We’re committed to keeping your personal information safe. That’s why we innovate ways to safeguard your privacy on your device, why we’re up front about how we personalise your experience and why we equip developers with the best tools to protect your data.
Your personal data should always be protected on your device and never shared without your permission. So we built encryption, on-device intelligence and other tools into our products to let you share what you want on your terms. We also use techniques like Differential Privacy to improve user experiences while protecting the information you share with Apple. Differential Privacy adds random information to your data before it’s analysed by Apple, so we can’t link that data to your device. Instead, patterns appear only when the data is combined with the data from many other users, because the random additions average out. These patterns help Apple gain insight into how people are using their devices without collecting information about an individual.
Encryption protects trillions of online transactions every day. When you’re shopping, paying a bill, or using iMessage or FaceTime, you’re using encryption. It turns your data into indecipherable text that can be read only by those with the right key. We were one of the first companies to automatically include native operating system–supported disk encryption with FileVault in macOS and data protection in iOS. We also refuse to add a back door into any of our products.
We use end-to-end encryption to protect your iMessage and FaceTime conversations across all your devices. With watchOS and iOS, your messages are encrypted on your device so that they can’t be accessed without your passcode. We designed iMessage and FaceTime so that there’s no way for us to decrypt your data when it’s in transit between devices. You can choose to automatically delete your messages from your device after 30 days or a year, or to keep them on your device forever.
Third-party apps that use iMessage do not have access to participants’ actual contact information or conversations. iOS provides each app with a random identifier for each participant, which is reset when the app is uninstalled. iMessage and SMS messages are backed up on iCloud for your convenience, but you can turn iCloud Backup off whenever you want. And we never store the content of FaceTime calls on any servers.
The information you add about yourself in the Health app is yours to use and share. You decide what information is placed in the Health app as well as who can access your data. When your phone is locked with a passcode, Touch ID or Face ID, all your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers.
We require every single app in the App Store to provide a privacy policy for you to review, including apps that work with HealthKit. Your data in the Health app and your activity data on Apple Watch are encrypted with keys protected by your passcode.
If you decide to stop sharing your activity data with another user, then the other user’s device is instructed to delete any historical activity stored. You also have the ability to hide your activity, for instance, when you’re on vacation.
Your iOS device can collect analytics about your iOS device and any paired Apple Watch and send it to Apple for analysis. The collected information does not identify you personally and can be sent to Apple only with your explicit consent. Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. When it’s collected, personal data is either not logged at all, removed from reports before they’re sent to Apple or protected by techniques such as Differential Privacy.
The information we gather from Differential Privacy helps us improve our services without compromising individual privacy. For example, this technology improves QuickType and emoji suggestions as well as Lookup Hints in Notes.
We now identify commonly used data types in the Health app and web domains in Safari that cause performance issues. This information will allow us to work with developers to improve your experience without revealing anything about your individual behavior.
If you give your explicit consent, Apple can improve Siri and other intelligent features by analysing how you use iCloud and the data from your account. Analysis happens only after the data has gone through privacy-enhancing techniques so that it cannot be associated with you or your account.
Safari was the first browser to block third-party cookies by default and offer Private Browsing. We automatically work to prevent suspicious sites from loading. We also use sandboxing to keep harmful code confined to a single browser tab so that it can’t reach the rest of your data.
We have enabled app developers to use Safari content blockers in iOS and make them more effective on macOS. You can control what content is loaded onto your browser and block content from anyone attempting to track your activity on a website or across websites. We also designed Safari content blocker support so that it can’t send information to developers about the sites you visit.
In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s. And with iOS 12 and macOS Mojave, Intelligent Tracking Prevention works even harder. Now, when third-party tracking sites attempt to create cookies or store data, they can do so only with your explicit consent.
All your iCloud content — like photos, contacts and reminders — is encrypted when it’s transferred and, in most cases, when stored on our servers. We also encrypt the information that is transferred between any email app you use and our iCloud mail servers.
Encrypted iCloud Data
With iCloud sharing, the identities of participants are never made available to anyone who has not been invited to and accepted a private share. The names of your shared files, and the first and last names associated with your iCloud account are available to anyone who has access to the sharing link, including Apple.
If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centres, so you can back up, sync and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.
In iOS 11 and macOS High Sierra or later, end-to-end encryption in iCloud syncs certain types of personal data, such as your Siri information, across all your devices in such a way that Apple cannot read or access it.
We created privacy features and services that are designed specifically for education, including Apple School Manager, iTunes U and Managed Apple IDs. We don’t sell student information and we never share it with third parties to use for marketing or advertising. We don’t collect, use or disclose student information other than to provide relevant educational services. And we never track students or build profiles based on their email or web browsing. With Managed Apple IDs, the student’s information is under the control of the education institution. And schools can purchase and deliver apps to a student’s iPad without using an iTunes login.
In the Schoolwork app, only the student and teachers listed as instructors of a course have access to student progress information, and only if the school has enabled student progress recording in Apple School Manager. Teachers only have access to progress data on activities assigned for the specific class they teach.
