Internal · App Store Connect

App Privacy declarations

For App Store Connect → App Privacy SpeechKey · iOS Draft 1.0

This is an internal reference for filling out App Store Connect → App Privacy. It mirrors what the public Privacy Policy states, mapped to Apple's exact question structure. The recommendations assume the current build: no accounts, no analytics SDKs, BYOK keys stored locally, transcripts stored on-device, diagnostics local-only. If any of those change, revisit the affected row.

Before you submit — verify, don't assume Apple holds you responsible for accuracy. Confirm with the engineering team that no analytics/attribution SDK is bundled and that diagnostic reports are never auto-transmitted. If either is false, the answers below change.

01How to use this page

App Store Connect asks, per data type: (a) is it collected? (b) is it used to track you? (c) is it linked to the user's identity? (d) for what purposes? Apple defines "collect" as transmitting the data off-device in a way you or your partner can access. Note: data sent to a third party purely to perform an on-device-initiated action at the user's request can still need declaring — when in doubt, declare it.

02Tracking

Does this app track users?
No ad identifiers, no data brokers, no cross-app/website tracking, no shared audience matching.
No
Any data used for tracking?
No data type is used for tracking as Apple defines it.
No

Because tracking is "No", you do not need to present the App Tracking Transparency (ATT) prompt — provided no SDK in the build performs tracking on your behalf.

03Data types to declare

Select these under "Data Types". Everything is declared as not linked to identity and not used for tracking.

Apple data typeCollect?Linked?Tracking?Purpose
User Content → Audio DataYesNoNoApp Functionality
User Content → Other User ContentYesNoNoApp Functionality
Diagnostics → Crash / PerformanceOptionalNoNoApp Functionality
PurchasesVia AppleNoNoApp Functionality

04Audio Data

Audio Data — declare
Speech captured for live translation. Streamed to the user's chosen AI provider, not retained by us. Purpose: App Functionality only.
Collect
  • Linked to identity: No
  • Used for tracking: No
  • Purposes: App Functionality

05User Content (transcripts & translations)

Other User Content — declare
Transcripts, translation outputs, meeting content generated from speech. Stored on-device; text is sent to the provider to perform translation.
Collect
  • Linked to identity: No
  • Used for tracking: No
  • Purposes: App Functionality

06Diagnostics

Diagnostics — conditional
If crash/performance reports are only stored locally and exported manually by the user → declare No. If the app auto-transmits any crash/performance data to you or an SDK → declare Yes (not linked, App Functionality).
Verify

Default recommendation given the current build: No — diagnostics are local and exportable only. Change to Yes only if engineering confirms automatic transmission.

07Purchases

Purchases — via Apple
SpeechKey is a paid monthly subscription on the App Store. Apple processes billing; you only learn subscription/entitlement state. Declare Purchases, not linked, not tracking, App Functionality.
Via Apple

08Third-party providers (the data flow to disclose)

Apple's labels don't list each provider, but your Privacy Policy must — and your answers above assume this flow exists. Audio and/or text leaves the device to whichever provider the user connects with their own key:

ProviderRoleReceives
OpenAIRealtime translationAudio / text
Qwen (Alibaba Cloud)Multilingual translationAudio / text
xAI GrokReasoning & translationText
iFLYTEK / xfyunChina-native speechAudio / text
ElevenLabsVoice outputTranslated text
MinimaxVoice outputTranslated text

Each is an independent controller under its own policy and possible model-training terms. These links live in the Privacy Policy and in-app under Settings → Providers.

09Privacy manifest (already in the project)

The app ships a PrivacyInfo.xcprivacy manifest. This is required but separate — it does not replace the App Privacy answers above or the public Privacy Policy URL. Keep all three consistent:

  • Privacy manifest
    Declares required-reason APIs & collected types in the binary
  • App Privacy (ASC)
    The public "nutrition label" — this page
  • Privacy Policy URL
    Public web page — privacy.html

If you list NSPrivacyCollectedDataTypes in the manifest, make sure those match the data types declared here (Audio Data, Other User Content, and Diagnostics/Purchases if applicable).

10Submission checklist

  • Host the Privacy Policy at a public, stable HTTPS URL and paste it into App Store Connect → App Information → Privacy Policy URL.
  • Set Tracking = No; confirm no bundled SDK tracks.
  • Declare Audio Data + Other User Content (App Functionality, not linked, not tracking).
  • Confirm the Diagnostics answer with engineering (local-only → No).
  • Declare Purchases (via Apple) if relevant to your label.
  • Verify PrivacyInfo.xcprivacy matches these data types.
  • Replace any remaining placeholders with verified company details (done: Markus Vaitl, Wengertstr. 18, 72766 Reutlingen) in the Privacy Policy and Imprint.

Internal reference, not legal advice. Apple's questions and definitions change — verify against the current App Store Connect flow and have counsel review before submission.