This is Apple's global privacy policy, which explains how Apple collects and uses your personal data when you use iPhones, Macs, iPads, the App Store, iCloud, Apple Pay, Siri, and all other Apple products and services. The most important thing to know is that Apple collects a wide range of data including location, health and fitness information, financial details, browsing and search history, and voice recordings from Siri, and shares this data among Apple's global subsidiaries and with third-party partners, developers, and advertisers — though Apple states it does not sell your personal data. You can review and manage your privacy preferences, request deletion of your personal data, and opt out of targeted advertising by visiting Apple's Data and Privacy portal at privacy.apple.com.
This document is Apple's global Privacy Policy governing the collection, use, disclosure, and retention of personal data across Apple's hardware, software, and services ecosystem, with legal basis grounded in consent, contractual necessity, legitimate interests, and applicable local law depending on jurisdiction. The most significant obligations include Apple's commitment to not sell personal data to third parties, its use of on-device processing for sensitive features, and its requirement that users provide personal data to access certain services such as Apple ID, App Store, and iCloud. Notable provisions include Apple's use of location data, browsing and search history, financial information, and health and fitness data across an expansive product ecosystem, combined with broad intra-group data sharing among Apple's global subsidiaries without granular user controls for each transfer. The policy engages GDPR (including adequacy and SCCs for international transfers), CCPA/CPRA for California residents, COPPA for users under 13, and sector-specific frameworks including HIPAA-adjacent health data practices via HealthKit; Apple designates Apple Distribution International Ltd. as the EEA/UK data controller, creating a specific regulatory contact point for EU and UK supervisory authorities. Material compliance considerations include the adequacy of consent mechanisms for sensitive data categories, the sufficiency of Apple's SCCs and transfer impact assessments post-Schrems II, and the accuracy and completeness of disclosures regarding third-party SDK and partner data flows within the App Store ecosystem.
REGULATORY EXPOSURE: This policy implicates GDPR Articles 6, 9, 13, 14, 17, 20, and 46 (lawful basis, special category data, transparency, data subject rights, and international transfers), with Appl…
REGULATORY EXPOSURE: This policy implicates GDPR Articles 6, 9, 13, 14, 17, 20, and 46 (lawful basis, special category data, transparency, data subject rights, and international transfers), with Apple Distribution International Ltd. designated as EEA/UK controller subject to Irish DPC and UK ICO ov…
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.