' data collection practices comply with Apple's guidelines and all relevant laws, and Insider One provides the tools and clear documentation to support this.
Insider Privacy Manifest and SDK Versions
Our commitment to user privacy extends to our SDK. Starting with the versions listed below, we include a dedicated Privacy Manifest within the SDK. This manifest simplifies integration with Apple's privacy requirements for your app.
- iOS Native: 13.4.1 or above
- ReactNative: 6.4.3 or above
- Flutter: 3.10.4 or above
- Cordova: 2.1.0 or above
Data Tracking and Transparency
Our SDK adheres to Apple's App Tracking Transparency (ATT) framework. This means that Insider One does not track any data protected by ATT. Consequently, the tracking options within our Privacy Manifest will be set to false, and tracking domains will be empty.
Understanding Data Collection with Insider SDK
Our Privacy Manifest outlines the data categories collected by Insider SDK by default. However, it's important to remember that your app's data landscape extends beyond these defaults.
Customer's Responsibility: Identifying Additional Data Collection
Insider One's customers are responsible for comprehensively reviewing their apps' implementation and verifying all data collection practices that leverage Insider SDK. This includes:
- Data gathered through custom tags, attributes, and events you implement.
- How you utilize this data outside of the functionalities provided by Insider SDK.
Examples of Additional Data Collection Cases
Below you can see some data collection examples:
- Ecommerce apps: You might collect user purchase history details beyond basic transactions. This requires a declaration under the "Commerce" category.
- Travel apps: You might gather data on users' preferred destinations or booking habits. This would fall under the "Travel" category.
- Social media apps: You might collect user profile information or details about content creation. This may require declarations under the "User Contact Information" or "User Content" categories.
It is strongly recommended that you thoroughly analyze your app's specific data collection practices to ensure accurate representation in your app's privacy manifest.
Below, you can find data that you can collect via SDK or that SDK collects by default. Accordingly, you need to customize it based on the privacy manifest.
| Data Type | Collected by Insider SDK | Description |
|---|---|---|
| Contact Information Name Email address Phone number Physical address Other user contact info | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| Health and Fitness Health Fitness | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| Financial Info Payment info Credit info Other financial info | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| Location Info Precise location Coarsa location | By default: No Optional | If you are using only the InsiderMobile SDK, no location information is collected. If you are using InsiderGeofence SDK along with InsiderMobile, both location information is temporarily accessed for Geofence features to work. However, they are not collected to be sent to Insider One servers. |
| Sensitive Info | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| Contacts | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| User Content Emails or text messages Photos or videos Audio data Gameplay content Customer support Other user content | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| Browsing History | Not collected | If your implementation is configured to send this data, declare accordingly. |
| Search History | Not collected | If your implementation is configured to send this data, declare accordingly. |
| Identifiers User ID Device ID | By default: No Optional | InsiderMobile iOS SDK does not capture IDFA or other device IDs, such as IMEI that could be potentially used for tracking. |
| Purchases Purchase history | By default: No Optional | If your implementation is configured to send this data, declare accordingly. |
| Usage Data Product interaction Advertising data Other usage data (e.g. Wi-Fi) | Product interaction: Yes Advertising data: No Other usage data: No | For product interactions, we are measuring when the app is launched and when it is closed. If your implementation is configured to send any other data in this category, declare accordingly. |
| Diagnostics Data Crash and diagnostics data | Not collected | If your implementation is configured to send this data, declare accordingly. |
| Other Data | Required, collected | We collect untrackable device data, including IDFV, OS platform, device model, carrier, app version, OS version, time zone, device language, and mobile push opt-in. If your implementation is configured to send any other data in this category, declare accordingly. |