Sending data to PersonaInquiries (Client-side integrations)Integration MethodsMobileiOS

iOS Privacy Manifest

Declare to Apple the data collected by your app or by third-party SDKs.

Apple’s privacy manifest is a file type used to record the categories of data that your app and third-party SDKs collect about the person using the app, and the reasons they collect the data. For more information on privacy manifest files, see Apple’s developer documentation.

Configuring Data Types

All data collected using the SDK should use the following configuration:

KeyValue
Linked to UserYes
Used for TrackingNo
Collection PurposeApp functionality

Using the Inquiry SDK Module

Persona includes its own privacy manifest in SDK v2.18.0 and above for the default collected data types. Based on the verifications you have configured, you will need to add collected data types to the privacy manifest for your app. Refer to the section below for adding data types to your privacy manifest file.

By default, Persona’s own privacy manifest includes the following collected data types:

Data TypeDescription
Coarse locationIP address.
Device IDDevice-level ID assigned by Persona.
User IDUser and account IDs assigned by Persona.
Other Diagnostic DataError logging.
Product InteractionInquiry flow events logging.

Updating your Privacy Manifest File

The sections below summarize collected data types you should declare based on the verification types applied in the flow. Based on custom logic in your flow, additional data types may need to be included. Refer to Apple’s developer documentation on describing data use in privacy manifests.

Government ID

The collected data types below include generic data collected on government ID capture, they may vary depending on the pieces of government ID supported in the flow.

Data TypeDescription
NameFrom the government ID.
Physical addressFrom the government ID, if applicable.
Sensitive infoBiometric data.
Photos or videosPhoto of the government ID.
Audio dataOnly if video recording is supported.

Document

The collected data types below are suggestions based on common document types collected from Persona, they will vary based on the specific document types collected in your flow.

Data TypeDescription
NameFrom the business or supplemental documents.
Email addressFrom the business or supplemental documents.
Phone numberFrom the business or supplemental documents.
Physical addressFrom the business or supplemental documents.
Payment infoFrom bank statement or other supplemental documents.
Credit infoFrom proof of income or other supplemental documents.
Other financial infoFrom proof of income or other supplemental documents.
Photos or videosPhoto of the document.

Selfie

Selfie verification uses the phone’s camera for liveness checks.

Data TypeDescription
Sensitive infoBiometric data.
Photos or videosPhoto of the selfie.
Audio dataOnly if video recording is supported.

Database

The collected data types for database verification will vary depending on the use case, refer to the information required on the inquiry flow’s forms.

Data TypeDescription
NameFrom the form.
Email addressFrom the form, if applicable.
Phone numberFrom the form, if applicable.
Physical addressFrom the form, if applicable.
Other financial infoFor TIN verification.

Phone and Email

Depending on whether one or both of these verifications are applied, they will need to be included in the collected data types.

Data TypeDescription
Email addressIf email verification is used.
Phone numberIf phone verification is used.

Other

For other verifications, go through the flow and refer to Apple’s developer documentation to identify the collected data types.

Using the NFC Module

By default, the NFC module’s privacy manifest doesn’t list any collected data types. However, when the NFC module is utilized alongside the Inquiry SDK module, it typically requires the addition of the following collected data types. If there’s a need to include additional collected data types, please consult the section above and Apple’s developer documentation for guidance.

Data TypeDescription
NameFrom the government ID.
Physical addressFrom the government ID, if applicable.
Sensitive infoBiometric data.
Photos or videosPhoto of the government ID.
Audio dataOnly if video recording is supported.

Using the WebRTC Module

As of SDK v2.18.0, the WebRTC module has its own privacy manifest with the following collected data types. Refer to the section above and Apple’s developer documentation for including additional collected data types.

Data TypeDescription
Sensitive infoBiometric data.
Photos or videosVideo recording enabled.
Audio dataVideo recording enabled.