Overview
Apple’s Privacy Policy and your Pendo SDK
What’s changed?
Starting from Dec. 8th, 2020, iOS App owners will be required to add details about the data types their app may collect, including via third parties, like Pendo, and whether that data is linked to the application’s users (or their devices) or used to track those users. Information on this data collection, use and tracking has to be included in each app owner’s privacy policy, which is accessible from the owner’s app page in the App Store and within the app itself. Full information on these requirements is available at Apple’s App Store privacy website.
What type of data does Pendo collect?
You can find detailed information in this article to understand which type of data Pendo collects about your end-users. This information will be required in order to submit apps to the App store. (You can learn more in Apple’s article).
Under Apple’s rules, do I need to include information about the Pendo SDK in my privacy disclosures?
Yes. Apple’s policies require disclosure of collection and use by “third-party partners,” and we are a “third-party partner” according to the Apple requirements.
At a minimum, we recommend that Pendo customers disclose that Pendo collects device ID and product usage data to allow our customers to “evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, and measure audience size or characteristics.”
A customer may need to include additional details about the data it collects using Pendo and the purposes for which it collects that data based on that customer’s unique usage and configuration of Pendo. Full details are here.
All of this data needs to be disclosed when a Pendo customer submits their app to the App Store.
iOS 14.5 AppTracking Transparency policy
For iOS 14.5 Apple has required that app owners obtain a user’s permission for “tracking” through the AppTrackingTransparency policy. This consent requirement is based on Apple Guideline 5.1.2(i), which states that an app owner must receive “explicit permission” from an app user via Apple’s App Tracking Transparency APIs to track that user.
Does the Pendo SDK fall under Apple's definition of tracking?
Pendo's SDK does not (of itself) fall under Apple's definitions of “tracking,” found here.
Apple’s “tracking” definition has two parts:
- Advertising use, which means an app owner:
- linking data about a user collected from the app,
- with Third-Party Data about that user
- for purposes of targeted advertising or advertising measurement
- Data broker sharing, which means an app owner:
- sharing user data the owner collects with a data broker
Pendo’s SDK (of itself) does not do either of these things. Pendo is not linking data it collects with other data not collected via Pendo for advertising use, and Pendo does not share data with data brokers. So, as a result of their use of Pendo and assuming they are not choosing to “track” users, Pendo customers should not need to implement the App Tracking Transparency framework and obtain their users’ consent to track.
Please refer to Apple’s App Store privacy website for further information including any updates Apple may make to its policies and terminology.