I’m building an iOS app that collects user PII (emails, names) and stores it in my backend database. I already use HTTPS for data transfer, but I’m unsure if Apple requires server-side encryption for stored data.
For example:
If a user’s email is stored in plain text on my server (but transmitted securely via HTTPS), will this violate App Store guidelines?
Does Apple explicitly mandate encryption-at-rest for PII, or is it just a recommendation?
Are there exceptions for non-sensitive data like usernames?
I checked App Store Review Guidelines §5.1.1, which says "data must be stored securely," but it’s unclear if this requires encryption.
Context:
The app targets U.S. users (no GDPR/CCPA concerns).
No financial/health data is involved.
Is plain-text server storage of emails/names acceptable, or will this risk rejection? Thanks for any clarity!
AasMah
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution