Honest Privacy Policies
VOL. I  ·  EST. 2026  ·  "WE READ THE FINE PRINT SO YOU DON'T HAVE TO"
C
Verdict
EXHIBIT A

Apple.

"Privacy™. Some exclusions apply."

Apple is genuinely different from the adtech monoculture — and the policy actually proves it. They don't sell your data, don't share it under California's definition, and their ad platform explicitly says it does not link your device data with third-party data §9. The deletion and access rights at privacy.apple.com extend to all global users, not just EU residents §2. Child data protections include verifiable parental consent and mandatory deletion if collected without authorization §8. The retention language commits to the "shortest period permissible under law" — not the industry-standard indefinite fog §5. An AI training opt-out form actually exists §4. Then reality shows up. Apple still runs an advertising business on App Store, News, Stocks, and Apple TV §9. Applebot crawls everything publicly posted on the internet to train foundational AI models, and opting out requires a manual form rather than a setting §4. Content you upload gets scanned for illegal material — disclosed in the security section, not the headline §5. Click-through links in every Apple email bounce through a tracking server; the disclosed remedy is "don't click links" §9. Cookies and tracker data are classified as "non-personal" by default unless your local law says otherwise §9. Governments get your data whenever Apple "determines" disclosure is "necessary or appropriate" — a bar Apple sets unilaterally §6. These aren't nitpicks. They're the gap between Apple's privacy brand and Apple's privacy policy.

Consumer Electronics & Services
Analyzed: 2026-05-23
§2 · The short version

TL;DR — 8 answers.

The eight things you actually want to know, at a glance.

TL;DR — 8 answers C
NO Do they sell your data?
~ Do they track you across other apps and sites?
~ Can your data train their AI?
~ Who can see what you do?
~ Can you actually delete your data?
~ Do they honor privacy opt-outs?
YES Special rules for kids?
~ Been fined for privacy stuff before?
§3 · The details

The questions, answered.

No legalese. Every answer the way your most cynical friend would put it.

NO
§6

Do they sell your data?

Genuinely no — and this is legally backed by Nevada and California statutory definitions, not just marketing copy. They also don't "share" your personal data under California's CCPA/CPRA definition, meaning they don't pass it to third parties for those parties' own advertising. This is a real, meaningful, and uncommon commitment.

COND.
§9

Do they track you across other apps and sites?

Apple's own ad platform explicitly does not link your device data with third-party data for targeted ads or measurement — that's a stated policy distinction from Google/Meta. However, Applebot crawls anything you've posted publicly to the web for AI training. Click-through links in Apple emails are individually tracked. And cookies on Apple's own sites track behavior and ad effectiveness.

COND.
§4

Can your data train their AI?

Your private personal data is explicitly excluded from training foundational AI models. But Applebot crawls public web content — including anything you've published on blogs, forums, or GitHub — to feed those same models. An opt-out form exists at the Apple Intelligence Privacy Inquiries page, but it's a manual request, not a setting.

COND.
§6

Who can see what you do?

Apple, its global affiliates, service providers (who are contractually bound and cannot use data for their own purposes), and specialized partners for financial products. Governments get access when Apple determines disclosure is 'necessary or appropriate' for national security, law enforcement, or 'other issues of public importance' — a standard Apple sets unilaterally.

COND.
§2

Can you actually delete your data?

Mostly yes, and the privacy.apple.com portal extends deletion rights to all global users — not just people in the EU or California. Apple can refuse if legally obligated to keep records, if deletion would undermine anti-fraud use, if the request 'jeopardizes the privacy of others,' or if it's deemed 'frivolous or vexatious' or 'extremely impractical.' That last clause is the wild card.

COND.
§5

Do they honor privacy opt-outs?

The Personalized Ads opt-out works (five taps deep in iOS settings). App Tracking Transparency blocks third-party app tracking at the OS level. But Apple reserves the right to send you messages you 'may not opt out of.' No mention of honoring Global Privacy Control signals. The AI training opt-out is a manual form, not an automatic setting.

YES
§8

Special rules for kids?

Under-13s (or local equivalent age) require a child Apple Account with verifiable parental consent after reviewing the Family Privacy Disclosure. Schools using Apple School Manager must agree to a separate student data disclosure. If Apple learns a child's data was collected without proper authorization, it gets deleted 'as soon as possible.' These are genuine, auditable protections.

COND.
§2

Been fined for privacy stuff before?

Not addressed in the policy itself. Externally: France's CNIL fined Apple €8M in 2023 for ad tracking without prior consent on iOS. The EU issued a €1.8B antitrust finding in 2024 related to App Store and ATT. Apple's ATT framework — which protects users from third-party tracking — continues to face regulatory scrutiny across multiple jurisdictions.