Parents can decide if they want their child to participate, and students have access to their own data on their device. To ensure additional transparency, students will see a notification anytime their progress is being recorded.
To provide the best privacy protections for students and teachers, we have updated all relevant agreements and processes to align with the EU General Data Protection Regulation (GDPR). In addition, Apple has signed the Student Privacy Pledge, further underscoring our commitment to protecting the information students, parents and teachers share in our schools.
Read the Student Privacy Pledge
Learn more about Privacy and Security in Education
Learn more about iTunes U and Privacy
All the rigorous privacy measures built into your iPhone and apps carry over to CarPlay. Only essential information that enhances the CarPlay experience will be used from your car. For example, data such as your car’s GPS location can be used to help iPhone produce more accurate results in Maps. And we always require third-party apps to provide a privacy policy for you to review.
Sometimes we use your data to provide you with a more personalised experience. We’re always up front about what we need from you and we give you the controls to adjust these settings.
The Memories and Sharing Suggestions features in the Photos app use on-device intelligence to scan your photos and organise them by faces and places. This photo data is shared between your devices with iCloud Photos enabled.
In iOS 11 or later, apps can ask for access to a single photo instead of all your photos. In addition, apps that simply need to place a photo in your Photos library can ask only for that access. Apps can still ask for general access to your photos if needed.
The longer you use Siri and Dictation, the better they understand you and improve. To help them recognise your pronunciation and provide better responses, certain information such as your name, contacts, music you listen to and searches is sent to Apple servers using encrypted protocols. Siri and Dictation do not associate this information with your Apple ID, but rather with your device through a random identifier. Apple Watch uses the Siri identifier from your iPhone. You can reset that identifier at any time by turning Siri and Dictation off and back on, effectively restarting your relationship with Siri and Dictation. When you turn Siri and Dictation off, Apple will delete the User Data associated with your Siri identifier and the learning process will start all over again.
We try to keep all your information on your device where it makes the most sense and give you options to control how it’s shared. For example, when you use Siri to search for a photo by location or album name, we don’t have to send the photo to a server to get an answer. Album names are sent to Siri, but only to help provide you with better results. QuickType keyboard features are made possible by an Apple-developed neural network language process that runs directly on your device. Apps can use Siri to respond to your requests or send audio to Apple to transcribe to text — but only if you give your permission first.
If you have Location Services turned on, the location of your device at the time you make a request will be sent to Apple to help Siri improve the accuracy of its response to your requests. You can choose to turn off Location Services for Siri and Dictation in your Privacy settings.
You can also receive helpful suggestions before you even ask, based on the things you use often and when you typically use them. These predictions are kept on your device, not in the cloud, so the information is protected by all the safeguards that are built in.
Certain features do require real-time input from Apple servers. For example, event addresses and a user’s location are sent to Apple so that we can provide accurate Time to Leave predictions that take traffic into consideration. Information like a user’s location may be sent to Apple to provide localised suggestions as well as relevant news and search results. When we do send information to a server, we protect your privacy by using anonymised rotating identifiers so that searches and locations can’t be traced to you personally. And you can disable Location Services, our proactive features or the proactive features’ use of your location at any time.
Siri for macOS is built with the same privacy features as Siri for iOS.
Improve Health & Activity and Improve Wheelchair Mode send data from iPhone and Apple Watch to Apple so we can increase the effectiveness of health and fitness features. This includes data that is shown in the Health and Activity apps, movement measurements, which other fitness apps you have installed, your approximate location and how long you have been using Apple Watch. The data is not used for any other purpose and does not include personally identifiable information.
To help Apple Music features like Radio, For You and Connect reflect your musical tastes, we collect some information about your activity in the app. This is detailed during setup in “About Apple Music & Privacy.” The songs you stream aren’t used by any other service to advertise to you. And if you don’t want to keep your music collection on our servers, you can opt out of iCloud Music Library. iOS puts you in control of which apps can access your Music account and associated details.
The Apple Music Friends feature lets you share your favourite music — and decide which friends can see the music in your profile. We only have access to the contacts you choose to add to Apple Music Friends specifically, not your entire contact list.
You don’t have to sign in to use Maps. Personalised features are created using data on your device. The data that Maps collects while you use the app — like search terms and traffic information — is associated with random identifiers so it can’t be tied to your Apple ID. These identifiers reset themselves as you use the app to ensure the best possible experience and to improve Maps.
Maps extensions that are used in ride-booking and reservation apps run in their own sandboxes and share permissions with their own parent apps. For ride-booking apps, Maps shares only your starting point and destination with the extension. And when you reserve a table at a restaurant, the extension knows only the point of interest you tapped.
When you search with Siri on iOS or Spotlight on macOS, and when Siri Suggestions or Siri Shortcuts are enabled, contextual information like your location is used to provide you with the most relevant results. We don’t use a persistent personal identifier to tie your searches to you in order to build a profile. Instead, we associate your location with a random rotating identifier that refreshes every 15 minutes. You can always opt out of Siri or Spotlight Suggestions and continue to use Siri or Spotlight solely for local search on your device. You can also opt out of having Siri or Spotlight use Location Services anytime you want. If you opt out, Siri or Spotlight will still use your IP address to determine a general location to make your searches more relevant. We also place restrictions on our partners so they don’t create a long-term trail of identifiable searches by you or from your device.
