Loading your dashboard...
Your Apps
Welcome,
Privacy Policy
Apple requires every app that collects user data, accesses device features, or includes third-party analytics to provide a privacy policy. Your policy must clearly identify what data you collect, how it's used, and how users can contact you about their privacy. Without one, your app will be rejected during App Store Review under Guideline 5.1.1(i).
Guidelines 5.1 ↗Each deploy creates a snapshot of your privacy policy. Up to 10,000 versions are kept for up to 10 years. View previous versions here.
Support Page
Apple requires every app to provide a support URL in App Store Connect. Your support page should give users a clear way to reach you with questions, report issues, or request help. Include at minimum a contact email, and consider adding a FAQ to reduce repetitive support requests.
Guidelines 5.1 ↗Per Guideline 5.1, every app must provide a working support URL. Your support page should clearly identify how users can reach you with questions, report issues, or request help with your app.
Data Deletion
As of June 30, 2022, Apple requires all apps that support account creation to also let users initiate deletion of their account and associated data. Your data deletion page must explain how users can request deletion, what timeline to expect, and what data (if any) may be retained for legal or regulatory reasons.
Account Deletion Requirement ↗Per Apple's account deletion requirement, apps that support account creation must let users initiate deletion of their account and associated data.
Per Apple's account deletion requirements, your data deletion page must clearly explain how users can request deletion of their account and associated data. List each step so users know exactly what to do.
Apple requires you to tell users what timeline to expect for deletion and disclose any data that may be retained for legal, security, or regulatory reasons (e.g. financial transaction records required by Guideline 5.1.1).
Your Site
OrbitKit hosts your app's web presence at sites.orbitkit.io/[slug]. Configure your site name, description, URL slug, and app icon so users and App Store Review see a polished, branded page.
Your description and icon appear on your hosted page and help users understand what your app does.
Universal Links
Universal links let users tap a standard HTTPS link and open your app directly instead of Safari. Apple serves your Apple App Site Association (AASA) file from your domain to verify ownership. OrbitKit hosts this file for you — just configure your app IDs and URL paths below.
Universal Links docs ↗Each universal link must be associated with one or more app IDs. The format is TEAMID.com.example.app, where TEAMID is your Apple Developer Team ID and the rest is your app's bundle identifier.
Specify which URL paths your app handles. Use * as a wildcard (e.g. /products/*) and toggle "Exclude" to prevent specific paths from opening in your app. See Apple's path matching rules.
Handoff lets users start an activity on one Apple device and continue it on another. Register your app IDs here so the AASA file includes the activitycontinuation section Apple requires for Handoff to work with your domain.
App Clips
App Clips are lightweight versions of your app that let users complete a task without installing the full app. They can be triggered from Safari, Maps, NFC tags, QR codes, and App Clip Codes. OrbitKit configures the AASA file and Smart App Banner meta tags your site needs to support App Clips.
App Clips docs ↗A Smart App Banner displays a native banner at the top of your page in Safari, prompting users to open your app or App Clip. The App Store ID is required; all other fields are optional.
application(_:open:options:) when the user taps the banner. Use it to deep-link users to specific content.
If your Smart App Banner should launch an App Clip experience instead of the full app, provide the App Clip's bundle ID and choose a display style.
.Clip suffix (e.g. com.example.app.Clip).
Sign in with Apple & Passkeys
When your app supports Sign in with Apple or password/passkey AutoFill, your website's AASA file must include a webcredentials section listing your app's bundle IDs. This lets iOS share credentials seamlessly between your app and site. If you use Sign in with Apple, you also need to host a domain association file that Apple verifies during setup.
Add your app IDs so the AASA file includes a webcredentials section. This enables Password AutoFill and passkey sharing between your app and website. Format: TEAMID.com.example.app.
Apple requires a domain association file to verify you own the domain serving Sign in with Apple. Download apple-developer-domain-association.txt from your Apple Developer account and upload it here.
Apple Pay
To accept Apple Pay on the web, every domain that displays the Apple Pay button must be verified by Apple. Verification requires hosting a merchant identity file at a well-known path on your domain. OrbitKit hosts this file for you — just download it from your Apple Developer account and upload it here.
Apple Pay docs ↗Download apple-developer-merchantid-domain-association from Certificates, Identifiers & Profiles in your Apple Developer account. Apple will verify this file is hosted at /.well-known/apple-developer-merchantid-domain-association on your domain before allowing Apple Pay transactions.
Apple Wallet
To support Apple Wallet Order Tracking, Apple requires hosting a domain association file at a well-known path. Download the file from your Apple Developer account and upload it here — OrbitKit will host it at /.well-known/apple-wallet-order-type-association on your domain.
Download apple-wallet-order-type-association from Certificates, Identifiers & Profiles in your Apple Developer account. Apple will verify this file is hosted at /.well-known/apple-wallet-order-type-association on your domain.
TestFlight
Create a public beta signup landing page for your app. Testers can join your beta via TestFlight. Generate a public link in App Store Connect and paste it here — OrbitKit creates a branded landing page at /testflight on your site.
Custom Domain
Every OrbitKit plan includes custom domain support with a free SSL certificate. Instead of sites.orbitkit.io/your-slug, your pages can be served at a domain you own (e.g. privacy.yourapp.com). Custom domains are required for Universal Links, App Clips, and Passkeys — these features only work on domains you control.
Enter a domain or subdomain you own where OrbitKit will serve your pages. You must be able to configure DNS records for this domain.
privacy.yourapp.com (recommended) or an apex domain like yourapp.com. The domain must already be registered and you must have access to its DNS settings. Free domains and domains you don't control won't work.
Which domains are supported?
- Subdomains (e.g.
privacy.myapp.com) — easiest setup, just add a CNAME record - Apex domains (e.g.
myapp.com) — requires A records; works with most registrars - Any TLD —
.com,.io,.app,.dev,.gay, etc. are all supported
OrbitKit provides a free SSL certificate via Let's Encrypt for every custom domain. After saving, you'll see the DNS records to add at your registrar.