App Store Compliance

visionOS App Store submission: what's different from iOS

Submitting a visionOS app to the App Store: which web requirements carry over from iOS unchanged, which differ, and the privacy specifics for spatial apps.

By · · 7 min read

If you’ve shipped an iOS app, submitting a visionOS app to the App Store is mostly the same checklist with a few spatial-computing-specific additions. The web requirements — privacy policy, support URL, account deletion, AASA — carry over essentially unchanged. The differences are in the privacy surface (spatial sensors) and a handful of review nuances.

This is what’s the same, what’s different, and the visionOS-specific privacy considerations.

For the baseline requirement list, see every URL and file Apple requires for an iOS App Store submission — visionOS inherits all of it.

What carries over from iOS unchanged

Apple’s App Store Review Guidelines apply across platforms. For visionOS, these are identical to iOS:

  • Privacy Policy URL — required, declared in App Store Connect → App Information (reference).
  • Support URL — required (Guideline 1.5), same iPhone-first-rendering expectation.
  • Account deletion — Guideline 5.1.1(v) applies if the app supports accounts. See our account deletion flow guide.
  • App Privacy details — the same questionnaire; visionOS apps declare data the same way.
  • PrivacyInfo.xcprivacy — required; visionOS is one of the privacy-manifest platforms (reference).
  • Universal Links / AASA — Universal Links work on visionOS; same apple-app-site-association file rules.

In other words: if your OrbitKit-hosted privacy policy, support page, deletion page, and AASA file already pass for your iOS app, the same hosted set satisfies the visionOS submission. A visionOS app is a separate App Store product, but the web requirements don’t change.

What’s different for visionOS

1. Spatial sensor privacy

visionOS introduces data categories that don’t exist on iOS: hand tracking, eye tracking (gaze), scene understanding / room mapping, and the surrounding-environment mesh. Apple is strict here:

  • Raw eye-tracking / gaze data is not exposed to apps by default — the system mediates input so apps see selection events, not where you’re looking. If your app uses ARKit’s scene reconstruction or hand-tracking APIs, declare the relevant data in your App Privacy answers and privacy policy.
  • “Sensitive Info” and “Other Data” categories are the usual home for spatial data declarations; describe what you capture and why in plain language in the policy.

If your privacy policy was written for the iOS version and the visionOS version adds room-scanning or hand-tracking, the policy needs a spatial-data section. The data practices genuinely differ, so the disclosure must too.

2. App Review tests in the spatial context

Reviewers run visionOS apps in the actual environment. The Support URL and any in-app links still must render correctly — visionOS Safari is the rendering target, which is desktop-class, but the iPhone-first habit (contact info above the fold, no horizontal scroll) is still the safe default.

3. Shared-with-iOS codebases and the privacy manifest

Many visionOS apps share a SwiftUI/Catalyst codebase with an iOS app. The privacy manifest and Required Reason API declarations must cover the union of APIs across both targets — see the Required Reason API reference. An SDK that’s fine on iOS but does something extra on visionOS still needs accurate declarations.

The submission checklist for visionOS

  1. Privacy policy URL — same hosted policy works; add a spatial-data section if the visionOS build captures hand/eye/room data the iOS build doesn’t.
  2. Support URL — same.
  3. Account deletion — same (Guideline 5.1.1(v)).
  4. App Privacy questionnaire — re-answer for the visionOS app’s actual data, including spatial categories.
  5. PrivacyInfo.xcprivacy — covers the visionOS target’s API usage.
  6. AASA file — same, if you use Universal Links on visionOS.

The Apple platform overview: developer.apple.com/visionos.

How OrbitKit handles multi-platform apps

OrbitKit treats each app as a separate hosted site, so you can run one for your iOS app and one for the visionOS app (or share, if the data practices are identical). The privacy wizard’s data categories cover the spatial-data disclosure; the same hosted domain serves the policy, support, deletion, and AASA for whichever platforms you ship. $5/mo per app. Start free or see features.