A compliant iOS privacy policy has to answer a specific set of questions Apple's reviewers cross-check against your App Privacy questionnaire. This page explains what those questions are, what the generated policy needs to say, how App Tracking Transparency affects the language, and how to get a hosted policy in under a minute without writing legal boilerplate by hand.
Apple's review team compares your hosted privacy policy against the Data Collection answers you provided in App Store Connect. Every category you checked in the questionnaire (identifiers, usage data, diagnostics, purchases, location, etc.) needs to show up in the policy text. Every category you did NOT check shouldn't be implied either.
Your policy should also clearly state: who you are, what data is collected, why, whether it's shared with third parties (including analytics SDKs and ad networks), how users can request deletion, and how to contact you. If your app uses App Tracking Transparency, the policy should mention that too — including whether you actually track users across apps and websites.
Analytics (Firebase, Amplitude, Mixpanel, etc.) — the policy must mention these SDKs collect anonymized usage data. Crash reporting (Crashlytics, Sentry) — mention diagnostic data. Location — mention when and why location is accessed. In-app purchases — note that payments are processed by Apple, not you. User accounts — if applicable, explain what's stored and how to request deletion.
For apps with ads, the policy must disclose ad SDK data collection (AdMob, AppLovin, Unity Ads, Meta Audience Network). For apps using RevenueCat or similar, the policy should mention that a third-party subscription management service receives anonymized purchase events.
If your app shows the ATT prompt, the privacy policy should describe what happens when the user allows tracking versus denies it. 'If you allow tracking, we share device identifiers with our analytics and advertising partners; if you deny tracking, we collect only aggregated non-identifying data' is the kind of language Apple's reviewers look for. Vague language about 'personalized experiences' isn't enough.
You enter your app name, pick which categories apply (analytics, location, accounts, ads, payments), and BaseTerms generates a privacy policy with the correct language for each category. The output is a real, hosted web page at yourapp.baseterms.com/privacy — the format Apple's reviewers actually click. Free to copy the raw Markdown and self-host, $9 one-time to use the hosted subdomain.
Ready to ship?
Privacy Policy, Terms, Support, and Data Deletion — all 4 pages, ready to paste into App Store Connect and Google Play Console. Copy the raw Markdown free or host on a custom subdomain for $9 one-time.
One-time payment. No subscription. No renewal fees.