> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fingerprint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Understanding privacy manifest files

In [WWDC 2023](https://developer.apple.com/videos/play/wwdc2023/10060/), Apple announced that starting [Spring 2024](https://developer.apple.com/news/?id=3d8a9yyh), it will require its developers to declare the reasons for using certain APIs (aka Required Reason APIs) that could be misused to collect data about users' devices within privacy manifest files.

[Privacy manifest files](https://developer.apple.com/documentation/bundleresources/privacy-manifest-files) allow developers to describe their privacy practices:

* [Data](https://developer.apple.com/documentation/bundleresources/describing-data-use-in-privacy-manifests) that their app or SDK collects and its purpose.
* [Required Reason APIs](https://developer.apple.com/documentation/bundleresources/describing-use-of-required-reason-api) that their app or SDK uses and the reason for using them.

<Check>
  Important note: the [privacy manifest
  file](/docs/mobile-devices-understanding-privacy-manifest-files#privacy-manifest-file-for-fingerprint-identification-sdk)
  and the [privacy nutrition
  labels](/docs/mobile-devices-understanding-privacy-manifest-files#app-store-nutrition-labels-guidance-for-your-app)
  are two separate things - the privacy manifest is a 'plist' file bundled with the app/SDK, while
  the Nutrition Labels are what developers fill out in App Store Connect before submission. The
  privacy manifest report generated by Xcode can help populate the labels more accurately, but
  developers still need to manually apply the correct labels in the submission interface.
</Check>

In this article, we will walk you through the privacy manifest file for Fingerprint [iOS SDK](/docs/ios) and share guidance on App Store Nutrition Labels to help you complete them in App Store Connect before submission.

## Privacy Manifest File for Fingerprint Identification SDK

Starting with v2.3.2, the Fingerprint Identification SDK for iOS includes a privacy manifest file. Apple requires that every privacy manifest file contains the following keys.

### NSPrivacyTracking

Fingerprint Identification SDK does not use the collected data for tracking, and hence, the NSPrivacyTracking key is set to `false`.

```xml XML wrap theme={"theme":"github-dark-dimmed"}
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyTracking</key>
<false/>
```

### NSPrivacyTrackingDomains

Fingerprint Identification SDK for iOS does not connect with any Internet domains that engage in tracking users. The NSPrivacyTrackingDomains key is set to an empty array of domains.

```xml XML wrap theme={"theme":"github-dark-dimmed"}
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyTrackingDomains</key>
<array/>
```

### NSPrivacyCollectedDataTypes

Apple has identified [a list of data types](https://developer.apple.com/documentation/bundleresources/describing-data-use-in-privacy-manifests#4250555) that, when collected, may help to identify/track the device. These are the data types our iOS SDK collects from the device:

* `NSPrivacyCollectedDataTypeDeviceID` - device ID; such as the device’s advertising identifier, or other device-level ID.
* `NSPrivacyCollectedDataTypePreciseLocation` - precise location; information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places (started collecting since [iOS SDK 2.10.0](/docs/changelog-ios-sdk#v2-10-0)).
* `NSPrivacyCollectedDataTypeCoarseLocation` - coarse location; information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services (started collecting since [iOS SDK v2.10.0](/docs/changelog-ios-sdk#v2-10-0)).

