DEV Community

Cover image for Your iOS App Needs a Privacy Policy. Here's How to Get One in 60 Seconds.
dev koan
dev koan

Posted on • Originally published at devkoan.substack.com

Your iOS App Needs a Privacy Policy. Here's How to Get One in 60 Seconds.

#ios #appstore #indiedev #beginners

Most solo iOS developers treat the privacy policy like a tax return. You know you need it. You keep putting it off. And then App Store review comes back rejected, or worse, someone emails you asking about their data.

I've shipped over 20 apps. App #7 got rejected because I linked to a Notion page that had gone private. The fix took two minutes. The delay cost me four days. That's when I stopped winging it.

Here's what I've learned: the policy itself isn't the hard part. Figuring out what your app actually collects is.

The real checklist before you generate anything

Before you touch a privacy policy template, answer these four questions:

  1. Does your app use any analytics SDK? (Firebase, Mixpanel, even Crashlytics)
  2. Does your app store anything on a server you control?
  3. Does your app ask for a name, email, or Apple ID?
  4. Does your app use any third-party ad network?

If you answered yes to any of these, your privacy policy needs to explicitly name them. A vague "we may collect usage data" is not enough for App Store Connect, and it's not enough for GDPR.

What App Store Connect actually needs

Apple requires a privacy policy URL when your app collects user data, uses Sign in with Apple, or targets kids. In practice, almost every app qualifies. The URL just needs to be publicly accessible and stay online as long as the app is live.

A lot of developers link to a Notion page. That works until Notion goes down during your App Store review. Host it somewhere stable.

The fastest way to get this done

I built a free generator that covers the common cases for indie iOS apps: analytics SDKs, in-app purchases, push notifications, GDPR, CCPA, and Korean privacy law (useful if you're targeting the Korean App Store or have users in Korea).

No account required. Pick your SDKs, hit generate, download. That's it — under 60 seconds.

👉 Generate your privacy policy →

It outputs a complete HTML file you can host on GitHub Pages and link directly from App Store Connect.

One thing the generator can't do

It can't know your app's specific data flows. If you're collecting health data, location in the background, or anything involving minors, you need to read Apple's guidelines carefully and probably talk to a lawyer. The generator covers 80% of typical indie apps. For the other 20%, treat it as a starting point, not a finish line.

After you generate it: deploy in 5 minutes

  1. Download the HTML file from the generator
  2. Create a new GitHub repo (e.g. devkoan-legal or yourname-legal)
  3. Drop the HTML file in as index.html
  4. Go to Settings → Pages → Source → main branch → Save
  5. Your policy is live at yourusername.github.io/your-repo-name
  6. Paste that URL into App Store Connect → your app → App Privacy

Free, stable, fast. GitHub Pages doesn't go down during App Store review.

The review process gets smoother when Apple can see you've actually thought about this, not just copied a template.

If you're building solo, the administrative side of shipping apps adds up fast. Next time I'll cover the App Store description itself: how to write one that converts browsers into downloads without sounding like you fed a prompt into GPT.

devkoan is a newsletter for indie developers who build, ship, and earn from code.

I've been collecting patterns like this for a decade — the small shifts that separate developers who stay stuck from the ones who grow fast. 100 of them are in a free guide. Grab it → devkoan.gumroad.com

Top comments (0)