We’re committed to keeping your personal information safe. That’s why we innovate ways to safeguard your privacy on your device, why we’re up front about how we personalize your experience, and why we equip developers with the best tools to protect your data.
Your personal data should always be protected on your device and never shared without your permission. So we build encryption, on-device intelligence, and other tools into our products to let you share what you want on your terms. We also use techniques like Differential Privacy to improve user experiences while protecting the information you share with Apple. Differential Privacy adds random information to your data before it’s analyzed by Apple, so we can’t link that data to your device. Instead, patterns appear only when the data is combined with the data from many other users, because the random additions average out. These patterns help Apple gain insight into how people are using their devices without collecting information about an individual.
Encryption protects trillions of online transactions every day. When you’re shopping, paying a bill, or using iMessage or FaceTime, you’re using encryption. It turns your data into indecipherable text that can be read only by those with the right key. We were one of the first companies to automatically include native operating system–supported disk encryption with FileVault in macOS and data protection in iOS. We also refuse to add a backdoor into any of our products.
We use end-to-end encryption to protect your iMessage and FaceTime conversations across all your devices. With watchOS and iOS, your messages are encrypted on your device so that they can’t be accessed without your passcode. We designed iMessage and FaceTime so that there’s no way for us to decrypt your data when it’s in transit between devices. You can choose to automatically delete your messages from your device after 30 days or a year or to keep them on your device forever.
Third-party apps that use iMessage do not have access to participants’ actual contact information or conversations. iOS provides each app with a random identifier for each participant, which is reset when the app is uninstalled. iMessage and SMS messages are backed up on iCloud for your convenience, but you can turn iCloud Backup off whenever you want. And we never store the content of FaceTime calls on any servers.
The information you add about yourself in the Health app is yours to use and share. You decide what information is placed in the Health app as well as who can access your data. When your phone is locked with a passcode, Touch ID, or Face ID, all your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers.
We require every single app in the App Store to provide a privacy policy for you to review, including apps that work with HealthKit. Your data in the Health app and your activity data on Apple Watch are encrypted with keys protected by your passcode.
If you decide to stop sharing your activity data with another user, then the other user’s device is instructed to delete any historical activity stored. You also have the ability to hide your activity, for instance, when you’re on vacation.
Your iOS device can collect analytics about your iOS device and any paired Apple Watch and send it to Apple for analysis. The collected information does not identify you personally and can be sent to Apple only with your explicit consent. Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. When it’s collected, personal data is either not logged at all, removed from reports before they’re sent to Apple, or protected by techniques such as Differential Privacy.
The information we gather from Differential Privacy helps us improve our services without compromising individual privacy. For example, this technology improves QuickType and emoji suggestions, as well as Lookup Hints in Notes.
We now identify commonly used data types in the Health app and web domains in Safari that cause performance issues. This information will allow us to work with developers to improve your experience without revealing anything about your individual behavior.
If you give your explicit consent, Apple can improve intelligent features by analyzing how you use iCloud and the data from your account. Analysis happens only after the data has gone through privacy-enhancing techniques so that it cannot be associated with you or your account.
Safari was the first browser to block third-party cookies by default and offer Private Browsing. We automatically work to prevent suspicious sites from loading. We also use sandboxing to keep harmful code confined to a single browser tab so that it can’t reach the rest of your data.
We have enabled app developers to use Safari content blockers in iOS and make them more effective on macOS. You can control what content is loaded onto your browser and block content from anyone attempting to track your activity on a website or across websites. We also designed Safari content blocker support so that it can’t send information to developers about the sites you visit.
In iOS 11 and macOS High Sierra, we introduced Intelligent Tracking Prevention. You may have noticed that when you look at something to buy online, you suddenly start seeing it everywhere else you go on the web. This happens when a third party tracks cookies and other website data to feed you ads across various websites. Intelligent Tracking Prevention uses the latest in machine learning and on-device intelligence to reduce this cross-site tracking. It works by separating the third-party content used to track you from other browsing data, so what you look at on the web remains your business — not an advertiser’s. And with iOS 12 and macOS Mojave, Intelligent Tracking Prevention works even harder. Now, when third-party tracking sites attempt to create cookies or store data, they can do so only with your explicit consent.
