Sendbird's privacy policy change to address Apple's new 2023 app privacy guidelines
Apple’s 2023 app privacy announcement
In an ever-evolving digital landscape where privacy is paramount, Apple's 2023 app privacy announcement marks a significant shift in how app developers approach user data. This change aligns with the growing demand for transparency and sets a new standard for privacy practices in the app development community.
In response to this pivotal update, we at Sendbird are committed to guiding our developers through these changes, ensuring that our SDKs for chat, calls, notifications, live streaming, and AI chatbots remain at the forefront of privacy compliance.
This guide is designed to provide a comprehensive overview of Apple's new policies and how they impact your applications using Sendbird's services.
Introduction to Apple’s announcement
App privacy details on the app store
Apple requires developers to disclose their app's privacy practices, including those of third-party partners, on each app's product page. This helps users understand the app's data types and whether the data is linked to or used to track them.
New updates for privacy labels
Apple introduced signatures for third-party SDKs and privacy manifests, making it easier for developers to provide accurate Privacy Nutrition Labels. More data type options are now available for these labels.
Responsibility of developers
Developers are responsible for identifying all data collected by their app or third-party partners. This data must be disclosed unless it meets specific criteria for optional disclosure. Developers are responsible for keeping their privacy responses accurate and up to date.
Data use and linkage to user
Developers must understand how each data type is used and whether it's linked to the user’s identity. Specific privacy protections should be in place to de-identify or anonymize data.
Tracking and third-party data
Developers must understand if their app or third-party partners use data to track users and declare such data. "Tracking" refers to linking data collected from the app with third-party data for targeted advertising or sharing with a data broker.
Privacy policy and user choices
Apple advises developers to add links on their product page for their privacy policy and an optional link for users to manage their privacy choices.
Additional guidance
Specific guidelines are provided for different scenarios, such as apps with web views, IP address collection, in-app messaging, and Apple frameworks.
Privacy manifests
Introduced in WWDC 2023, the privacy manifest helps developers identify the privacy practices of their app's dependencies. They declare what data types are collected by SDKs, how they are used, and if they are linked to the user or used for tracking. This helps developers accurately represent privacy in their apps.
How to ensure compliance with Apple’s privacy policy with Sendbird
Label the data you collect in your app using the Sendbird SDK to ensure compliance with Apple's privacy policy. Please refer to the updated Sendbird privacy policy.
Here's how you can categorize and label each type of data listed:
User ID
Label: Identifiers
Description: Used for identifying Sendbird users in and across Chat SDK, UIKit SDK, Calls SDK, Live SDK, and Desk SDK
WebSockets session
Label: Other Usage Data
Description: Tracks WebSocket sessions for billing and session management in a Chat SDK. An end user can’t notice it could be used for billing purposes with the SDK
Text message
Label: Emails or Text Messages
Description: Enables private messaging between users in Chat SDK
File message binary
Label: Other User Content
Description: Supports file sharing in private messaging in a Chat SDK
Cached channel, message, member list
Label: Other User Content
Description: Local caching of messages, channels, and member lists for private messaging in a Chat SDK
Remote notification ACK
- For typical remote notifications
Label: Other Diagnostic Data
Description: Analyzes delivery of remote push notifications in a Chat SDK
- For Notification Center
Label: Product interfaction
Description: Provide delivery ratio for remote push notification from a UIKit SDK
Feedback of bot message
Label: Other Diagnostic Data
Description: For Generative AI, collect end users’ feedback on bot messages created by Generative AI
CTR (Click Through Ratio)
Label: Product Interaction
Description: Measures user interaction in UIKit SDK for Notification Center
Photos or videos
Label: Photos or Videos
Description: Users can attach photos or videos in messages using a UIKit SDK
Audio data
Label: Audio Data
Description: Enables attaching audio data in messages in a UIKit SDK
Voice message
Label: Audio Data
Description: Provides voice messaging feature in a UIKit SDK
Other user content (file attachment)
Label: Other User Content
Description: Supports various file types for messaging in a UIKit SDK
Audio streaming
Label: User Content
Description: Delivers and receives audio streaming in a Calls SDK and Live SDK
Video streaming
Label: User Content
Description: Delivers and receives video streaming in a Calls SDK and Live SDK
Media streaming statistics
Label: Other Diagnostic Data
Description: Provides streaming quality data in a Calls SDK and Live SDK
Cloud recording
Label: Other User Content
Description: Records voice and video streams on the server in a Calls SDK and a Live SDK
Local recording
Label: Other User Content
Description: Records voice and video streams on the device in a Live SDK
Remote Notification ACK, VoIP Push Notification ACK
Label: Other Diagnostic Data
Description: Analyzes delivery of push notifications in a Calls SDK
Ticket
Label: Customer Support
Description: Manages ticket and ticket information for customer support in a Desk SDK
This labeling should help your users understand what data is collected and why, aligning with Apple's privacy requirements. Ensure this information is easily accessible and understandable in your app's privacy policy or relevant section.
Guidelines for developers
Embrace transparency and control
Apple emphasizes privacy as a fundamental right. The introduction of privacy manifests and updates to the Privacy Nutrition Labels and App Tracking Transparency are designed to enhance transparency and control for users.
Privacy manifests for third-party SDKs
Privacy manifests
Developers should use privacy manifests provided by third-party SDKs. You can create a new privacy manifest right from the Xcode navigator by creating a file named "PrivacyInfo.xcprivacy".
Property list
These manifests, which can be created in Xcode, detail the data types collected, their usage, user linkage, and tracking status. Ensure the manifest aligns with your understanding of the SDK's functionality.
Utilize Xcode for privacy reports
Xcode 15 can aggregate all privacy manifests in your app's project and generate a privacy report. This report is a valuable tool for reviewing and understanding the privacy practices of your app and its dependencies, aiding in accurate representation on the App Store.
Notes on text messages and user content
As a developer integrating Sendbird SDK into your application, paying close attention to the data types associated with text messages and user content is crucial. Many developers leverage Sendbird's robust messaging capabilities, which necessitate collecting and processing various forms of user-generated content, including text messages, files, and multimedia. Under Apple's updated privacy policy, it is essential to accurately declare ‘Emails or Text Messages’ and ‘User-Generated Content’ on your app's privacy labels. This ensures transparency with your users and compliance with App Store guidelines. Remember, even if these data types are integral to your app's functionality and not used for analytics or advertising, they must be declared. We encourage you to review how your app uses these data types and reflect this in your privacy practices. By being transparent about your data usage, you adhere to Apple’s policies and build trust with your user base, affirming your commitment to their privacy and data security.
Act now to ensure privacy compliance with Apple’s 2023 app privacy announcement
As we navigate a new era of heightened privacy awareness and respond to Apple's 2023 app privacy announcement, it's crucial for developers to take immediate and proactive action. This announcement is more than a policy update; it's a call to action for prioritizing user privacy and transparency.
We recommend reviewing and updating your app's data collection and privacy practices in light of Apple's policies and the capabilities of the Sendbird SDK. Utilize tools like Xcode's privacy manifests for accurate representation on the App Store, and maintain transparency to build user trust and compliance. Don't hesitate to update your app’s details in App Store Connect and seek additional guidance to align with these standards.
By adhering to the guidelines in this document and leveraging the resources provided, developers can ensure compliance with Apple's requirements and demonstrate a commitment to user data protection. We encourage all developers using Sendbird's SDKs to contribute to a more secure and trust-centric app ecosystem. For further information and assistance, refer to the provided links and our updated privacy policy. Your proactive steps are vital in shaping a privacy-conscious future for app development.
