Guideline 5.1.1

Guideline 5.1.1(i) - Privacy: Missing Privacy Policy

Low RiskEasyTypical Fix: 1-2 hours0 Reports
Also known as:App does not include a privacy policyMissing privacy policy link in App Store ConnectPrivacy policy link within the app is not accessible or returns an errorApp collects user data but does not include a privacy policyPrivacy policy URL field is empty in App Store Connect

Our Take

Apple is rejecting your app because it does not include a privacy policy, or the privacy policy is not accessible from both App Store Connect and within the app itself. Apple requires every app — not just those collecting personal data — to have a visible, functional privacy policy link in two places: (1) the Privacy Policy URL field in App Store Connect, and (2) inside the app where it is easily accessible to users. This is a binary, automated check for the App Store Connect side — if the Privacy Policy URL field is empty or the URL returns a non-200 HTTP status, the rejection is virtually guaranteed. The in-app requirement is checked by the human reviewer, who will look for a link in your settings screen, onboarding flow, or registration page. The fastest path to approval is to host a privacy policy page on your website (even a simple static page is fine) and link it in both locations. The policy does not need to be written by a lawyer — Apple cares that it exists, is accessible, and accurately describes what data your app collects and how it is used. Template generators like Termly, iubenda, or Privacy Policy Generator are commonly used and accepted.

Resolution Guide

01

**Create a privacy policy page** — If you don't have one, use a template generator (Termly, iubenda, PrivacyPolicies.com). It must describe what data is collected, how it's used, third-party sharing, and deletion rights.


02

**Host it at a stable HTTPS URL** — Post the privacy policy on your website, a GitHub Pages site, or any publicly accessible HTTPS URL. Verify it loads without authentication and returns HTTP 200.


03

**Add the URL to App Store Connect** — In App Store Connect, go to your app → App Information → Privacy Policy URL. Paste the URL. This field is required for all apps.


04

**Add a link inside your app** — Place a tappable 'Privacy Policy' link in your app's Settings screen, About screen, or registration/login flow. It must open the same policy URL in a SafariViewController or WKWebView.


05

**Verify both links work** — Test the App Store Connect URL in an incognito browser. Test the in-app link on a physical device.

Prevention

  • Set up the privacy policy before your first submission
  • Use a monitoring service or uptime check on the privacy policy URL
  • Include the link in your app's settings screen as a standard pattern
  • Example Rejection Email

    From:Apple App Review Team
    Subject:Guideline 5.1.1 - Guideline 5.1.1(i) - Privacy: Missing Pr
    Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Your app does not include a privacy policy, which is required for all apps on the App Store. Specifically, your app is missing a valid privacy policy link in App Store Connect and/or does not include a link to the privacy policy within the app. Next Steps: Please add a link to a valid, publicly accessible privacy policy in: 1. The Privacy Policy URL field in App Store Connect. 2. Within the app itself, accessible from the app's settings or equivalent area. The privacy policy must clearly identify what data is collected, how it is collected, all uses of that data, and the data retention/deletion policies.

    Before & After

    Before — Rejected

    App Store Connect Privacy Policy URL field is empty; app Settings screen has no privacy policy link

    After — Approved

    Privacy Policy URL field contains https://example.com/privacy; app Settings screen includes a tappable 'Privacy Policy' link opening the same URL

    What changed: Apple requires the privacy policy in two locations — App Store Connect metadata AND inside the app itself. Both must be present and functional.

    Community Solutions · 0

    Sign in to share your solution.

    More Guideline 5 (Legal) rejections

    View all Guideline 5 rejections