Pendo mobile SDK and Apple's App Store privacy policy

Last updated:

This article details Apple’s App Store privacy policy in relation to the Pendo mobile SDK and offers some guidance on what to provide about your privacy practices.

Overview

From December, 2020, iOS application owners must add details about the data their application might collect and whether that data is linked to the application’s users (or their devices) or used to track those users. This includes data collected through third parties, like Pendo. For information about the data collected about your visitors as part of a mobile implementation of Pendo, see Pendo mobile SDK data collection.

Information about this data collection, use, and tracking must be included in each application owner’s privacy policy, which you can access from your app page in the App Store and from within the app itself. This information is required when you submit apps to the App Store. For more information on these requirements, including any updates Apple might make to its policies and terminology, see Apple's articles: User privacy and data use and App privacy details on the App Store.

Privacy disclosure

Apple’s policies require disclosure of all data collection and use when you submit your application to the App Store. This includes data collected and used by any third-party partners whose code you integrate with your application. Pendo is a “third-party partner” according to Apple requirements. 

At a minimum, we recommend that you disclose that Pendo collects Device ID and product usage data to allow you to, as quoted from Apple’s privacy policies, "evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, and measure audience size or characteristics.” 

You might also need to include details about the data you collect using Pendo and the purposes for which you collect that data based on your unique configuration and usage of Pendo.

Permission to track

Apple's AppTrackingTransparency (ATT) policy is a privacy framework that requires application owners to obtain a user’s permission for “tracking” them. You don't need to do this for Pendo.

The ATT policy was introduced for all Apple devices after the release of iOS 14 and was enforced after iOS 14.5 to limit the amount of user data that application developers can share with other companies. This consent requirement is based on Apple Guideline 5.1.2(i), which states that an application owner must receive explicit permission from an application user through Apple’s App Tracking Transparency APIs to track user activity.

Pendo's SDK doesn't fall under Apple's definition of tracking, which has two parts: advertising use and data broker sharing. Pendo’s SDK doesn't do either of these things. 

  • Advertising use refers to an application owner linking data about a user collected from their application with third-party data about that user for purposes of targeted advertising or advertising measurement.
  • Data broker sharing refers to sharing user data collected by the application owner with a data broker.

Pendo doesn't link data it collects with other data not collected by Pendo for advertising use, and Pendo doesn't share data with data brokers. This means that you don't need to implement the ATT framework and obtain your visitors' consent to track.

Was this article helpful?
4 out of 5 found this helpful