Need a privacy policy? Generate one for free in 60 seconds →

Generate Free
← Back to Blog

App Store Rejected for Privacy Policy? How to Fix It Fast

·8 min read

You spent months building your app, submitted it to the App Store or Play Store, and… rejected. Reason: "Missing or incomplete privacy policy." Frustrating, but fixable. In this guide, we'll show you exactly what Apple and Google require, how to generate a compliant privacy policy in under an hour, and how to resubmit successfully.

Why Apps Get Rejected for Privacy Policy Issues

Both Apple and Google have strict privacy policy requirements:

Apple App Store (Guideline 5.1.1)

Apple rejects apps for:

  • No privacy policy at all — Every app must have one, even if it collects no data
  • Broken or inaccessible link — The URL in App Store Connect must work
  • Generic or incomplete policy — Must be specific to your app, not a copied template
  • Doesn't match App Privacy labels — If you declared data collection in the "App Privacy" section, the policy must mention it
  • Missing third-party disclosures — If you use analytics, ads, or third-party SDKs, they must be disclosed

Google Play Store

Google rejects apps for:

  • No privacy policy for apps that collect personal or sensitive data
  • Policy not hosted on an active URL — Must be publicly accessible
  • Policy doesn't match data safety form — The disclosures in your Data Safety section must align with the policy
  • Missing user rights disclosures — GDPR and CCPA rights must be explained if you have EU/CA users

What Apple and Google Expect in Your Privacy Policy

Both stores have similar requirements, but there are nuances:

Required Sections

  • What data you collect — Be specific: email, name, location, device ID, usage data, etc.
  • How you use the data — App functionality, analytics, ads, personalization, customer support
  • Third-party services — Every SDK that collects data: Firebase, Google Analytics, Facebook SDK, AdMob, RevenueCat, etc.
  • Data sharing — Who you share data with: analytics providers, ad networks, cloud hosting
  • User rights — Access, correction, deletion, opt-out (especially for GDPR and CCPA)
  • Data retention — How long you keep user data
  • Security measures — How you protect data (encryption, access controls)
  • Contact information — Email or contact form for privacy inquiries
  • Updates to the policy — How users will be notified of changes

Apple-Specific Requirements

  • Match your App Privacy labels — The data types you declared in App Store Connect must appear in your privacy policy
  • If you use Sign in with Apple — Mention that users can sign in without sharing their real email
  • If your app is for kids — COPPA compliance is required (no behavioral advertising, limited data collection)

Google-Specific Requirements

  • Match your Data Safety form — The data categories in your Play Console Data Safety section must match the policy
  • Advertising ID disclosure — If you collect the Android Advertising ID, disclose it and explain how users can reset it
  • Permissions justification — Explain why you request sensitive permissions (location, camera, microphone, contacts)

Common Privacy Policy Mistakes That Cause Rejections

1. Using a Generic "Lorem Ipsum" Template

Reviewers spot copy-paste templates instantly. Your policy must be specific to your app — mention your app name, your actual data practices, and the SDKs you use.

2. Not Disclosing Third-Party SDKs

This is the #1 rejection reason. If your app uses Firebase, Google Analytics, Facebook SDK, AdMob, Crashlytics, RevenueCat, Stripe, or any other SDK — you must disclose it and link to their privacy policies.

3. Privacy Policy Doesn't Match App Privacy Labels

Apple's App Privacy section asks what data you collect. If you said "Email Address" and "Location," but your privacy policy doesn't mention location, that's a rejection.

4. Broken or Missing URL

The privacy policy URL must:

  • Be publicly accessible (not behind a login)
  • Load quickly (not 404, not slow)
  • Be HTTPS (not HTTP)
  • Be mobile-friendly (reviewers check on mobile devices)

5. No GDPR or CCPA Sections

Even if your primary audience is in the US or India, if your app is available in Europe or California, you need GDPR and CCPA sections. Apple and Google expect this.

6. Vague Language

Don't say "we may collect data." Say exactly what you collect: "We collect your email address, device ID, and in-app purchase history."

How to Generate a Compliant Privacy Policy (Fast)

If you got rejected, you need a fix today. Here's the fastest path:

Step 1: Use PrivacyPage (60 seconds)

Go to privacypage.io and select "Privacy Policy." No signup required.

