Skip to content

Privacy manifest

If your Braze SDK collects tracking data, Apple requires you to add a privacy manifest that describes your reason and method for collecting tracking data.

What is tracking data?

Apple defines “tracking data” as data collected in your app about an end-user or device that’s linked to third-party data (such as targeted advertising), or a data broker. For a complete definition with examples, see Apple: Tracking.

By default, the Braze SDK does not collect tracking data. However, depending on your Braze SDK configuration, you may be required to list Braze-specific data in your app’s privacy manifest.

What is a privacy manifest?

A privacy manifest is a file in your Xcode project that describes the reason your app and third-party SDKs collect data, along with their data-collection methods. Each of your third-party SDKs that track data require its own privacy manifest. When you create your app’s privacy report, these privacy manifest files are automatically aggregated into a single report.

API tracking-data domains

Starting with iOS 17.2, Apple will block all declared tracking endpoints in your app until the end-user accepts an Ad Tracking Transparency (ATT) prompt. Braze automatically reroutes this data to a dedicated -tracking endpoint, then sends the remaining non-tracking, first-party data to the original endpoint. For example:

  • Original endpoint: sdk.iad-01.braze.com
  • Tracking endpoint: sdk-tracking.iad-01.braze.com

Declaring Braze tracking data

Step 1: Review your current policies

Review your Braze SDK’s current data-collection policies with your legal team to determine whether your app collects tracking data as defined by Apple. If you’re not collecting any tracking data, you don’t need to customize your privacy manifest for the Braze SDK at this time.

For more information about the Braze SDK’s data-collection policies, see SDK data collection.

Step 2: Declare your tracking data

In your Xcode project, open AppDelegate.swift then list each tracking property you want to declare by creating a static or dynamic tracking list. Keep in mind, Apple will block these properties until the end-user accepts their ATT prompt, so only list the properties you and your legal team consider tracking.

In the following example, dateOfBirth, customEvent, and customAttribute are declared as tracking data within a static list.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

import UIKit
import BrazeKit

@main
class AppDelegate: UIResponder, UIApplicationDelegate {

  static var braze: Braze? = nil

  func application(
    _ application: UIApplication,
    didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?
  ) -> Bool {
    let configuration = Braze.Configuration(apiKey: brazeApiKey, endpoint: brazeEndpoint)
    // Declare which types of data you wish to collect for user tracking.
    configuration.api.trackingPropertyAllowList = [
      .dateOfBirth,
      .customEvent(["event-1"]),
      .customAttribute(["attribute-1", "attribute-2"])
    ]
    let braze = Braze(configuration: configuration)
    AppDelegate.braze = braze
    return true
  }
}

In the following example, the tracking list is automatically updated after the end-user accepts the ATT prompt.

1
2
3
4
5
6
7
8
9
10
11
12
13
14

func applicationDidBecomeActive(_ application: UIApplication) {
  // Request and check your user's tracking authorization status.
  ATTrackingManager.requestTrackingAuthorization { status in
    // Let Braze know whether user data is allowed to be collected for tracking.
    let enableAdTracking = status == .authorized
    AppDelegate.braze?.set(adTrackingEnabled: enableAdTracking)

    // Add the `.firstName` and `.lastName` properties, while removing the `.everything` configuration.
    AppDelegate.braze.updateTrackingAllowList(
      adding: [.firstName, .lastName],
      removing: [.everything]
    )
  }
}

Step 3: Prevent infinite retry loops

To prevent the SDK from entering an infinite retry loop, use the set(adTrackingEnabled: enableAdTracking) method to handle ATT permissions. The adTrackingEnabled property in your method should be handled similar to the following:

1
2
3
4
5
6
7
8

func applicationDidBecomeActive(_ application: UIApplication) {
    // Request and check your user's tracking authorization status.
    ATTrackingManager.requestTrackingAuthorization { status in
      // Let Braze know whether user data is allowed to be collected for tracking.
      let enableAdTracking = status == .authorized
      AppDelegate.braze?.set(adTrackingEnabled: enableAdTracking)
    }
}
  Edit this page on GitHub
HOW HELPFUL WAS THIS PAGE?
New Stuff!