Sendbird's privacy policy change to address Apple's new 2023 app privacy guidelines

Apple’s 2023 app privacy announcement

In an ever-evolving digital landscape where privacy is paramount, Apple's 2023 app privacy announcement marks a significant shift in how app developers approach user data. This change aligns with the growing demand for transparency and sets a new standard for privacy practices in the app development community.

In response to this pivotal update, we at Sendbird are committed to guiding our developers through these changes, ensuring that our SDKs for chat, calls, notifications, live streaming, and AI chatbots remain at the forefront of privacy compliance.

This guide is designed to provide a comprehensive overview of Apple's new policies and how they impact your applications using Sendbird's services.

Introduction to Apple’s announcement

App privacy details on the app store

Apple requires developers to disclose their app's privacy practices, including those of third-party partners, on each app's product page. This helps users understand the app's data types and whether the data is linked to or used to track them​​.

New updates for privacy labels

Apple introduced signatures for third-party SDKs and privacy manifests, making it easier for developers to provide accurate Privacy Nutrition Labels. More data type options are now available for these labels​​.

Responsibility of developers

Developers are responsible for identifying all data collected by their app or third-party partners. This data must be disclosed unless it meets specific criteria for optional disclosure. Developers are responsible for keeping their privacy responses accurate and up to date​​.

Data use and linkage to user

Developers must understand how each data type is used and whether it's linked to the user’s identity. Specific privacy protections should be in place to de-identify or anonymize data​​.

Tracking and third-party data

Developers must understand if their app or third-party partners use data to track users and declare such data. "Tracking" refers to linking data collected from the app with third-party data for targeted advertising or sharing with a data broker​​.

Privacy policy and user choices

Apple advises developers to add links on their product page for their privacy policy and an optional link for users to manage their privacy choices​​.

Additional guidance

Specific guidelines are provided for different scenarios, such as apps with web views, IP address collection, in-app messaging, and Apple frameworks​​.

Privacy manifests

Introduced in WWDC 2023, the privacy manifest helps developers identify the privacy practices of their app's dependencies. They declare what data types are collected by SDKs, how they are used, and if they are linked to the user or used for tracking. This helps developers accurately represent privacy in their apps​​.

How to ensure compliance with Apple’s privacy policy with Sendbird

Label the data you collect in your app using the Sendbird SDK to ensure compliance with Apple's privacy policy. Please refer to the updated Sendbird privacy policy.

Here's how you can categorize and label each type of data listed:

User ID

• Label: Identifiers

• Description: Used for identifying Sendbird users in and across Chat SDK, UIKit SDK, Calls SDK, Live SDK, and Desk SDK

WebSockets session

• Label: Other Usage Data

• Description: Tracks WebSocket sessions for billing and session management in a Chat SDK. An end user can’t notice it could be used for billing purposes with the SDK

Text message

• Label: Emails or Text Messages

• Description: Enables private messaging between users in Chat SDK

File message binary

• Label: Other User Content

• Description: Supports file sharing in private messaging in a Chat SDK

Cached channel, message, member list

• Label: Other User Content

• Description: Local caching of messages, channels, and member lists for private messaging in a Chat SDK

Remote notification ACK

• For typical remote notifications

  • Label: Other Diagnostic Data

  • Description: Analyzes delivery of remote push notifications in a Chat SDK

• For Notification Center

  • Label: Product interfaction

  • Description: Provide delivery ratio for remote push notification from a UIKit SDK

Feedback of bot message

• Label: Other Diagnostic Data

• Description: For Generative AI, collect end users’ feedback on bot messages created by Generative AI

CTR (Click Through Ratio)

• Label: Product Interaction

• Description: Measures user interaction in UIKit SDK for Notification Center

Photos or videos

• Label: Photos or Videos

• Description: Users can attach photos or videos in messages using a UIKit SDK

Audio data

• Label: Audio Data

• Description: Enables attaching audio data in messages in a UIKit SDK

Voice message

• Label: Audio Data

• Description: Provides voice messaging feature in a UIKit SDK

Other user content (file attachment)

