Thousands of apps get rejected every day for violating Apple Guideline 5.1.1 or Google Play's Data Safety requirements. Generate a compliant privacy policy tailored to your app and resubmit today.
Over 2,000 privacy policies generated. One-time payment, no subscription.
If you received one of these messages, you need to add a privacy policy before your app can go live.
Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage
“Your app collects user or usage data but does not include a privacy policy URL. Apps that collect user data must have a privacy policy and secure user consent for the collection.”
Developer Program Policy - User Data / Data Safety Section
“Your app does not have a valid privacy policy. All apps that collect personal or sensitive user data must post a privacy policy that comprehensively discloses how your app collects, uses, and shares user data.”
Most developers fix this and get approved within 24-48 hours. Here is exactly what to do.
Use PolicyForge to create a privacy policy tailored to your app. Answer a few questions about what data your app collects, which SDKs you use (Firebase, AdMob, Facebook, etc.), and whether your app targets children. PolicyForge generates a legally compliant policy in under 2 minutes.
Generate Privacy Policy Now →Your policy needs a public URL. Options: add it as a page on your website (e.g., yourapp.com/privacy-policy), host it for free on GitHub Pages, or use any web hosting. The URL must be accessible without login from any country.
For Apple: Go to App Store Connect > Your App > App Information > Privacy Policy URL. For Google: Go to Google Play Console > Your App > Store Listing > Privacy Policy URL. Also complete the Data Safety form for Google Play.
App Store Connect > Your App > App Information > Privacy Policy URLGoogle Play Console > Your App > Store Listing > Privacy PolicyGoogle Play Console > Your App > App Content > Data Safety > StartSubmit your app for review again. Apple re-reviews typically take 24-48 hours. Google Play reviews take a few hours to 7 days. Make sure your privacy policy URL is live and accessible before clicking Submit.
Total time from rejection to resubmission: Under 15 minutes
Start Step 1: Generate Your Policy →Understanding the exact requirements helps you fix the rejection permanently, not just patch it for one review cycle.
Apple requires apps that collect user or usage data to have a privacy policy. This includes apps that use any form of analytics, tracking, authentication, or data storage. Even if your app only collects anonymous crash data, you still need a policy.
Since December 2020, Apple requires developers to declare their data practices through Privacy Nutrition Labels in App Store Connect. Your privacy policy must align with these declarations. If your policy says you don't collect location data but your Privacy Label declares it, the mismatch will trigger a rejection.
If your app uses the IDFA or tracks users across apps and websites, you must implement the ATT framework and disclose this in your privacy policy. Failing to mention tracking when your app requests ATT permission is a rejection trigger.
Google Play requires all apps to complete a Data Safety form and provide a privacy policy URL. The Data Safety section appears on your app's store listing and tells users what data you collect, whether it's shared, and whether it's encrypted. Your privacy policy must match these declarations exactly.
If your app targets children or is in the Family category, Google imposes stricter requirements. Your privacy policy must comply with COPPA (Children's Online Privacy Protection Act), disclose any ad SDKs used (which must be Google-certified), and explain what data is collected from children specifically.
Since December 2023, Google requires apps that offer account creation to also provide an in-app account deletion option and a web-based deletion path. Your privacy policy must explain how users can delete their account and what data is deleted vs. retained.
A common reason for repeat rejection: your privacy policy doesn't mention the third-party SDKs your app uses. Each SDK collects data that must be disclosed.
Unlike generic templates, PolicyForge asks which SDKs and services your app uses, then generates specific disclosure language for each one. This prevents the most common cause of repeat rejections: a privacy policy that doesn't match your app's actual data practices.
You need a privacy policy to get your app approved. Here is how the options stack up when time matters.
| Method | Time | Cost | Accuracy | Risk of Repeat Rejection |
|---|---|---|---|---|
| PolicyForgeFASTEST | 2 minutes | $4.99 one-time | Tailored to your app | Low — covers major regulations |
| Free online template | 30-60 minutes | Free | Generic, often causes repeat rejections | Medium — may not match your app's data practices |
| Write it yourself | 3-8 hours | Free (your time) | Depends on your legal knowledge | High — easy to miss required disclosures |
| Hire a privacy lawyer | 1-2 weeks | $500 - $3,000 | Excellent | Very low |
| Subscription generator (Termly, etc.) | 15-30 minutes | $10-20/month ($120-240/year) | Good | Low — but ongoing cost for a one-time need |
One-time payment. No account required. Ready in 2 minutes.
Every day your app isn't live, you're missing downloads, ad revenue, in-app purchases, and subscription signups. For apps earning even $10/day, a 2-week rejection delay costs $140.
Users searching for your app's functionality will find competitors instead. First-mover advantage in app stores is real. Every day delayed is market share you may never recover.
Each resubmission goes back in the review queue. If your fix is incomplete and triggers another rejection, you add another 1-7 days of delay. Get it right the first time.
Your tech stack affects what data your app collects. Make sure your privacy policy matches your framework's data practices.
General guide for iOS and Android app privacy policies. Covers permissions, SDKs, and store requirements.
Read guide →Guideline 5.1.1 compliance, Privacy Nutrition Labels, ATT, and Kids category requirements.
Read guide →Flutter-specific data handling, platform channels, and plugin data disclosure requirements.
Read guide →React Native bridge modules, Expo data handling, and native module privacy disclosures.
Read guide →Ad SDKs, in-app purchases, leaderboards, analytics, and children's privacy for game apps.
Read guide →Skip the research. Answer a few questions and get a compliant privacy policy in 2 minutes.
$4.99 one-time →You built your first app, submitted it to the App Store, and got rejected for Guideline 5.1.1. You didn't realize you needed a privacy policy because your app “barely collects any data.” But your app uses Firebase Analytics and Crashlytics, which means it collects device info, usage events, and crash data. PolicyForge generates a policy that covers exactly these SDKs.