§3 · The privacy card

At a glance, honestly.

Eight signals, color-coded. Like a model card for a machine — except the machine is reading your data.

Privacy Card · Apple · Analyzed 2026-05-23
C
Data sold / shared NO GOOD
Cross-site tracking COND. MIXED
AI training NO
Deletion right AVAIL. GOOD
GPC honored NO BAD
Keeps forever? NO GOOD
Child protections YES GOOD
Automated decisions NO
Collects
Identifiers, Contact Info, Payment & Financial, Usage Data, Location +6 more
Shares with
Apple-affiliated companies, Service providers (bound to Apple's instructions, cannot use data for their own purposes), Partners for specific offerings (e.g., Apple Card, Apple Cash), Developers and publishers (pseudonymous Subscriber ID only) +2 more
§5 · The label they should have shown you

The Privacy Label, honestly.

An Apple-style label for what's collected and a Cranor-style back-of-pack for what they do with it. Every cell links to the exact line in their policy.

APPLE — DATA COLLECTED
PER APPLE PRIVACY-LABEL TAXONOMY ↗
USED TO TRACK YOU
Data shared with third parties for cross-property tracking.
◐ LINKED TO YOU
Tied to your identity and stored against your account.
Identifiers §3
Apple Account ID · Device serial number · Browser type · Advertising Identifier (IDFA)
Contact Info §3
Name · Email address · Physical address · Phone number
Payment & Financial §3
Bank details · Credit/debit card info · Billing address · Salary/income (where collected) · Apple Card/Cash data
Usage Data §3
App launches within services · Browsing history · Search history · Product interaction · Crash and diagnostic data
Location §3
Precise location (Find My and region-specific services with consent) · Coarse location
Health & Fitness §3
Health status data · Physical/mental health condition data · Fitness and exercise data (where shared)
Government ID §3
Government-issued ID (limited jurisdictions: wireless activation, commercial credit, reservations, as required by law)
Uploaded Content §5
Content prescreened or scanned for potentially illegal material including CSAM
Communications §3
Customer support interactions · Social media contacts with Apple
Third-Party Sourced §4
Carrier account data (at your direction) · Loyalty program data (at your direction) · Partner validation data (security/fraud)
○ NOT LINKED TO YOU
Aggregated, supposedly anonymous.
Web-Crawled Public Content §4
Publicly available web pages crawled by Applebot for search and foundational AI model training
↓ BACK OF LABEL · WHAT THEY DO WITH IT (CRANOR FRAMEWORK)
Purposes
Power services and improve offerings, Process transactions and provide products, Communicate (including mandatory notices you cannot opt out of), Security, fraud prevention, and scanning uploaded content for illegal material, Personalization and Apple-delivered advertising (App Store, News, Stocks, Apple TV), Train foundational AI models using Applebot-crawled public web content, Comply with law and honor government requests, Measure advertising effectiveness and web searches via cookies. §5
8+ stated purposes. The interesting ones are buried in §7.
Sold or shared?
No. §6
"We don't sell data" is technically true and substantively false.
Retention
Bounded. §5
Retained only as long as necessary to fulfill the purposes collected. Apple explicitly commits to working to retain data for 'the shortest possible period permissible under law.' No published default windows in the global policy.
User controls
Deletion: Available · Opt-out: Available §2
Delete works. Opting out of inference does not exist.
Honors GPC?
No. §2
Global Privacy Control browser signal: ignored.
Automated decisions
No. §5
Content moderation scanning of uploads for illegal material (automated but not a decision about the user). All algorithmic.
AI training on your data
No. §4
Your public posts/photos train commercial models.
Children's data
Under 13 blocked · 13–17 limited §8
Ad targeting paused for teens, but content profile still kept.
Breach disclosure
"As required by law." §15.3
Translation: the bare minimum legal window in your jurisdiction.
§5 · The receipts

The receipts, translated.

Five of the worst clauses, lifted verbatim. Strikethroughs are theirs. Marginalia is ours.

