Apple Privacy Manifest

Declare to Apple the data collected by your app or by third-party SDKs.

Apple’s privacy manifest is a file type that outlines the privacy practices of an app or its third-party SDKs. In the manifest, you declare the types of data you collect, using specific categories they provide, and the purpose for collecting the data.

See Apple’s developer documentation detail about its purpose, data collection categories, and more:


Using Xcode 15+, all privacy manifests in an app and its third-party SDKs automatically roll up into a single privacy report. The report provides a full list of the required reason APIs, and it can be used to help developers create more accurate Privacy Nutrition Labels and protect end users from being tracked through fingerprinting.

Apple provides steps for creating your app’s privacy report.


The remainder of this document describes Airship’s privacy manifest and data collection information as related to Apple’s privacy manifest.

Airship’s SDKs are configurable by you, both in the data we collect on your behalf and how you use that data. Airship’s privacy manifest describes what Airship’s SDK collects and the settings at default. However, you should identify all possible data collections and uses based on your configuration of the Airship SDK, even if not outlined here or even if certain data will be collected and used only in limited situations. Your answers should follow the Apple App Store Review Guidelines and any applicable laws. You are solely responsible for keeping your responses accurate and up to date. If your practices change, you must update your responses in your Privacy Nutrition Label as needed.

Airship privacy manifest

Airship includes its own privacy manifest in SDK 17.3.0 and above. For apps using an SDK version older than 17.3.0, refer to the required reason API usage by Airship defined below when creating an Apple privacy manifest.

Tracking

Airship does not track any data that is protected by the App Tracking Transparency framework. Therefore, tracking is set to false and the tracking domains are empty in Airship’s privacy manifest.

Required reason API usage

Apple provides a list of required reason APIs that could potentially be abused for fingerprinting a user. Usage of these APIs alone does not indicate that the app or third-party SDK is being abused to track users, but the APIs must be listed in the manifest with a valid reason of usage.

The Airship SDK uses two APIs that must be declared in the manifest:

API typeReasonNotes
NSPrivacyAccessedAPICategoryFileTimestampC617.1Airship uses the creationDate API to determine App install date for In-App and Feature Flag audience segmentation.
NSPrivacyAccessedAPICategoryUserDefaultsCA92.1Airship uses user defaults to persist some SDK settings, such as push enabled and tags.

Customers must audit their app’s API usage to see if any of the restricted APIs are being used. If so, the app must create its own privacy manifest that declares the APIs and the reasons for using them.

Collected data

Airship’s privacy manifest only defines data categories that Airship collects by default. Customers must review their own implementation and verify what data they are collecting with tags, attributes, and events, as well as how they use this data outside of Airship.

Examples:

  • Fitness apps may collect data about users’ workouts or fitness goals that must be declared under the Health and Fitness category.
  • Retail apps may collect data about purchase behavior that much be declared under the Purchases category.
  • Quick-service restaurant apps may collect location data in order to locate users for curbside pickup, which must be declared under the Location category.

Data collected by Airship is not linked to and does not track particular users by default. However, it’s possible to configure Airship to do so by associating a ChannelAn instance representing an entity addressable via the Airship service, e.g., an iOS device, email address, SMS number or web browser. The channel instance or channel object contains all relevant information about a channel, including metadata used for targeting, opt-in status, device-specific information, and, importantly, a unique identifier for the channel, the Channel ID. to a Named UserA customer-provided identifier used for mapping multiple devices and channels to a specific individual.. If an application uses the named user feature to link a particular user to a channel, then the app must declare that in its own Privacy Nutrition Labels.

Default Airship collected data categories:

Data typePurposeNotes
User ID
  • Developer’s advertising or marketing
  • App functionality
Airship generates a Channel IDAn Airship-specific unique identifier used to address a channel instance, e.g., a smartphone, web browser, email address., anonymous contact ID, and a Message Center user ID. These IDs are not associated with individuals by default.
Product interaction
  • Developer’s advertising or marketing
  • Analytics
  • Product personalization
Airship collects foreground, background, and interaction events for Airship features.
Other data types
  • Developer’s advertising or marketing
  • Analytics
  • Product personalization
Airship collects additional data, such as device model, versions (e.g., SDK and OS), and carrier, that can be used for analytics, segmentation, and personalization.

For more details on data collected by Airship, see the Data Collection guide.