Guideline 5.1.1
Guideline 5.1.1(i) - Privacy: Missing Privacy Policy
Our Take
Apple is rejecting your app because it does not include a privacy policy, or the privacy policy is not accessible from both App Store Connect and within the app itself. Apple requires every app — not just those collecting personal data — to have a visible, functional privacy policy link in two places: (1) the Privacy Policy URL field in App Store Connect, and (2) inside the app where it is easily accessible to users. This is a binary, automated check for the App Store Connect side — if the Privacy Policy URL field is empty or the URL returns a non-200 HTTP status, the rejection is virtually guaranteed. The in-app requirement is checked by the human reviewer, who will look for a link in your settings screen, onboarding flow, or registration page. The fastest path to approval is to host a privacy policy page on your website (even a simple static page is fine) and link it in both locations. The policy does not need to be written by a lawyer — Apple cares that it exists, is accessible, and accurately describes what data your app collects and how it is used. Template generators like Termly, iubenda, or Privacy Policy Generator are commonly used and accepted.
Resolution Guide
**Create a privacy policy page** — If you don't have one, use a template generator (Termly, iubenda, PrivacyPolicies.com). It must describe what data is collected, how it's used, third-party sharing, and deletion rights.
**Host it at a stable HTTPS URL** — Post the privacy policy on your website, a GitHub Pages site, or any publicly accessible HTTPS URL. Verify it loads without authentication and returns HTTP 200.
**Add the URL to App Store Connect** — In App Store Connect, go to your app → App Information → Privacy Policy URL. Paste the URL. This field is required for all apps.
**Add a link inside your app** — Place a tappable 'Privacy Policy' link in your app's Settings screen, About screen, or registration/login flow. It must open the same policy URL in a SafariViewController or WKWebView.
**Verify both links work** — Test the App Store Connect URL in an incognito browser. Test the in-app link on a physical device.
Prevention
Example Rejection Email
Before & After
App Store Connect Privacy Policy URL field is empty; app Settings screen has no privacy policy link
Privacy Policy URL field contains https://example.com/privacy; app Settings screen includes a tappable 'Privacy Policy' link opening the same URL
What changed: Apple requires the privacy policy in two locations — App Store Connect metadata AND inside the app itself. Both must be present and functional.
Community Solutions · 0
Sign in to share your solution.
More Guideline 5 (Legal) rejections
- Guideline 5 - Legal: Remove Watermark Feature
- Guideline 5.1.1 - Data Collection and Storage: Incomplete Privacy Manifest
- Guideline 5.1.1 - Data Collection and Storage: Missing Purpose Strings
- Guideline 5.1.1 - Data Collection and Storage: Privacy Manifest Missing
- Guideline 5.1.1 - Data Collection and Storage: Privacy Nutrition Label Mismatch
- Guideline 5.1.1 - Data Collection and Storage: Privacy Policy