Hello everyone,
I’m developing an app for our insurance franchise network called Avantar Indica. The core functionality of the app is to allow a user (after being affiliated to one of our units) to refer friends or family members so that the franchise unit can contact them and offer our services.
During App Review, the app was rejected under Guideline 5.1.2 – Privacy – Data Collection and Storage, since the app currently collects name and phone number of third-party contacts without their explicit consent.
I completely understand Apple’s concern and would like to adapt the functionality in order to make it compliant with the App Store Guidelines.
👉 New proposed flow:
When a user selects a contact to refer, no personal data is stored immediately.
Instead, the app will send an email or SMS invitation to the referred person, informing them that they have been invited by [User’s Name].
The referred person will be able to accept or decline the referral.
Only if the referred person explicitly accepts will their data (name and phone number) be securely stored in our database and shared with the franchise unit.
This way, the referral process only completes after explicit consent from the data owner, which I believe aligns with both App Store Guidelines and privacy regulations such as GDPR and LGPD.
❓ My question: Would this adjusted approach (sending an invitation and saving data only after acceptance) be considered acceptable under Guideline 5.1.2? Or is there a recommended best practice for implementing this kind of referral flow on iOS apps?
Any guidance or experiences from other developers who faced similar situations would be greatly appreciated.
Thank you!