• Label: Other User Content

• Description: Supports various file types for messaging in a UIKit SDK

Audio streaming

• Label: User Content

• Description: Delivers and receives audio streaming in a Calls SDK and Live SDK

Video streaming

• Label: User Content

• Description: Delivers and receives video streaming in a Calls SDK and Live SDK

Media streaming statistics

• Label: Other Diagnostic Data

• Description: Provides streaming quality data in a Calls SDK and Live SDK

Cloud recording

• Label: Other User Content

• Description: Records voice and video streams on the server in a Calls SDK and a Live SDK

Local recording

• Label: Other User Content

• Description: Records voice and video streams on the device in a Live SDK

Remote Notification ACK, VoIP Push Notification ACK

• Label: Other Diagnostic Data

• Description: Analyzes delivery of push notifications in a Calls SDK

Ticket

• Label: Customer Support

• Description: Manages ticket and ticket information for customer support in a Desk SDK

This labeling should help your users understand what data is collected and why, aligning with Apple's privacy requirements. Ensure this information is easily accessible and understandable in your app's privacy policy or relevant section.

Guidelines for developers

Embrace transparency and control

Apple emphasizes privacy as a fundamental right. The introduction of privacy manifests and updates to the Privacy Nutrition Labels and App Tracking Transparency are designed to enhance transparency and control for users​​.

Privacy manifests for third-party SDKs

Privacy manifests

Developers should use privacy manifests provided by third-party SDKs. You can create a new privacy manifest right from the Xcode navigator by creating a file named "PrivacyInfo.xcprivacy".

Property list

These manifests, which can be created in Xcode, detail the data types collected, their usage, user linkage, and tracking status. Ensure the manifest aligns with your understanding of the SDK's functionality​​​​.

Utilize Xcode for privacy reports

Xcode 15 can aggregate all privacy manifests in your app's project and generate a privacy report. This report is a valuable tool for reviewing and understanding the privacy practices of your app and its dependencies, aiding in accurate representation on the App Store​​.

Notes on text messages and user content

As a developer integrating Sendbird SDK into your application, paying close attention to the data types associated with text messages and user content is crucial. Many developers leverage Sendbird's robust messaging capabilities, which necessitate collecting and processing various forms of user-generated content, including text messages, files, and multimedia. Under Apple's updated privacy policy, it is essential to accurately declare ‘Emails or Text Messages’ and ‘User-Generated Content’ on your app's privacy labels. This ensures transparency with your users and compliance with App Store guidelines. Remember, even if these data types are integral to your app's functionality and not used for analytics or advertising, they must be declared. We encourage you to review how your app uses these data types and reflect this in your privacy practices. By being transparent about your data usage, you adhere to Apple’s policies and build trust with your user base, affirming your commitment to their privacy and data security.

Act now to ensure privacy compliance with Apple’s 2023 app privacy announcement

As we navigate a new era of heightened privacy awareness and respond to Apple's 2023 app privacy announcement, it's crucial for developers to take immediate and proactive action. This announcement is more than a policy update; it's a call to action for prioritizing user privacy and transparency.

We recommend reviewing and updating your app's data collection and privacy practices in light of Apple's policies and the capabilities of the Sendbird SDK. Utilize tools like Xcode's privacy manifests for accurate representation on the App Store, and maintain transparency to build user trust and compliance. Don't hesitate to update your app’s details in App Store Connect and seek additional guidance to align with these standards.

By adhering to the guidelines in this document and leveraging the resources provided, developers can ensure compliance with Apple's requirements and demonstrate a commitment to user data protection. We encourage all developers using Sendbird's SDKs to contribute to a more secure and trust-centric app ecosystem. For further information and assistance, refer to the provided links and our updated privacy policy. Your proactive steps are vital in shaping a privacy-conscious future for app development.