Apple also requires [describing data use](https://developer.apple.com/documentation/bundleresources/describing-data-use-in-privacy-manifests#4250556) in privacy manifests as part of this dictionary item. This data is represented in the `NSPrivacyCollectedDataTypes` key in our privacy manifest file:

```xml XML wrap theme={"theme":"github-dark-dimmed"}
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyCollectedDataTypes</key>
<array>
  <dict>
    {/*  The value provided by Apple for 'Device ID' data type  */}
    <key>NSPrivacyCollectedDataType</key>
    <string>NSPrivacyCollectedDataTypeDeviceID</string>

    {/*  Fingerprint Identification SDK does not link the 'Device ID' with user's identity  */}
    <key>NSPrivacyCollectedDataTypeLinked</key>
    <false/>

    {/*  Fingerprint Identification SDK does not use 'Device ID' for tracking  */}
    <key>NSPrivacyCollectedDataTypeTracking</key>
    <false/>

    {/*  Fingerprint Identification SDK uses 'Device ID' for App Functionality
         (prevent fraud and implement security measures)  */}
    <key>NSPrivacyCollectedDataTypePurposes</key>
    <array>
      <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
    </array>

  <dict>
    {/*  The value provided by Apple for 'Precise Location' data type  */}
    <key>NSPrivacyCollectedDataType</key>
    <string>NSPrivacyCollectedDataTypePreciseLocation</string>

    {/*  Fingerprint Identification SDK does not link the 'Precise Location' with user's identity  */}
    <key>NSPrivacyCollectedDataTypeLinked</key>
    <false/>

    {/*  Fingerprint Identification SDK does not use 'Precise Location' for tracking  */}
    <key>NSPrivacyCollectedDataTypeTracking</key>
    <false/>

    {/*  Fingerprint Identification SDK uses 'Precise Location' for App Functionality
         (prevent fraud and implement security measures)  */}
    <key>NSPrivacyCollectedDataTypePurposes</key>
    <array>
      <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
    </array>
  </dict>

  <dict>
    {/*  The value provided by Apple for 'Coarse Location' data type  */}
    <key>NSPrivacyCollectedDataType</key>
    <string>NSPrivacyCollectedDataTypeCoarseLocation</string>

    {/*  Fingerprint Identification SDK does not link the 'Coarse Location' with user's identity  */}
    <key>NSPrivacyCollectedDataTypeLinked</key>
    <false/>

    {/*  Fingerprint Identification SDK does not use 'Coarse Location' for tracking  */}
    <key>NSPrivacyCollectedDataTypeTracking</key>
    <false/>

    {/*  Fingerprint Identification SDK uses 'Coarse Location' for App Functionality
         (prevent fraud and implement security measures)  */}
    <key>NSPrivacyCollectedDataTypePurposes</key>
    <array>
      <string>NSPrivacyCollectedDataTypePurposeAppFunctionality</string>
    </array>
  </dict>
</array>

```

### NSPrivacyAccessedAPITypes

Fingerprint Identification SDK for iOS uses the following Required Reason APIs which have to be included in the privacy manifest file:

1. [File timestamp APIs](https://developer.apple.com/documentation/bundleresources/describing-use-of-required-reason-api#4278394)
2. [System boot time APIs](https://developer.apple.com/documentation/bundleresources/describing-use-of-required-reason-api#4278394)

```xml XML wrap theme={"theme":"github-dark-dimmed"}
{/*  Privacy manifest file for Fingerprint Identification SDK for iOS  */}
<key>NSPrivacyAccessedAPITypes</key>
<array>
  <dict>
    {/*  The value provided by Apple for 'System boot time APIs'  */}
    <key>NSPrivacyAccessedAPIType</key>
    <string>NSPrivacyAccessedAPICategorySystemBootTime</string>

    {/*  Fingerprint Identification SDK uses 'System boot time APIs' to measure the amount of
          time that has elapsed between events that occurred within the SDK  */}
    <key>NSPrivacyAccessedAPITypeReasons</key>
    <array>
      <string>35F9.1</string>
    </array>
  </dict>
  <dict>
    {/*  The value provided by Apple for 'File timestamp APIs'  */}
    <key>NSPrivacyAccessedAPIType</key>
    <string>NSPrivacyAccessedAPICategoryFileTimestamp</string>

    {/*  Fingerprint Identification SDK uses 'File timestamp APIs' to manage persistent cache
         data  */}
    <key>NSPrivacyAccessedAPITypeReasons</key>
    <array>
      <string>C617.1</string>
    </array>
  </dict>
</array>
```

## Privacy Manifest File for your App

Below, you will find answers to some of the most frequently asked questions with respect to creating privacy manifest files for your iOS apps:

**My app uses Fingerprint Identification SDK, but the app itself does not collect any** [**sensitive data**](https://developer.apple.com/documentation/bundleresources/describing-data-use-in-privacy-manifests#4250555)**. It also does not use any of the Required Reason APIs. Should I still provide a privacy manifest file for my app?**

* No. According to [Apple documentation](https://developer.apple.com/documentation/bundleresources/describing-data-use-in-privacy-manifests), your app’s privacy manifest file doesn’t need to cover data collected by third-party SDKs that your app links to.

**My app uses Fingerprint Identification SDK. The app also collects the same data as the SDK for the same purpose specified in the SDK's privacy manifest file. Should I still provide a privacy manifest file for my app?**

* Yes. Apple will aggregate the privacy manifest files provided for your app and all the third-party SDKs your app links to. See [Create your app's privacy report](https://developer.apple.com/documentation/bundleresources/describing-data-use-in-privacy-manifests#4239187) for more information.

