Is our SDK tracking or not? (Privacy Manifest)

We develop an iOS SDK that allows developers to add VoIP capability to their iOS applications.

For post-call quality analysis and debugging purposes we do collect SDK API usage and call quality data and send them back through internal HTTP API endpoint, therefore we need to disclose the domain in the privacy manifest. However we do not collect any Personally Identifiable Information and definitely have no intent to use these data for tracking the users like the examples described in https://developer.apple.com/app-store/user-privacy-and-data-use/.

Our question is, do we need to set the “NSPrivacyTracking” key to “true” in the privacy, or our SDK actually is not tracking from the Privacy Manifest’s perspective and simply disclosing the data collection type/purpose as well as the domain is sufficient?

Up vote post of bobiechen Down vote post of bobiechen
257 views
Posted by
bobiechen
Reply
Add a Comment

Replies

We filed a TSI ticket and based on the response:

To detemine if you track, follow the instructions in Detecting when your app contacts domains that may be profiling users.
If you determine that you track, set the the NSPrivacyTracking key to true, then declare the domains that you track.
If you determine that you don't track, don't add the key to your privacy manifest file.

as well as the definition/examples found in these pages (detecting-when-your-app-contacts-domains-that-may-be-profiling-users, optional-disclosure): I believe in our case we the data collection does not track the users and it's safe to not include the internal API domain in the tracking domains and set the NSPrivacyTracking key to false.

Posted by
bobiechen
Up vote reply of bobiechen Down vote reply of bobiechen
Add a Comment