App Store RejectionGuideline 5.1.1Data Collection and Storage — Privacy Policies

Your app asks for the user's location. Apple wants proof you've explained why.

Guideline 5.1.1 requires a privacy policy that explicitly covers location data collection whenever your app requests location permissions — and it must be accessible without logging in.

What Apple said

Your app requests access to the user's location but does not include a privacy policy URL in your App Store Connect metadata, or the linked privacy policy does not describe how location data is collected, used, or shared. A privacy policy that addresses your app's location data practices is required for apps that access sensitive user data.

What this actually means

The moment your app calls any CoreLocation API — even just 'when in use' authorization — Apple requires a publicly accessible privacy policy that explains what location data you collect, why you collect it, how long you keep it, and whether you share it with third parties. The URL must be entered in App Store Connect and the policy must be reachable without an account or login. A generic privacy policy that doesn't mention location will still get you rejected.

What Apple needs to see

  • A privacy policy URL entered in the 'Privacy Policy URL' field of your App Store Connect app listing
  • The privacy policy must be publicly accessible — no login, no paywall, no broken link
  • The policy must explicitly address location data: what type (precise vs. approximate), when it's collected, why it's needed, and whether it's shared with third parties
  • Your NSLocationWhenInUseUsageDescription and NSLocationAlwaysUsageDescription strings must be specific and honest about why location is needed — 'for app functionality' will not pass

The fix

Pass review in 60 seconds — no coding needed

BaseTerms generates and hosts all the compliance pages Apple requires. Copy your URL. Paste it into App Store Connect. Done.

  1. 1Go to BaseTerms and generate a Privacy Policy for your app, making sure the policy accurately describes whether you collect precise GPS coordinates, approximate location, or both, and your specific purpose for doing so.
  2. 2Publish your privacy policy to your BaseTerms hosted page at yourapp.baseterms.com/privacy and verify the URL loads publicly without any authentication.
  3. 3Paste your BaseTerms privacy policy URL into the Privacy Policy URL field in App Store Connect under your app's listing — this field is separate from the binary itself.
  4. 4Open your Info.plist and update your NSLocationWhenInUseUsageDescription string to be specific and honest: 'We use your location to show nearby [specific feature]' instead of vague language.
  5. 5If you request 'Always On' location access, audit whether you truly need it — reviewers scrutinize this closely — and downgrade to 'When In Use' if background location isn't essential to your core feature.
Generate my pages now — $9

One-time payment. No subscription. No renewal fees.

Common questions

My app only uses approximate location. Do I still need a full privacy policy?
Yes. Any location access — precise or approximate, foreground or background — triggers the requirement for a privacy policy that covers location data. There is no minimum threshold below which the requirement disappears.
What's the difference between the privacy policy URL in App Store Connect and the one inside the app?
They can point to the same URL, and they usually should. App Store Connect requires a URL in the metadata for the listing page. Many guidelines also require the policy to be accessible from within the app itself, typically in a Settings or About screen. Link to the same BaseTerms-hosted page in both places.
Does Apple actually read my privacy policy or do they just check that a URL exists?
Both. Reviewers will follow the link and at minimum scan for whether sensitive data types mentioned in your permission strings appear in the policy. If you ask for location but your privacy policy says 'we collect no personal data,' that contradiction will trigger a rejection.

Ready to pass review?

Generate all your compliance pages in 60 seconds.

Get started — $9