App Store RejectionGuideline Google Play — Data SafetyData Safety Section

Your Data Safety section doesn't match what your app actually does.

Google Play's Data Safety section is not optional and it can't be vague. If your declared data practices don't match what your app actually does — or what your SDKs do — you'll be rejected or penalized. This guide explains every field and how to get it right.

What Apple said

Your app's Data Safety section is incomplete or inaccurate. The data practices you have disclosed do not match the data your app collects. All apps must accurately disclose data collection, sharing, and security practices in the Data Safety form.

What this actually means

Google introduced the Data Safety section to give users a clear summary of how apps handle their data. Google audits these declarations against your APK and your privacy policy. If your app sends data to third-party analytics or ad services that you haven't disclosed, or if you've left fields blank, your app will be rejected or removed.

What Apple needs to see

  • Accurate disclosure of every data type your app and its third-party SDKs collect
  • Correct indication of whether data is shared with third parties and for what purpose
  • Whether users can request data deletion — and a working process to fulfill that request
  • Security practices like data encryption in transit marked accurately
  1. 1Audit every SDK in your app and check their own Data Safety documentation — Google provides SDK-level data disclosure guides for popular libraries like Firebase, AdMob, and Facebook
  2. 2Open Play Console > App Content > Data Safety and fill out every section based on your actual data practices, not what you wish they were
  3. 3Mark data deletion as available if you support it — link to your data deletion request page, which BaseTerms can generate and host for you
  4. 4Ensure your privacy policy language matches your Data Safety declarations exactly — contradictions between the two are a red flag
  5. 5After saving, use Google's 'Preview' feature in the Data Safety form to see how your declarations will appear to users, then verify they are accurate

While you're at it — Apple also requires these pages for every app.

Fix this rejection, then make sure you're covered on the compliance side too. Apple requires every app to link to a hosted Privacy Policy, Terms of Service, Support page, and Data Deletion page. No link means another rejection — just for a different reason.

Privacy Policy
Terms of Service
Support Page
Data Deletion Page
Generate my compliance pages — $9

Common questions

Do I need to declare data from SDKs I don't control?
Yes. Google holds you responsible for data collected by every SDK in your app. If you use Firebase Analytics, AdMob, or Crashlytics, those SDKs collect data you must declare. Google provides a list of common SDKs and their data types to help, but you should verify against each SDK's own documentation.
What happens if I get the Data Safety section wrong after publishing?
Google can remove your app from the Play Store or add a warning banner to your listing if they find your declarations inaccurate after publication. It's worth investing the time to get this right upfront rather than dealing with removal post-launch.
My app lets users delete their account — does that count as data deletion?
It can, but you need to be specific. Data deletion means the user can request that all personal data associated with them is permanently deleted, not just that their account is deactivated. You need a clear process and ideally a dedicated page that explains how to submit a deletion request.