Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Apple's global privacy policy governing the collection, use, and sharing of personal information across Apple's products and services, including iPhones, Macs, the App Store, Apple Pay, iCloud, and Siri. The policy authorizes Apple to collect location data, health and fitness information, financial details, device usage patterns, and voice interaction data, and permits sharing this information with third-party developers, business partners, and advertising networks for purposes including personalized advertising and product improvement. The policy establishes that users in the EU, UK, and California have legally defined rights to access, correct, port, and delete personal data through privacy.apple.com, while users in other jurisdictions operate under Apple's stated commitments regarding data handling.
This document is Apple's global Privacy Policy, governing how Apple collects, uses, shares, and protects personal data across its products, services, and websites, with stated legal bases varying by jurisdiction including consent, legitimate interest, and contractual necessity. The policy states that Apple collects personal data including contact information, device identifiers, purchase history, location data, financial information, health and fitness data, and usage analytics, and the terms authorize use of this data for product improvement, personalized advertising, fraud prevention, and sharing with service providers, business partners, and affiliates under confidentiality obligations. The policy asserts a privacy-by-design framework and positions Apple as minimizing data collection relative to peers, though the breadth of data types covered, including precise location, health data, and financial information, across a unified ecosystem of hardware, software, and services, creates substantial data aggregation potential that the document does not fully quantify. The policy engages GDPR for EU/EEA users, CCPA/CPRA for California residents, and various Asia-Pacific data protection frameworks given its global scope, with Apple designating regional subsidiaries as data controllers for different geographies, creating jurisdiction-specific rights and enforcement pathways. Compliance teams should note that the policy's assertion of legitimate interest as a processing basis in some contexts may require evaluation under GDPR Article 6, and that cross-border data transfer mechanisms including Standard Contractual Clauses are referenced but not fully detailed in the policy text.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
Apple App Store has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Collection of Health and Fitness Data and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.