App Store RejectionGuideline 5.1.4Kids Apps Data

Your kids app is sharing data it shouldn't be. Here's what to clean up.

Guideline 5.1.4 is Apple's strictest data privacy rule — it applies specifically to apps targeting children. Analytics SDKs, third-party advertising networks, and social login buttons are all potential violations. This guide walks through every change you need to make.

What Apple said

Your app is targeted at children and shares user data with third-party services that are not compliant with our guidelines for Kids apps. Apps in the Kids category, or apps that may appeal to children, must not include third-party analytics, advertising SDKs, or services that collect user data without verifiable parental consent.

What this actually means

If your app targets children or exists in the Kids category, every third party that receives data from your app must be disclosed and must comply with children's privacy laws. Most standard analytics and ad SDKs fail this test automatically because they collect device identifiers. Apple and the law treat this as a serious violation.

What Apple needs to see

  • Complete removal of any third-party SDK that collects user data, device identifiers, or behavioral analytics
  • A COPPA-compliant privacy policy that explicitly states what data is collected and that parental consent is obtained
  • No social login buttons (Sign in with Facebook, Google, etc.) that pull profile data from adult platforms
  • Parental consent mechanisms that are verifiable, not just checkbox-based, before any data collection
  1. 1Run a full audit of every SDK in your app's dependency tree and remove any that collect identifiers or behavioral data
  2. 2Replace third-party crash reporting and analytics with Apple's first-party tools in Xcode Organizer, which don't transmit data to outside parties
  3. 3Add a parental consent gate that uses a CAPTCHA or out-of-band verification (email to parent) before any account creation or data storage
  4. 4Update your privacy policy to include a children's privacy section — BaseTerms can generate a COPPA-specific privacy policy that covers consent, data minimization, and parental rights
  5. 5Document in your reviewer notes exactly what data is collected (if any) and how parental consent is obtained

While you're at it — Apple also requires these pages for every app.

Fix this rejection, then make sure you're covered on the compliance side too. Apple requires every app to link to a hosted Privacy Policy, Terms of Service, Support page, and Data Deletion page. No link means another rejection — just for a different reason.

Privacy Policy
Terms of Service
Support Page
Data Deletion Page
Generate my compliance pages — $9

Common questions

My app is educational — does 5.1.4 still apply even if I'm not in the Kids category?
Yes. Apple applies the kids data rules to any app that 'may appeal to children' based on its content, art style, and subject matter. An educational app with cartoon characters and simple gameplay will be evaluated under these standards even without a Kids category label.
Can I use Apple's own Sign In with Apple for a kids app?
Sign in with Apple is generally more acceptable than third-party social logins because it minimizes data sharing. However, for very young users you should still implement a parental consent gate before any account creation, regardless of which login method you use.
We collect only an anonymous device ID for syncing across devices — is that really a problem?
Under COPPA and Apple's guidelines, device identifiers are considered personal information when associated with a child's usage patterns. Even 'anonymous' IDs can be a violation. If you need cross-device sync, consider a parent-managed account model where the parent provides the identifying information, not the child's device.