For iOS developers

PrivacyInfo.xcprivacy generator

Generate the privacy manifest Apple requires inside every iOS app bundle since iOS 17. Validated against Apple's Required Reason API allowlists. Avoids ITMS-91053 / ITMS-91055 rejections at submission.

Read the Docs

$5/mo per app · Bring your own domain free · No credit card to start

What Apple's manifest enforcement actually looks like

Apple's App Store Review process now runs a static analyzer over every bundled binary you submit. It looks for symbols from five "Required Reason" API categories — UserDefaults, file timestamps, system boot time, disk space, active keyboards. For every category your app uses, it expects a matching declaration in PrivacyInfo.xcprivacy with an Apple-defined reason code. Missing declarations bounce as ITMS-91053; invalid declarations bounce as ITMS-91055.

The analyzer runs at submission time. You can't catch the rejection in TestFlight or in your CI — you only find out after upload, after the queue, when an email arrives saying your build is rejected and you need to fix the manifest and re-submit. Indie developers regularly lose 1–2 days of release time to this.

OrbitKit validates the manifest at save time against Apple's allowlists, so the file you download is always App Store-compliant by construction. No surprises at submission.

What you get

Full Apple allowlist coverage

33 NSPrivacyCollectedDataType values, 6 purposes, 5 Required Reason API categories with all 16 reason codes. Validated server-side; cross-category mismatches (e.g., a UserDefaults reason on a FileTimestamp entry) get rejected at save time.

Auto-derived from your privacy wizard

On first read, OrbitKit pre-populates your data-collection declarations from the privacy wizard answers you already gave. Refine from there. Wizard updates don't auto-mutate the manifest — explicit "Sync from Wizard" button if you want to refresh.

Privacy label + manifest in lockstep

App Review flags inconsistencies between your privacy nutrition label and your manifest. OrbitKit generates both from the same wizard data so they don't drift.

Direct download endpoint

GET /api/apps/:appId/privacy-manifest.xcprivacy serves the rendered XML with Content-Disposition: attachment — safe to wire into a CI script via the OrbitKit CLI for fully-automated builds.

How it works

  1. 01

    Run the privacy wizard

    If you've already done it, you're done with this step. OrbitKit uses your existing answers as the starter manifest.

  2. 02

    Declare Required Reason APIs

    Pick the categories your app uses. Each shows the Apple-defined reason codes with plain-language descriptions; OrbitKit validates that codes match their categories.

  3. 03

    Toggle tracking and add domains

    Tracking off by default. If on, list domains your app contacts for ad targeting — iOS will block these requests unless ATT permission is granted, so accurate domain lists matter.

  4. 04

    Download PrivacyInfo.xcprivacy

    One click. The file is a deterministic XML plist; identical config produces identical output, so deploy-history diffs are clean.

  5. 05

    Drag into Xcode and ship

    Add the file to your app target's Copy Bundle Resources phase (alongside Info.plist). Build, archive, submit. Full setup walkthrough →

Privacy manifest questions

What is PrivacyInfo.xcprivacy?

An XML plist file Apple requires inside iOS app bundles since iOS 17 / macOS 14. It declares which user data your app collects and which Required Reason APIs your app uses. App Store Review's static analyzer scans your bundled binary at submission time and rejects mismatches.

Why am I getting ITMS-91053 when I submit?

Your binary uses one of the five Required Reason API categories but your manifest doesn't declare it. The most common culprits are UserDefaults (almost every app) and file timestamps (anything reading file metadata). Add the missing category to your manifest with the appropriate Apple-defined reason code — OrbitKit lists every valid code with plain-language descriptions.

How is PrivacyInfo.xcprivacy different from the privacy nutrition label?

The nutrition label is what App Store displays to users before download. The manifest is a file inside your app bundle that Apple's static analyzer reads at submission time. The two must agree — if the manifest declares email collection but the label doesn't, App Review can reject. OrbitKit derives both from the same wizard so they stay in sync.

Do third-party SDKs need their own manifests?

Yes. If an SDK in your bundle uses a Required Reason API, the SDK author is responsible for declaring it in their own manifest shipped inside the SDK's framework. The host app's manifest only declares what the host app's own code does. Most major SDKs have shipped their manifests; check your SDK vendor's release notes.

Does OrbitKit submit the manifest to App Store Connect for me?

No — the manifest is a file you ship inside your Xcode project, not something uploaded to App Store Connect. OrbitKit generates the file; you drag it into your Xcode project, add it to the Copy Bundle Resources phase, and build.

Avoid ITMS-91053 the first time.

Generate the manifest from your privacy wizard. Drag it into Xcode. Ship.

$5/mo per app · Cancel anytime · 14-day money-back guarantee