**My app uses Fingerprint Identification SDK. What kind of assistance can Fingerprint provide towards submitting my app for review?**

* This page is a good starting point for creating the privacy manifest file for your app. For a complete privacy manifest example, you can also refer to the [privacy manifest file of our demo app](https://github.com/fingerprintjs/fingerprint-device-intelligence-ios-demo/blob/main/FingerprintProDemo/PrivacyInfo.xcprivacy).
* We can review the privacy manifest file for your app to ensure that the use of Fingerprint Identification SDK is represented correctly.
* During the app submission process, we will help you answer any questions Apple raises about the data collected/processed by Fingerprint Identification SDK.

## App Store Nutrition Labels Guidance for Your App

If your app includes Fingerprint iOS SDK, then you can use the following as a reference to fill out the Nutrition Labels in App Store Connect:

### Data Collection and Security

| Question                                                       | Answer |
| -------------------------------------------------------------- | ------ |
| Does your app collect or share any of the required data types? | Yes    |
| Is all collected data encrypted in transit?                    | Yes    |

### Data types

| Apple Data Category | Fingerprint iOS SDK Relevance                                                                                            |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------ |
| Device ID           | Yes - the SDK collects device-level identifiers                                                                          |
| Precise Location    | Yes - collected since [iOS SDK v2.10.0+](/docs/changelog-ios-sdk#september-2025) (requires user consent for permissions) |
| Coarse Location     | Yes - collected since [iOS SDK v2.10.0+](/docs/changelog-ios-sdk#september-2025) (requires user consent for permissions) |
| Performance Data    | Yes - collected since [iOS SDK v2.15.0+](/docs/changelog-ios-sdk#march-2026)                                             |

### Data Usage and Handling

| Question                       | Device ID                                      | Precise Location                               | Coarse Location                                |
| ------------------------------ | ---------------------------------------------- | ---------------------------------------------- | ---------------------------------------------- |
| Collected, shared, or both?    | Collected                                      | Collected                                      | Collected                                      |
| Linked to the user's identity? | No                                             | No                                             | No                                             |
| Used for tracking?             | No                                             | No                                             | No                                             |
| Primary purpose?               | App Functionality (Fraud Prevention, Security) | App Functionality (Fraud Prevention, Security) | App Functionality (Fraud Prevention, Security) |

Note: Apple clarifies that even if data is collected solely for your app functionality, it still must be declared - the purpose just needs to be accurately indicated as "App Functionality" rather than advertising or analytics, see for reference [App privacy details on the App Store](https://developer.apple.com/app-store/app-privacy-details/).

### What's Different from the Privacy Manifest

|                       | Privacy Manifest                                                 | App Privacy Nutrition Labels      |
| --------------------- | ---------------------------------------------------------------- | --------------------------------- |
| **Where?**            | Bundled inside the SDK/app binary                                | Filled out in App Store Connect   |
| **Who fills it out?** | SDK vendor (Fingerprint provides it in starting iOS SDK v2.3.2+) | App developer (you)               |
| **When required?**    | At build/distribution time                                       | At app submission time            |
| **Covers SDK data?**  | Yes, automatically aggregated by Xcode                           | Yes, but must be manually applied |

Below, you will find answers to some of the most frequently asked questions with respect to filling out Nutrition Labels for your iOS apps:

**Do I need to declare Fingerprint's data in my app's Privacy Nutrition Label even if the SDK has its own privacy manifest?**

* Yes. While the Fingerprint SDK's privacy manifest will be combined with your app's manifest by Xcode into a single report, you are still responsible for applying the correct Nutrition Labels in App Store Connect. The manifest report helps you fill this out accurately, but it does not automatically populate the labels.

**Is using Fingerprint considered 'tracking' under Apple's definition?**

* No. Apple's guidelines specify that sharing data with a data broker that uses it solely for fraud detection or prevention or security purposes is not considered tracking. Since Fingerprint is used for fraud prevention and security, neither [NSPrivacyTracking](https://developer.apple.com/documentation/bundleresources/app-privacy-configuration/nsprivacytracking) nor the App Tracking Transparency (ATT) prompt are required.

**Who is responsible for keeping the labels accurate?**

* Developers are responsible for all code included in their apps, including third-party SDKs. If you are unsure about the data collection practices of the Fingerprint SDK, this page and Fingerprint's support team are the right resources.
