If your iOS app allows users to create an account, Apple now requires you to make it possible for users to delete the account from within the app itself.
This may have consequences for your personal data handling, and you need to be aware of this.
Here's what you need to know about this requirement and how to comply with it.
Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.
- Click on the "Free Privacy Policy Generator" button, located at the top of the website.
- Select where your Privacy Policy will be used:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- Continue with building your Privacy Policy while answering on questions from our wizard:
-
Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.
That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
- 1. Apple's Rule on Account Deletion
- 2. What Does Account Deletion Mean?
- 3. What to Do When Offering In-App Account Deletion
- 3.1. Make it Easy to Delete Accounts/Offer Clear Instructions
- 3.2. Offer Additional Options Such as Deactivating
- 3.3. Disclose Timeframe for When Personal Data is Deleted
- 4. Are There Any Exceptions?
- 5. Privacy Law Implications
- 6. Privacy Policy Implications
- 7. Summary
Apple's Rule on Account Deletion
Originally, Apple required developers to allow in-app deletion of accounts by January 31, 2022. Because the adjustment to this rule proved to be more complicated than expected, Apple extended the deadline to June 30, 2022.
The deadline has now passed and the rule is now in force. It's officially part of the App Store Review Guidelines Section 5.1.1 (v):
Simply put, if you let users create an account in your app, you must also let them delete the account in your app.
Note that this doesn't cover accounts that aren't created in your app. For example, if you have user accounts on your website and let people log in to their account in your app (but not create it there), you don't have to let them delete it in the app.
Technically, the rule covers cases when the user simply starts creating the account in the app. For example, they may tap a "create account" button in the app and be taken to a relevant page on your website. Even in this scenario, you still need to allow in-app account deletion.
The rule also covers any case where the app automatically creates an account for the user, for example a guest account.
What Does Account Deletion Mean?
Deleting an account through the app doesn't simply mean removing the details from the user's device.
Instead, you must completely remove the account from your records.
You must also delete all data "associated with the account" unless the law says otherwise. This includes any user-generated content.
What to Do When Offering In-App Account Deletion
Apple stressed several key points when announcing both the rule and the initial delay to its implementation.
Make it Easy to Delete Accounts/Offer Clear Instructions
You must make it easy to find the option to delete an account. Apple suggests the account settings menu as a reasonable place where people would expect to find it.
Here's how HER gives clear instructions on how to delete an account within the app from a number of different platforms, along with the effects this has on the user's data:
By providing these steps, it makes it very easy for a user to follow along and know how to close an account. This is also helpful since different businesses may have different processes, and a user may not know how to delete an account in your platform if it's uniquely different than how other businesses do this.
For example, Strava requires users to complete the account deletion process via a confirmation email. To make this clear to users, Strava explains how users who start deletion within the app will need to use their email account to complete the process. This is allowed under the rule:
Offer Additional Options Such as Deactivating
You can offer options such as deactivating or disabling an account, keeping details on file so a user can start using the account again later. However, you must always include an option to completely delete the account and associated data.
Here's how Medium explains the difference between deactivating and deleting an account since it offers both options:
Offering other options can help with customer retention, since a user may wish to just deactivate the account and may come back to you at another time versus cutting all ties and fully deleting the account.
Note that this isn't a requirement from Apple. It's just a good idea.
Disclose Timeframe for When Personal Data is Deleted
It's ok to take some time to delete the account following the user's instructions, particularly if you have to do so manually. However, you must tell users about the timescale and any delays.
The best way to do this is with a clause in your Privacy Policy.
Here's an example from Medium that discloses it can take up to 14 days to delete account data:
Flo gives specific details of how long it retains personal data if a user just deletes the app or stays inactive:
Disclosing this information helps manage user expectations and also gives you a timeframe to work with.
Are There Any Exceptions?
In very limited circumstances, you can ask users to make a deletion request through a "customer service flow." That is, using a method that isn't within an app, such as having a user contact you via email or with a phone call.
Note that this is only allowed in "highly-regulated fields" such as finance or healthcare, and this exception is only designed to cover cases involving sensitive user information.
Privacy Law Implications
Apple's rules say that once a user deletes an account, you must delete all information associated with that account. In many cases, this will also be a legal requirement.
The applicable laws here will depend on the location of you, the user, and where the processing of data takes place.
Possible scenarios include:
- Your data processing (including storing the data) was lawful because the user consented. Deleting the account may count as withdrawing the consent.
- Your data processing was lawful because your legitimate interests outweighed the privacy rights of the user. The user deleting the account may change that balance.
- Although you do not need consent or legitimate interests to process data, users have a right to know about the processing. Both Apple's rules and simple logic means users will reasonably expect you to stop processing the data after they delete their account.
- Although you do not need consent or legitimate interests to process data, users have a right to tell you to stop using data. Deleting an account will likely count as exercising this right.
You should have a clear process for handling data after a user deletes an account. You should also consider how you will make sure you delete data securely and what happens to any data you have passed on to a third party.
This should be handled internally and as a business process. Your IT department will likely be involved as well since they may be doing the physical deletion of data or manage servers where data is stored.
To learn about different privacy laws that may have an effect on your storage and deletion of personal data, as well as what rights users have under specific laws, check out our Guide to Privacy Laws by Country.
Privacy Policy Implications
Apple's rules, other platform's rules, and global privacy laws say you must have a Privacy Policy for your app if it collects personal information.
You should make sure your Privacy Policy includes information related to account deletion, such as:
- A statement you will delete data associated with an account if a user requests it or if they manually delete an account.
- What data, if any, you will not delete even after an account is deleted. This can be some data kept for legal purposes, etc.
- What happens to personal data if users exercise an option to pause, suspend or deactivate an account. (Remember that these options must always be in addition to, rather than in place of, the ability to delete the account.)
- What rights users have when it comes to deleting their accounts and personal data.
Here's how Jodel details user rights under the GDPR, including the right to delete data collected through its iOS app:
Summary
Let's recap what you need to know about deleting accounts in Apple apps.
Since June 30, 2022, if you let users create an account in an iOS app, you must also let users delete the account from within the app.
You should only make creating an account mandatory in an app or ask users to log in through a social network when it's genuinely necessary.
The rule on letting users delete accounts applies in any case where users can create accounts within the app, or where the app creates accounts automatically.
Apple says that after a user deletes an account, you must remove the account completely and delete all associated data.
- Always make it easy to find the delete account option within the app. You can offer additional options of deactivating or disabling an account, but you must always offer the option to delete the account.
- You don't have to delete the account information immediately, but should do so without unnecessary delay and should disclose how long this will take within your Privacy Policy.
- You can ask the users to use a phone number, email address or similar method of contact to delete their accounts only in very limited circumstances. This covers "highly-regulated fields" which have their own rules on sensitive personal information.
As well as Apple's rules on deleting account data in full, many privacy laws have the effect that you must stop using and delete the data.
Your Privacy Policy should set out how deleting an account affects your data handling, including other pertinent and relevant information regarding the deletion or retention of their personal data during this process.