Your app has been live for a year, but a new update was rejected because you added a social login feature and your privacy policy didn't mention it. Apple and Google now actively compare your policy against your app's actual behavior. PolicyForge lets you regenerate an updated policy that includes all your current features and SDKs in minutes.
Your game targets children under 13, and both Apple and Google have strict requirements for children's apps. Your privacy policy needs COPPA compliance language, parental consent mechanisms, and disclosure of which ad networks are Google-certified for children. PolicyForge includes children's privacy sections when you indicate your app targets minors.
You built an app for a client and they're upset it was rejected. You need a privacy policy that covers their specific data practices, and you need it now, not in 2 weeks when a lawyer gets back to you. PolicyForge lets you generate a tailored policy in minutes so you can resubmit the same day and keep your client relationship intact.
Before you hit “Submit for Review” again, make sure you've checked every item. Missing even one can cause another rejection.
PolicyForge covers items 1-9 automatically. You handle 10-14 in your developer console.
Generate Your Compliant Privacy Policy →Both Apple and Google require every app that collects, transmits, or shares user data to include a privacy policy. Apple enforces this under App Store Review Guideline 5.1.1 (Legal - Privacy - Data Collection and Storage). Google Play enforces it through the Data Safety section and Developer Program Policy. If your app accesses the internet, uses analytics, shows ads, requires login, or collects any user information, you need a privacy policy. Apps submitted without one are automatically flagged and rejected during review.
To fix this rejection: 1) Generate a privacy policy that covers your app's specific data practices using a generator like PolicyForge ($4.99). 2) Host the policy at a publicly accessible URL (your website, GitHub Pages, or a free hosting service). 3) Add the privacy policy URL to your App Store Connect metadata (under App Information > Privacy Policy URL) or Google Play Console (under Store Listing > Privacy Policy). 4) For Google Play, also complete the Data Safety form accurately. 5) Resubmit your app for review. Apple typically re-reviews within 24-48 hours, Google Play within a few hours to 7 days.
Apple App Store Review Guideline 5.1.1 (Data Collection and Storage) requires that apps collecting user data must have a privacy policy. The guideline states: 'Apps that collect user or usage data must have a privacy policy and must secure user consent for the collection.' This applies to virtually every app since even basic analytics or crash reporting counts as data collection. Violating 5.1.1 results in app rejection during the review process. Your privacy policy must specifically disclose what data is collected, how it's used, whether it's shared with third parties, and how users can request data deletion.
Yes. Google Play requires a privacy policy for any app that accesses personal or sensitive user data. This includes apps that use the internet, access device storage, use location, show personalized ads, or integrate any third-party SDK (analytics, crash reporting, authentication). Since March 2022, Google also requires all developers to complete a Data Safety form describing their data practices. Apps without a valid privacy policy URL in the store listing face removal from Google Play, not just rejection of updates.
While free templates exist, they often cause repeat rejections because they use generic language that doesn't match your app's actual data practices. Apple and Google reviewers check whether your privacy policy accurately reflects what your app does. A template that mentions 'cookies' for a mobile app, or fails to disclose your specific SDKs (Firebase, AdMob, Facebook SDK), can trigger another rejection. PolicyForge generates a policy tailored to your specific app type, SDKs, and data practices for $4.99, ensuring it matches what reviewers expect to see.
Your privacy policy must be hosted at a publicly accessible URL that doesn't require login to view. Common options include: 1) Your own website (e.g., yourapp.com/privacy). 2) GitHub Pages (free, reliable, easy to set up). 3) Google Sites (free). 4) A simple HTML page on any web host. The URL must not redirect, must not be behind a paywall or login, and must be accessible from any country. Both Apple and Google test the URL during review. Avoid hosting on Google Docs or Notion as these sometimes block automated access.
After adding your privacy policy and resubmitting: Apple App Store typically re-reviews within 24-48 hours, though it can take up to 5 days during busy periods. Google Play's review time varies from a few hours to 7 days, with most reviews completing within 1-3 days. To speed things up, make sure your privacy policy URL is working and accessible before resubmitting, your Data Safety form (Google) is completed accurately, and you've addressed all rejection feedback points, not just the privacy policy.
Both Apple and Google require your privacy policy to include: 1) What personal data your app collects (names, emails, device IDs, location, etc.). 2) Why you collect each type of data (functionality, analytics, advertising). 3) How data is stored and protected. 4) Whether data is shared with third parties and who they are. 5) How users can access, modify, or delete their data. 6) Contact information for privacy inquiries. 7) How you handle children's data (required if your app is accessible to children under 13). Apple additionally requires disclosure of App Tracking Transparency usage and Privacy Nutrition Label accuracy. Google requires alignment between your policy and your Data Safety form declarations.
Yes. Apple and Google reviewers compare your privacy policy against your app's actual behavior. Common reasons for repeat rejection include: your policy doesn't mention a specific SDK your app uses (e.g., Firebase Analytics, AdMob), your policy mentions data collection practices that don't match the Data Safety form (Google), your policy is a generic template that doesn't reflect your actual app, the privacy policy URL is broken or requires login to access, or your policy doesn't include required disclosures for specific data types (location, health data, children's data). Using a generator like PolicyForge that asks about your specific data practices helps avoid these mismatches.
Every day your app is rejected, you lose downloads, revenue, and momentum. Generate a compliant privacy policy in 2 minutes, resubmit today, and get back to building.
One-time payment. No subscription. No account required.
Works for Apple App Store, Google Play, and all major app platforms.
PolicyForge helps developers and businesses create compliant privacy policies. Not legal advice.