Support for deep linking is built into iOS. You can tap a link and it will open in the corresponding app if the app has been installed and supports deep linking. We do not associate this with your Apple ID and Apple does not know which links you tap.
Ads that are delivered by Apple’s advertising platform may appear in the App Store. Ads are marked so you can tap to see why you were served a particular ad. You can also go into Settings to view what data may be used to determine which ads we deliver to you.
Ads in the App Store do not access user data from other Apple services like Maps, Siri, iMessage and iCloud. They also don’t use data from user devices through services and functions such as Health, HomeKit, email, contacts and call history. In the App Store, your search and download history may be used to serve you relevant search ads.
You can always turn on Limit Ad Tracking to stop receiving targeted ads in the App Store. You may still receive the same number of ads, but the ads may be less relevant to you.
Developers can use our Touch ID, Face ID and Core ML APIs, 256-bit encryption and app transport security to build apps that keep your data secure. We also require developers to ask for permission and provide an explanation when requesting access to personal information on your device, like your photos and contacts. All apps are sandboxed to better protect your personal information.
On the App Store, we require app developers to agree to specific guidelines that are designed to protect user privacy and security. We also require them to provide a privacy policy that you can review. When we become aware of an app that violates our guidelines, the developer must address the issue or the app will be removed from the App Store. Apps go through a review process before becoming available on the App Store to make sure that they function the way they are described by the developer. Once an app is installed on your device, you are prompted for permission the first time it tries to access information such as your location or photos. You always have the power to make changes to the permissions you’ve granted. And iOS 11 or later gives you the control to provide your location to any app only while you’re using it.
We also make sure that there are certain types of data on your device that apps simply can’t access and that there is no way for an app to ask for complete access to all of your data. We were the first to provide this level of security and we will continue to build strong safeguards into our platforms.
With every iOS release, we reduce the amount of information that apps can attempt to silently access in an effort to track your activity. However, apps sometimes require information — for example, if your device has previously used their services or completed free trials. To continue to protect your privacy while also giving developers the information they need in a privacy-friendly manner, we introduced DeviceCheck in iOS 11. DeviceCheck allows each app to store two true/false flags about a device. The intent of the flags is defined by the developer and is unknown to Apple.
Apps supported by HomeKit are restricted by our developer guidelines to using data solely for home configuration or automation services. Apple does not know what devices you’re controlling, or how and when you’re using them. Siri only associates your HomeKit devices with the Siri identifier, not you personally. Data related to your home is encrypted and stored in the keychain of your device. It’s also encrypted in transit between your Apple device and the devices you’re controlling in your home. And when you control your accessories from a remote location, that data is encrypted when it’s sent. So Apple doesn’t know which devices you’re controlling or how you’re using them.
When apps perform automatic actions based on your location, such as turning on house lights, these actions are initiated by HomeKit, which makes your location invisible to the app. You can also disable use of your location at any time.
Apple harnesses machine learning to enhance your experience — and your privacy. We’ve used it to enable image and scene recognition in Photos, predictive text in keyboards and more. Now we’re allowing developers to use our frameworks, such as Create ML and Core ML, to create powerful new app experiences that don’t require your data to leave your device. That means apps can analyse user sentiment, classify scenes, translate text, recognise handwriting, predict text, tag music and more without putting your privacy at risk.
ResearchKit and CareKit are open-source software frameworks that take advantage of the capabilities of iPhone. ResearchKit enables developers to create apps that let medical researchers gather robust and meaningful data for studies. And CareKit is a platform for developers to create apps that help individuals take a more active role in their own well-being.
With ResearchKit, you choose which studies you want to join and share with researchers or doctors, and you control the information you provide to individual apps. Apps using ResearchKit or CareKit can pull data from the Health app only with your consent. Any apps built using ResearchKit for health-related human subject research must obtain consent from the participants and must provide information about confidentiality rights, and the sharing and handling of data. These apps must also be approved by an independent ethics review board before the study can begin.
For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data with researchers, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.
HealthKit allows developers to create health and fitness apps to share their data with the Health app and with each other. As a user, you have control over which elements of your HealthKit information are shared with which apps. Apps that work with HealthKit are prohibited by our developer guidelines from using or disclosing HealthKit data to third parties for advertising or other data mining purposes. Apps can share data for the purpose of improving your health or health research, but only with your permission. And any Health Records data is encrypted and protected with your iPhone passcode. When you choose to share that data with trusted apps, it flows directly from HealthKit to the third-party app and is never sent to Apple’s servers. We also require apps that work with HealthKit to provide a privacy policy for you to review.
CloudKit helps keep your preferences, settings and app data up to date across your devices. Developers use CloudKit to make it easier for you to use their apps because you don’t have to sign in separately. By default, developers don’t have access to your Apple ID, just a unique identifier. If you give your permission, developers can use your email to let others find you in their app. You’re always in control of these permissions and can turn them on or off at any time. Your data isn’t shared with developers unless you choose to share or post publicly.