Starting December 8, 2020, Apple will require a privacy disclosure for all new apps and app updates. You will need to respond to the app privacy questions in the App Privacy tab in App Store Connect. Instructions from Apple can be found here. As OneSignal is a third-party to your app, you’ll need to ensure you are properly disclosing to your users the ways you are using OneSignal in regards to their data.
By default, OneSignal only collects Purchases (in-app) and Usage Data (clicks and session duration) for iOS apps. Users who set up and collect additional data through Data Tags or Outcomes will need to disclose those additional data types.
Please review the following Data Types when filling out your privacy details.
Data Types
✅ = Required when using OneSignal
💡 = May be required when using OneSignal
❌ = Not required when using OneSignal
Data Type | Required? |
|---|---|
Contact Info | 💡 If you use Data Tags or Outcomes to collect identifiable contact information including name, email address, phone number, physical address, or other contact info |
Health & Fitness | 💡 If you use Data Tags or Outcomes to collect health or fitness data from users |
Financial Info | 💡 If you use Data Tags or Outcomes to collect financial information from users |
Location | 💡 OneSignal collects the GPS coordinates of the device if your app asks for and receives permission from users |
Sensitive Info | 💡 If you use Data Tags or Outcomes to collect sensitive information including racial or ethnic data, political opinions, or biometric data from users |
Contacts | 💡 If you use Data Tags to collect address books or contact lists from users |
User Content | 💡 If you use Data Tags or Outcomes to collect user-generated content |
Browsing History | ❌ OneSignal does not collect browsing history from users |
Search History | ❌ OneSignal does not collect search history from users |
Identifiers | ❌ OneSignal does not collect IDFA as of iOS SDK version 2.16.0* |
Purchases | ✅ OneSignal collects Consumable in-app purchase data while our SDK is active |
Usage Data | ✅ OneSignal collects user First Session, Last Session, Session Count, Total Usage Duration, and Notification Clicks |
Diagnostics | ❌ OneSignal does not collect device diagnostic information |
*IDFA and IDFV are no longer captured by the OneSignal iOS SDK as of version 2.16.0 and 3.0.0 beta cut 4. If you’re using an older version of the SDK prior to 2.16.0, you will need to disclose this as collected data.
Required Data Types
Type: Purchases
If your app has in-app purchases, you must disclose that your app collects ‘Purchases’ information in your data collection response.
1. Purchase History
For OneSignal, at a bare minimum, you must select ‘Analytics’. This information is used in OneSignal’s dashboard features including Segments and Outcomes.
Additional Selections
If you are using OneSignal for any of the other options listed or have set up additional data collection through OneSignal, you will need to select those options as well.
2. Purchase History Linked to Identity
Apple will now ask if you are linking purchase history data to a user’s identity. If you are using OneSignal’s anonymous app player IDs and do not have a way to identify individual users, you can select ‘No’.
If you are using an app user ID that can be tied to a user’s email address or other contact information via your own server or other third parties, you should select ‘Yes’.
3. Purchase History for Tracking
Finally, to indicate if purchase history data will be used for tracking purposes, you will need to read Apple’s examples and determine if your app meets their definitions of tracking.
OneSignal, as a third-party, does not inherently use purchase history to track users across different apps for advertising. If you are using integrations or other SDKs that do this, you may need to disclose that here.
Once your information is saved, you should see the below summary in your account.
Type: Usage Data - Product Interaction
You must disclose that your app collects ‘Product Interaction’ data under the ‘Usage Data’ section in your data collection response.
1. Product Interaction
For OneSignal, at a bare minimum, you must select ‘Analytics’. This information is used in OneSignal’s dashboard features including Segments and Outcomes.
Additional Selections
If you are using OneSignal for any of the other options listed or have set up additional data collection through OneSignal, you will need to select those options as well.
2. Product Interaction Linked to Identity
Apple will now ask if you are linking product interaction data to a user’s identity. If you are using OneSignal’s anonymous app player IDs and do not have a way to identify individual users, you can select ‘No’.
If you are using an app user ID that can be tied to a user’s email address or other contact information via your own server or other third parties, you should select ‘Yes’.
3. Product Interaction for Tracking
Finally, to indicate if product interaction data will be used for tracking purposes, you will need to read Apple’s examples and determine if your app meets their definitions of tracking.
OneSignal, as a third-party, does not inherently use product interaction data to track users across different apps for advertising. If you are using integrations or other SDKs that do this, you may need to disclose that here.
Once your information is saved, you should see the below summary in your account.
Review
After making your privacy selections, Apple will show a product page preview of your app's privacy details. If you have chosen Purchases and Usage Data as described above, your privacy details should look like this:
If the way you set up and collect data changes in the future, you should return to App Store Connect to edit your responses.
Updated about a month ago