Article

Protecting User Privacy

Respect and safeguard your user’s privacy.

Overview

Because health data can be sensitive, HealthKit grants users control over their data by providing fine-grained control over the information that apps can share. The user must explicitly grant each app permission to read and write data to the HealthKit store. Users can grant or deny permission separately for each type of data. For example, a user could let your app read the step count data but prevent it from reading the blood glucose level. To prevent possible information leaks, an app does not know whether it has been denied permission to read data. From the app’s point of view, if the app has been denied permission to read data, no data of that type exists.

The HealthKit data is only kept locally on the user’s device. For security, the HealthKit store is encrypted when the device is locked, and the HealthKit store can only be accessed by an authorized app. As a result, you may not be able to read data from the store when your app is launched in the background; however, apps can still write data to the store, even when the phone is locked. HealthKit temporarily caches the data and saves it to the encrypted store as soon as the phone is unlocked.

In addition, your app must not access the HealthKit APIs unless the app is primarily designed to provide health or fitness services. Your app's role as a health and fitness service must be clear in both your marketing text and your user interface. Specifically, the following guidelines apply to all HealthKit apps:

  • Your app may not use information gained through the use of the HealthKit framework for advertising or similar services. Note that you may still serve advertising in an app that uses the HealthKit framework, but you cannot use data from the HealthKit store to serve ads.

  • You must not disclose any information gained through HealthKit to a third party without express permission from the user. Even with permission, you can only share information to a third party if they are also providing a health or fitness service to the user.

  • You cannot sell information gained through HealthKit to advertising platforms, data brokers, or information resellers.

  • If the user consents, you may share his or her HealthKit data with a third party for medical research.

  • You must clearly disclose to the user how you and your app will use their HealthKit data.

You must also provide a privacy policy for any app that uses the HealthKit framework. You can find guidance on creating a privacy policy at the following sites:

These models, developed by the Office of the National Coordinator for Health Information Technology (ONC), are designed to improve user experience and understanding by using plain language and approachable designs to explain how user data is collected and shared. These models are not intended to replace a web-based privacy policy, and developers should consult ONC guidance regarding which model is appropriate for a given app. These models are provided for your reference only, and Apple expressly disclaims all liability for your use of such models.

See Also

First Steps

About the HealthKit Framework

Learn about the architecture and design of the HealthKit framework.

Setting Up HealthKit

Set up and configure your HealthKit store.

class HKHealthStore

The access point for all data managed by HealthKit.