All your iCloud content — like photos, contacts, and reminders — is encrypted when it’s transferred and, in most cases, when stored on our servers. We also encrypt the information that is transferred between any email app you use and our iCloud mail servers.
Encrypted iCloud Data
With iCloud sharing, the identities of participants are never made available to anyone who has not been invited to and accepted a private share. The names of your shared files and the first and last name associated with your iCloud account are available to anyone who has access to the sharing link, including Apple.
If we use third-party vendors to store your information, we encrypt it and never give them the keys. Apple retains the encryption keys in our own data centers, so you can back up, sync, and share your iCloud data. iCloud Keychain stores your passwords and credit card information in such a way that Apple cannot read or access them.
In iOS 11 and macOS High Sierra or later, end-to-end encryption in iCloud syncs certain types of personal data, such as your Siri information, across all your devices in such a way that Apple cannot read or access it.
We created privacy features and services that are designed specifically for education, including Apple School Manager, iTunes U, and Managed Apple IDs. We don’t sell student information and we never share it with third parties to use for marketing or advertising. We don’t collect, use, or disclose student information other than to provide relevant educational services. And we never track students or build profiles based on their email or web browsing. With Managed Apple IDs, the student’s information is under the control of the education institution. And schools can purchase and deliver apps to a student’s iPad without using an iTunes login.
In the Schoolwork app, only the student and teachers listed as instructors of a course have access to student progress information, and only if the school has enabled student progress recording in Apple School Manager. Teachers only have access to progress data on activities assigned for the specific class they teach.
Parents can decide if they want their child to participate, and students have access to their own data on their device. To ensure additional transparency, students will see a notification anytime their progress is being recorded.
To provide the best privacy protections for students and teachers, we have updated all relevant agreements and processes to align with the EU General Data Protection Regulation (GDPR). In addition, Apple has signed the Student Privacy Pledge, further underscoring our commitment to protecting the information students, parents, and teachers share in our schools.
Read the Student Privacy Pledge
Learn more about Apple Privacy and Security in Education
Learn more about iTunes U and Privacy
Sometimes we use your data to provide you with a more personalized experience. We’re always up front about what we collect from you, and we give you the controls to adjust these settings.
The Memories and Sharing Suggestions features in the Photos app use on-device intelligence to scan your photos and organize them by faces and places. This photo data is shared between your devices with iCloud Photos enabled.
In iOS 11 or later, apps can ask for access to a single photo instead of all your photos. In addition, apps that simply need to place a photo in your Photos library can ask only for that access. Apps can still ask for general access to your photos if needed.
Improve Health & Activity and Improve Wheelchair Mode send data from iPhone and Apple Watch to Apple so we can increase the effectiveness of health and fitness features. This includes data that is shown in the Health and Activity apps, movement measurements, which other fitness apps you have installed, your approximate location, and how long you have been using Apple Watch. The data is not used for any other purpose and does not include personally identifiable information.
To help Apple Music features like Radio, For You, and Connect reflect your musical tastes, we collect some information about your activity in the app. This is detailed during setup in “About Apple Music & Privacy.” The songs you stream aren’t used by any other service to advertise to you. And if you don’t want to keep your music collection on our servers, you can opt out of iCloud Music Library. iOS puts you in control of which apps can access your Music account and associated details.
The Apple Music Friends feature lets you share your favorite music — and decide which friends can see the music in your profile. We only have access to the contacts you choose to add to Apple Music Friends specifically, not your entire contact list.
Ads that are delivered by Apple’s advertising platform may appear in the App Store, or Stocks. Ads in all three apps are marked so you can tap to see why you were served a particular ad. You can also go into Settings to view what data may be used to determine which ads we deliver to you.
Ads in the App Store, and Stocks do not access user data from other Apple services like Maps, iMessage, and iCloud. They also don’t use data from user devices through services and functions such as Health, HomeKit, email, contacts, and call history. In the App Store, your search and download history may be used to serve you relevant search ads.
In the Stocks app, ads are served based partly on what you read or follow. This includes publishers for whom you’ve enabled notifications and the type of publishing subscription you have. The articles you read are never used to serve targeted ads to you outside these apps. You can always turn on Limit Ad Tracking to stop receiving targeted ads in Stocks, and the App Store. You may still receive the same number of ads, but the ads may be less relevant to you.
