iOS Privacy Manifest
Declare to Apple the data collected by your app or by third-party SDKs.
Apple’s privacy manifest is a file type used to record the categories of data that your app and third-party SDKs collect about the person using the app, and the reasons they collect the data. For more information on privacy manifest files, see Apple’s developer documentation.
Configuring Data Types
All data collected using the SDK should use the following configuration:
Using the Inquiry SDK Module
Persona includes its own privacy manifest in SDK v2.18.0 and above for the default collected data types. Based on the verifications you have configured, you will need to add collected data types to the privacy manifest for your app. Refer to the section below for adding data types to your privacy manifest file.
By default, Persona’s own privacy manifest includes the following collected data types:
Updating your Privacy Manifest File
The sections below summarize collected data types you should declare based on the verification types applied in the flow. Based on custom logic in your flow, additional data types may need to be included. Refer to Apple’s developer documentation on describing data use in privacy manifests.
Government ID
The collected data types below include generic data collected on government ID capture, they may vary depending on the pieces of government ID supported in the flow.
Document
The collected data types below are suggestions based on common document types collected from Persona, they will vary based on the specific document types collected in your flow.
Selfie
Selfie verification uses the phone’s camera for liveness checks.
Database
The collected data types for database verification will vary depending on the use case, refer to the information required on the inquiry flow’s forms.
Phone and Email
Depending on whether one or both of these verifications are applied, they will need to be included in the collected data types.
Other
For other verifications, go through the flow and refer to Apple’s developer documentation to identify the collected data types.
Using the NFC Module
By default, the NFC module’s privacy manifest doesn’t list any collected data types. However, when the NFC module is utilized alongside the Inquiry SDK module, it typically requires the addition of the following collected data types. If there’s a need to include additional collected data types, please consult the section above and Apple’s developer documentation for guidance.
Using the WebRTC Module
As of SDK v2.18.0, the WebRTC module has its own privacy manifest with the following collected data types. Refer to the section above and Apple’s developer documentation for including additional collected data types.