# Guideline 5.1.1 - Privacy: Missing Privacy Manifest (PrivacyInfo.xcprivacy)

**Guideline:** 5.1.1 · **Store:** Apple App Store · **Risk:** low · **Difficulty:** easy

Canonical URL: https://appstorereject.com/rejections/apple/5/guideline-511-privacy-missing-privacy-manifest-privacyinfoxcprivacy

## Description

Your app is missing a PrivacyInfo.xcprivacy file. Since Spring 2024, Apple requires all apps to include a privacy manifest declaring required reason API usage, tracking status, and collected data types.

## Resolution steps

1. **Create the privacy manifest file** — In Xcode, go to File → New → File → App Privacy. This creates `PrivacyInfo.xcprivacy` in your project. Make sure it's added to your app target (check Target Membership in the File Inspector).

2. **Declare required reason API usage** — Add entries to `NSPrivacyAccessedAPITypes` for each required-reason API your app uses:
   - `UserDefaults` → Category: `NSPrivacyAccessedAPICategoryUserDefaults`, Reason: `CA92.1` (access app-specific data)
   - `File timestamp` → Category: `NSPrivacyAccessedAPICategoryFileTimestamp`, Reason: `C617.1` or `DDA9.1`
   - `System boot time` → Category: `NSPrivacyAccessedAPICategorySystemBootTime`, Reason: `35F9.1`
   - `Disk space` → Category: `NSPrivacyAccessedAPICategoryDiskSpace`, Reason: `E174.1`

3. **Set tracking declaration** — Set `NSPrivacyTracking` to `false` unless your app uses ATT (App Tracking Transparency). If you do track, set to `true` and ensure you call `requestTrackingAuthorization`.

4. **Declare collected data types** — Add entries to `NSPrivacyCollectedDataTypes` listing what data your app collects (location, health, contacts, etc.), whether it's linked to the user, and the purpose of collection.

5. **Verify third-party SDK manifests** — Check that all third-party SDKs (Firebase, Facebook, etc.) ship their own privacy manifests. Update SDKs to latest versions — most major SDKs added manifests in early 2024.

6. **Test the manifest** — Build and run your app. In Xcode 15+, go to Product → Generate Privacy Report to verify all required-reason APIs are declared.

**Prevention:**
- Add `PrivacyInfo.xcprivacy` as part of initial project setup
- Review the manifest whenever adding new SDKs or APIs
- Use Xcode's Privacy Report feature in CI to catch missing declarations

---
*Machine-readable source: https://api.appstorereject.com/api/rejections/detail?slug=guideline-511-privacy-missing-privacy-manifest-privacyinfoxcprivacy*