# 25. Privacy Manifest & Nutrition Labels

meta:
  id: ios-production-25
  feature: ios-production
  priority: P1
  depends_on: []
  tags: [compliance, app-store, privacy, production]

objective:
- Create and configure the required privacy manifest and App Privacy nutrition labels for App Store submission

deliverables:
- Privacy manifest file (PrivacyInfo.xcprivacy)
- App Privacy nutrition labels in App Store Connect
- Third-party SDK privacy manifests
- Data usage disclosure documentation

steps:
1. Create privacy manifest:
   - Add PrivacyInfo.xcprivacy to project
   - Declare all collected data types:
     - Contact Info (name, email)
     - User Content (voice recordings for VoicePrint)
     - Identifiers (user ID, device ID)
     - Usage Data (analytics)
     - Diagnostics (crash logs)
   - Declare required reason APIs:
     - File timestamp APIs (if used)
     - Disk space APIs (if used)
     - System boot time APIs (if used)
     - Active keyboard APIs (if used)
     - User defaults APIs (used for preferences)
2. Configure App Privacy nutrition labels:
   - Log into App Store Connect
   - Navigate to App Privacy section
   - Select all data types collected by app
   - Mark each as linked to user identity or not
   - Mark each as used for tracking or not
   - Specify purposes (analytics, app functionality, etc.)
3. Audit third-party SDKs:
   - Check Firebase SDK privacy manifest
   - Check any analytics SDK privacy manifest
   - Ensure all SDKs have updated manifests for iOS 17+
   - Update SDKs if manifests missing
4. Document data usage:
   - Create docs/IOS_PRIVACY.md
   - List all data collection and purposes
   - Explain user controls and opt-out options
   - Document data retention periods
5. Test manifest validation:
   - Build app in Xcode
   - Check for privacy manifest warnings
   - Validate with App Store Connect upload

tests:
- Build: No privacy manifest warnings in Xcode
- Upload: App Store Connect accepts privacy labels
- Review: Privacy labels match actual data collection

acceptance_criteria:
- PrivacyInfo.xcprivacy file in project
- All collected data types declared
- Required reason APIs documented
- App Privacy nutrition labels complete in App Store Connect
- All third-party SDKs have privacy manifests
- Privacy labels accurate and honest
- No Xcode warnings about missing privacy manifests
- Documentation of data usage available
- User-facing privacy policy linked

validation:
- Build app → no privacy manifest warnings
- Upload to App Store Connect → privacy section complete
- Review data types → all actual collection declared
- Check SDK versions → all include privacy manifests

notes:
- Apple requires privacy manifests for all apps starting 2024
- Nutrition labels must be accurate — false claims can lead to rejection
- Third-party SDKs without manifests may cause build warnings
- Update manifests when adding new data collection features