Step 2: Answer the Wizard Questions

  • App name: Your actual app name
  • Developer/company name: Your legal name or business name
  • Contact email: A real email for privacy inquiries
  • Data collected: Select from the list (email, name, location, device ID, usage data, etc.)
  • Third-party services: Select what you use (Firebase, Google Analytics, Facebook, AdMob, etc.)
  • User base: Check "US," "Europe," or "California" if applicable

Step 3: Generate & Download

Click generate. You'll see a free preview. To unlock the full policy, it's a one-time $9.99 payment (no subscription). Copy the policy in HTML, Markdown, or plain text.

Step 4: Host the Policy

You need a public URL. Options:

  • Your website — Upload to yourapp.com/privacy (best option)
  • GitHub Pages — Free static hosting (create a repo, enable Pages, upload HTML)
  • Notion — Create a public Notion page with your policy
  • Google Sites — Free, easy, mobile-friendly
  • Netlify/Vercel — Free hosting for static sites

Make sure the URL is HTTPS and loads on mobile.

Step 5: Update App Store Connect / Play Console

For Apple:

  1. Log into App Store Connect
  2. Go to your app → App Information
  3. Paste the privacy policy URL into the "Privacy Policy URL" field
  4. Save
  5. Go to the "App Privacy" section and verify your data labels match the policy

For Google:

  1. Log into Google Play Console
  2. Go to your app → Store presence → Privacy Policy
  3. Paste the privacy policy URL
  4. Save
  5. Go to App content → Data safety and verify your declarations match the policy

Step 6: Resubmit for Review

Apple: Click "Submit for Review" and respond to the rejection with "Privacy policy has been added at [URL]."

Google: Resubmit the app. If it was rejected, reply to the rejection email with "Privacy policy has been updated at [URL]."

How Long Does Re-Review Take?

  • Apple: 1-3 days (sometimes faster if you appeal and explain it's a minor fix)
  • Google: 1-7 days (usually 2-3 days)

If you're in a hurry, contact App Review directly:

  • Apple: Call App Review (phone number in App Store Connect under "Contact Us")
  • Google: No phone support, but you can appeal in Play Console

What to Do If You Get Rejected Again

If your resubmission is rejected, the issue is usually:

1. Policy Still Doesn't Match App Privacy Labels

Fix: Go through your App Privacy section line by line. For every data type you selected, make sure it appears in your privacy policy.

2. Third-Party Disclosure Is Incomplete

Fix: List every SDK. Check your Podfile (iOS) or build.gradle (Android) to see what's installed. Common ones:

  • Firebase (Analytics, Cloud Messaging, Crashlytics)
  • Google Analytics, AdMob, Google Ads
  • Facebook SDK, Facebook Ads
  • RevenueCat (for subscriptions)
  • Stripe, PayPal (for payments)
  • OneSignal, Braze (for push notifications)

3. URL Is Broken or Not Mobile-Friendly

Fix: Test the URL on your phone. Make sure it loads fast, looks good on mobile, and is HTTPS.

4. Policy Is Too Generic

Fix: Personalize it. Use your actual app name, describe your specific features (e.g., "We collect your location to show nearby restaurants" instead of "We may collect location data").

FAQ

Do I need a privacy policy if my app doesn't collect any data?

Yes, both Apple and Google require all apps to have a privacy policy. If you truly collect no data, state that explicitly in the policy.

Can I just link to Apple's or Google's privacy policy?

No. You need your own privacy policy specific to your app.

What if I'm using a white-label or template app?

Each app must have its own privacy policy. If you're reselling a template, generate a unique policy for each app version.

How do I know what third-party SDKs my app uses?

Check your project dependencies:

  • iOS: Open Podfile or look in Xcode under "Frameworks"
  • Android: Check build.gradle files
  • React Native / Flutter: Look in package.json or pubspec.yaml

Can I host my privacy policy as a PDF?

Not recommended. Apple and Google prefer HTML pages. PDFs are harder to read on mobile and can look unprofessional.

Generate Your Compliant Privacy Policy Now

Don't let a privacy policy delay your launch. PrivacyPage generates App Store and Play Store-compliant privacy policies in 60 seconds — free preview, one-time payment, no subscription.

Fix your rejection in under an hour →

Generate your privacy policy in 60 seconds

Professional, legally compliant documents for your app — free to preview.

Generate Now →

Related Articles

9 min read

GDPR vs CCPA: What Developers Actually Need to Know (2026)

9 min read

Do I Need a Privacy Policy for My App in India? (Complete Guide 2026)