Situation I'm working on an app in which the user can manually enter in data. That data gets locally stored in a CoreData database and from there automatically synced (via NSPersistentCloudKitContainer) to the user private CloudKit database and I selected CloudKit encryption for every attribute. So as the developer I definitely can't access it, but it's stored on some remote server. Ambiguous Documentation The privacy site at https://developer.apple.com/app-store/app-privacy-details/ says stuff like: “Collect” refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than what is necessary to service the transmitted request in real time. If you collect data about your app from Apple frameworks or services [such as MapKit, CloudKit, or App Analytics] you should indicate what data you collect and how you use it. You are not responsible for disclosing data collected by Apple. It's a bit unclear if Apple a third-party in this case? It get's stored in CloudKit permanently, but I (or Apple probably) can't really access it - or does that count? Problem So now I'm not sure, if I need to declare anything on the privacy label. I would know what to declare on it, if I needed to, but I just don't know, if I need to. Question Does anybody know that data needs to declared in this case? If it's not clear, I will declare it to be on the safe side, but I really would like to actually know.