5.1.1

After review it was mentioned We need additional information about the app's highly regulated services and/or handling of sensitive user data. The guideline 5.1.1(ix) requirements give users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data. Which companies or institutions provide the services offered in the app? -What is the relationship between [Name of Developer Account] and the providers of these services? The application is being developed for the Karnataka State Government, and the development and management of the app have been assigned as part of an official project. While the developer account used for publishing the application was purchased individually, it is associated with the development and maintenance of this project. The account facilitates app deployment and management while ensuring compliance with government requirements and security protocols. So Guid

Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We noticed that your app requires users to register or log in to access features that are not account based. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. For example, an e-commerce app should let users browse store offerings and other features that are not account based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order. Next Steps To resolve this issue, please revise your app to let users freely access your app’s features that are not account based. Resources Watch a video from App Review with tips for doing more for users with less data. See guideline 5.1.1(v) - Account Sign-In to learn more about our requirements for apps

Hello , My app is already on the App Store, we are trying for version release this time but it got rejected during the last review. The reason from the review team is that - Guideline 1.4.1 - Safety - Physical Harm Guideline 2.1 - Information Needed In this version we have made only minor changes which are not related to our BLE devices. In this rejection cycle got first rejection because of apple review team not happy with the message which we have provided for NSBluetoothAlwaysUsageDescription, and it is rejected by below reason, Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage After this we modified our Bluetooth description message and submitted for review, then apple again rejected with below reason. Guideline 1.4.1 - Safety - Physical Harm Guideline 2.1 - Information Needed We do not understand where is the problem and why the app was approved multiple times before and now not. Could you please help us for this.

I work for a company that provides services implementing, maintaining, and publishing systems for municipalities. We have now developed an app for a municipality, but when trying to publish it, Apple is rejecting it, stating that we cannot publish on behalf of another company. On the first submission, they rejected it with: Guideline 4.1 - Design - Copycats The app or its metadata appears to contain potentially misleading content. Specifically, the app includes content that resembles Sistema da Prefeitura without the necessary authorization. Next Steps Please demonstrate your relationship with any third-party brand owners represented in the app. We obtained a digitally signed document from the municipality stating that we are responsible for their systems, authorizing everything, etc... We made a new submission for review. However, it was now rejected with: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage The app must be published under a seller and company name that is associated with

Private relay emails are not being delivered, even though we've followed the guidance here, https://developer.apple.com/help/account/capabilities/configure-private-email-relay-service/ iCloud, gmail etc. get delivered fine but as soon as its a private relay email address they get bounced as unauthorized sender. We've tried a couple of domains but here I'll document test.x.domain.com We have registered domains (test.x.domain.com), also the sender communication emails just to be safe (noreply at test.x.domain.com). Passed SPF Authentication, DKIM Authentication. ESP account shows as all green checks in mailgun. Is there any way to track down what the actual rejection reason is? { @timestamp: 2025-08-20T14:30:59.801Z, account: { id: 6425b45fb2fd1e28f4e0110a }, delivery-status: { attempt-no: 1, bounce-type: soft, certificate-verified: true, code: 550, enhanced-code: 5.1.1, first-delivery-attempt-seconds: 0.014, message: 5.1.1 : unauthorized sender, mx-host: smtp3.privaterelay.appleid.com, sessio

Hi, I have received rejection from apple on my doctor booking app. apple requesting that I sign up with organizational not individual developer account means i lost my 99USD and must sign up with 299$ plus with a company the problem is that we paid every $ we have and we can't now establish a company its so expensive and we have at least a year to make a new company. We are from Iraq and trying our best to enhance the healthcare in our society and getting new technologies. i send an appeal to apple board telling them that we don't have any sensitive privacy issues. doctors will pay for registration so its a prepaid service on annual fees and patients will submit only name and phone number and register account through Facebook login to book for doctors they chose if anyone can help us with this situation. please find below the rejection. Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app does not meet all of our requirements for apps that offer highly

I’m building an iOS app that collects user PII (emails, names) and stores it in my backend database. I already use HTTPS for data transfer, but I’m unsure if Apple requires server-side encryption for stored data. For example: If a user’s email is stored in plain text on my server (but transmitted securely via HTTPS), will this violate App Store guidelines? Does Apple explicitly mandate encryption-at-rest for PII, or is it just a recommendation? Are there exceptions for non-sensitive data like usernames? I checked App Store Review Guidelines §5.1.1, which says data must be stored securely, but it’s unclear if this requires encryption. Context: The app targets U.S. users (no GDPR/CCPA concerns). No financial/health data is involved. Is plain-text server storage of emails/names acceptable, or will this risk rejection? Thanks for any clarity!