Developers can use our Touch ID, Face ID, and Core ML APIs, 256-bit encryption, and app transport security to build apps that keep your data secure. We also require developers to ask for permission and provide an explanation when requesting access to personal information on your device, like your photos and contacts. All apps are sandboxed to better protect your personal information.
On the App Store, we require app developers to agree to specific guidelines that are designed to protect user privacy and security. We also require them to provide a privacy policy that you can review. When we become aware of an app that violates our guidelines, the developer must address the issue or the app will be removed from the App Store. Apps go through a review process before becoming available on the App Store to make sure that they function the way they are described by the developer. Once an app is installed on your device, you are prompted for permission the first time it tries to access information such as your location or photos. You always have the power to make changes to the permissions you’ve granted. And iOS 11 or later gives you the control to provide your location to any app only while you’re using it.
We also make sure that there are certain types of data on your device that apps simply can’t access, and that there is no way for an app to ask for complete access to all of your data. We were the first to provide this level of security, and we will continue to build strong safeguards into our platforms.
With every iOS release, we reduce the amount of information that apps can attempt to silently access in an effort to track your activity. However, apps sometimes require information — for example, if your device has previously used their services or completed free trials. To continue to protect your privacy while also giving developers the information they need in a privacy-friendly manner, we introduced DeviceCheck in iOS 11. DeviceCheck allows each app to store two true/false flags about a device. The intent of the flags is defined by the developer and is unknown to Apple.
Apps supported by HomeKit are restricted by our developer guidelines to using data solely for home configuration or automation services. Apple does not know what devices you’re controlling or how and when you’re using them. Data related to your home is encrypted and stored in the keychain of your device. It’s also encrypted in transit between your Apple device and the devices you’re controlling in your home. And when you control your accessories from a remote location, that data is encrypted when it’s sent. So Apple doesn’t know which devices you’re controlling or how you’re using them.
When apps perform automatic actions based on your location, such as turning on house lights, these actions are initiated by HomeKit, which makes your location invisible to the app. You can also disable use of your location at any time.
Apple harnesses machine learning to enhance your experience — and your privacy. We’ve used it to enable image and scene recognition in Photos, predictive text in keyboards, and more. Now we’re allowing developers to use our frameworks, such as Create ML and Core ML, to create powerful new app experiences that don’t require your data to leave your device. That means apps can analyze user sentiment, classify scenes, translate text, recognize handwriting, predict text, tag music, and more without putting your privacy at risk.
ResearchKit and CareKit are open source software frameworks that take advantage of the capabilities of iPhone. ResearchKit enables developers to create apps that let medical researchers gather robust and meaningful data for studies. And CareKit is a platform for developers to create apps that help individuals take a more active role in their own well-being.
With ResearchKit, you choose which studies you want to join and share with researchers or doctors, and you control the information you provide to individual apps. Apps using ResearchKit or CareKit can pull data from the Health app only with your consent. Any apps built using ResearchKit for health-related human subject research must obtain consent from the participants and must provide information about confidentiality rights and the sharing and handling of data. These apps must also be approved by an independent ethics review board before the study can begin.
For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data with researchers, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.
HealthKit allows developers to create health and fitness apps to share their data with the Health app and with each other. As a user, you have control over which elements of your HealthKit information are shared with which apps. Apps that work with HealthKit are prohibited by our developer guidelines from using or disclosing HealthKit data to third parties for advertising or other data mining purposes. Apps can share data for the purpose of improving your health or health research, but only with your permission. And any Health Records data is encrypted and protected with your iPhone passcode. When you choose to share that data with trusted apps, it flows directly from HealthKit to the third-party app and is never sent to Apple’s servers. We also require apps that work with HealthKit to provide a privacy policy for you to review.
CloudKit helps keep your preferences, settings, and app data up to date across your devices. Developers use CloudKit to make it easier for you to use their apps because you don’t have to sign in separately. By default, developers don’t have access to your Apple ID, just a unique identifier. If you give your permission, developers can use your email to let others find you in their app. You’re always in control of these permissions and can turn them on or off at any time. Your data isn’t shared with developers unless you choose to share or post publicly.