I am having issues getting an update released i have an app that has a button which links back to our 'Blog Page' and both rejections relates to an article on my website. First rejection states the following: Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We found in our review that your app provides services or requires sensitive user information related to the COVID-19 pandemic. Since the COVID-19 pandemic is a public health crisis, services and information related to it are considered to be part of the healthcare industry. In addition, the seller and company names associated with your app are not from a recognized institution, such as a governmental entity, hospital, insurance company, non-governmental organization, or university. Per section 5.1.1 (ix) of the App Store Review Guidelines, apps that provide services or collect sensitive user information in highly-regulated fields, such as healthcare, should be submitted by a legal entity that provides these services, and n

I submitted my app for review for the third time and it was rejected for the third time. This is cited as the reason for rejection. But I don't want to disable user login because I'm sure this will cause some security problems. How can I overcome this problem. Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We noticed that your app requires users to register or log in to access features that are not account based. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. For example, an e-commerce app should let users browse store offerings and other features that are not account based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order. Next Steps To resolve this issue, please revise your app

I have two problems in my apple account and I wish to help me. 1 - I am an apple developer, I develop many different programs in various fields, whether sports, health, educational ... etc., but I face a problem in uploading programs for my clients on my account, and this problem is that the store rejects the application because(your app does not meet all of our requirements for apps that offer highly regulated services or handle sensitive user data. Specifically: The account that submits the app must be enrolled in the Apple Developer Program as an organization, and not as an individual. The guideline 5.1.1(ix) requirements give App Store users confidence that apps operating in highly regulated fields or that require sensitive user information are qualified to provide these services and will responsibly manage their data.),and I don't know what are the steps necessary to be able to upload my client's applications in various categories? 2-what are the steps necessary to increase my limitation in push

Hello, I have develop a app but continue to reject for 2 problems from resolve: For GUIDELINES 3.1.1.: I don't know how i can resolve, because there are more apps that is paymant using browser on app without use in-app purchase, example the apps SUPERENALOTTO when I pay, open a window browser with type of payments (especially out the app), the app ENI PLENITUDE when there is a bill to pay, can pay with Apple Pay on app but how can I specify the price on in-app purchase if the price is not fixed but occurs based on the cost of the bill. On in-app purchase there are the price that I have to insert from $0.99 to up. Please can you help me? Because, yesterday I have change on app the payment on browser but they rejected it anyway. For GUIDELINES 5.1.1: There are too every apps that can registered without specifying or explaining what registration is for, example the apps BADOO and LOVOO and NETFLIX there are only ACCESS, REGISTERED and PASSWORD DISMISSED...Can you help me with this too? Can I see a speci

Hi, Our company integrated ‘Sign In With Apple’.To use private email relay service, we added our domain in WWDR Configure Sign in with Apple for Email Communication part.We just added one domain in ‘Domains and Subdomains’ and no email in ‘Email Addresses’, because our emails are using same domain.Our domain was successfully added, the status is green check with SPF.We do not use 3rd party email service. We only use Gmail.We successfully sent emails to 3 test users with 3 email addresses ( eg. help@company.com, contact@company.com etc ).However, replying to the email always fail on specific case.For example, replying from a@user.com to help@company.com (more precisely, help_at_company_com_userUniqueNumber_randomNumber@privaterelay.appleid.com) always fail with ‘550 5.1.1 Relay not allowed’ error.We waited about 5 days and tried again, but the result was same.All other cases work well.I think private email relay service missed syncing some cases.How can I solve this problem?

As per policy mention in Apple Store guideline in section 5.1.1 related to Data Collection and Storage, it is mentioned to have Delete functionality within app if account creation option is present. I am facing challenge for one of my enterprise app developed for the client, where account creation and sign in feature is present, but that login credentials are 'inter-link' to multiple other client's websites/tools/applications. In this case if user delete the app, it will unconditionally delete from all others too, without knowing that to user. Is there any way that we can get clarity on below points: If we implement with delete option only setting up a flag in app that user won't access with same ID login? Like a 'soft delete'? If user not creating account from app but still able to login with existing account with client ID, still delete feature would required? What are more expectation and details which Apple will going to check for Account Delete feature? Thanks in advance.

We're unable to send email to private relay address.The server we're sending from is also the MTA, the domain is verified (with a checkmark) in and we're using (correctly configured) DKIM, DMARC (set to reject unauthenticated mail), and SPF (set to reject mail that doesn't match), but we're still getting this error:550 5.1.1 Relay not allowed for <xxxxx@privaterelay.appleid.comWhat could be wrong?Our SPF record looks like this:v=spf1 a mx ip4:... ip4:... ip6:.../64 ip6:.../64 include:servers.mcsv.net include:_spf.google.com -all(again, the email is actually sent from the server matching 'a', not mailchimp or google)I'm also able to verify that all the headers look right: Return-Path, From, and the smtp from all match both the verified domain and I've added it as an individual email address, Authentication-Results says dkim=pass, spf=pass, and dmarc=pass (p=REJECT sp=REJECT dis=NONE), the d value in the DKIM signature matches the domain, in short, everything seems to be set up properly.

我们提交的APP，始终无法通过审核； Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage Issue Description The app requires users to provide personal information that is not directly relevant to the app's core functionality. Apps should only require users to provide information that is necessary for the app to function. If information is useful for a non-essential feature, apps may request the information but make it optional. Examples of app concepts and inappropriate required information: A general shopping app that requires the user's marital status A rideshare app that requires the user's gender Next Steps Update the app to not require users to provide the following personal information: National ID number Age Gender Resources 是不允许在注册阶段收集身份证号吗？