APPLE PRIVACY POLICY · APPLE'S SHARING OF PERSONAL DATA §6
Apple does not sell your personal data including as "sale" is defined in Nevada and California. Apple also does not "share" your personal data as that term is defined in California.
ACTUALLY MEANS IT
APPLE PRIVACY POLICY · COOKIES AND OTHER TECHNOLOGIES §9
Apple's advertising platform does not track you, meaning that it does not link user or device data collected from our apps with user or device data collected from third parties for targeted advertising or advertising measurement purposes, and does not share user or device data with data brokers.
WALLED GARDEN: ACTUALLY WALLED
APPLE PRIVACY POLICY · APPLE'S USE OF PERSONAL DATA §5
Because this information is important to your interaction with Apple, you may not opt out of receiving these important notices.
FORCED COMMUNICATIONS
APPLE PRIVACY POLICY · APPLE'S USE OF PERSONAL DATA §5
When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law.
BETTER THAN MOST
APPLE PRIVACY POLICY · PERSONAL DATA APPLE RECEIVES FROM OTHER SOURCES §4
To power features such as search and as a source for our foundational AI models, Apple uses Applebot, a web crawler, to crawl information that is publicly available on the internet. We have measures in place to reduce the amount of personal data we collect and make no attempt to connect data crawled to any individual Apple user, or to build profiles about individuals. Your private personal data is not used to train our foundational AI models.
AI TRAINING: PUBLIC WEB FAIR GAME
APPLE PRIVACY POLICY · APPLE'S USE OF PERSONAL DATA §5
prescreening or scanning uploaded content for potentially illegal content, including child sexual exploitation material.
UPLOADS ARE NOT PRIVATE
APPLE PRIVACY POLICY · COOKIES AND OTHER TECHNOLOGIES §9
In some email messages Apple sends to you, we provide a "click-through URL" that links you to content on the Apple website. When you click one of these URLs, they pass through a separate server before arriving at the destination page on our website. We track this click-through to help us determine interest in particular topics and measure whether we are communicating with you effectively. If you prefer not to be tracked in this way, you should not click graphic or text links in email messages.
OPT-OUT: DON'T CLICK ANYTHING
APPLE PRIVACY POLICY · APPLE'S SHARING OF PERSONAL DATA §6
We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
GOVT-REQUEST READY
APPLE PRIVACY POLICY · COOKIES AND OTHER TECHNOLOGIES §9
Apple generally treats data we collect using these cookies and similar technologies as non-personal data. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal data by local law, we also treat these identifiers as personal data in those regions.
DEFINITION JUDO
APPLE PRIVACY POLICY · YOUR PRIVACY RIGHTS AT APPLE §2
At Apple, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. We have provided these rights to our global customer base and if you choose to exercise these privacy rights, you have the right not to be treated in a discriminatory way nor to receive a lesser degree of service from Apple.
GENUINELY GLOBAL RIGHTS
§6 · The deceptive design

Dark patterns spotted.

Tricks the policy and surrounding UX use to make you "consent" without really consenting.

01
Unavoidable 'important notices'
§5
Apple unilaterally decides which messages you cannot opt out of. The policy gives them unlimited latitude to define what is 'important to your interaction,' meaning this exemption can expand at will.
"Because this information is important to your interaction with Apple, you may not opt out of receiving these important notices.
02
Click-tracking opt-out is 'don't click'
§9
Every link in Apple marketing emails passes through a tracking server to build interest profiles. The disclosed opt-out is to stop clicking links in Apple emails — not a setting, not an unsubscribe mechanism for the tracking layer specifically.
"If you prefer not to be tracked in this way, you should not click graphic or text links in email messages.
03
Cookies default-classified as non-personal
§9
Tracker and cookie data is treated as non-personal data globally unless local law forces Apple's hand. This sidesteps the spirit of privacy commitments for users in jurisdictions without strong data protection laws.
"Apple generally treats data we collect using these cookies and similar technologies as non-personal data.
04
AI training opt-out is a manual form
§4
Applebot crawls public web content to feed foundational AI models. Opting out requires submitting a manual 'Apple Intelligence Privacy Inquiries' form — not a toggle in Apple settings, not a per-device control.
"To exercise your right as an individual to opt out of processing, visit the Apple Intelligence Privacy Inquiries form.
05
Personalized Ads opt-out buried in OS settings
§9
Disabling Apple's own ad personalization requires five taps into iOS settings (Settings > Privacy & Security > Apple Advertising > Personalized Ads), or a multi-step path in macOS System Settings. No one-click opt-out exists at apple.com.
"you can disable Personalized Ads by going to Settings > Privacy & Security > Apple Advertising and tapping to turn off Personalized Ads
06
Discretionary government disclosure
§6
Apple can disclose your data to governments when it 'determines' disclosure is 'necessary or appropriate' — including for 'other issues of public importance,' a standard Apple sets without external review.
"We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
07
Retention commitment without published timelines
§5
Apple's language is better than most ('shortest period permissible'), but no actual retention windows are published in the global policy. You cannot verify compliance with a standard that has no published metrics.
"Apple retains personal data only for so long as necessary to fulfill the purposes for which it was collected
§7 · What you can actually do

Your rights, by where you live.

Same company, wildly different rights depending on your jurisdiction. Direct links to the specific opt-out / delete / access flows.

EU / EEA / UK / Switzerland (GDPR)
DIFFICULTY: EASY
  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure / 'right to be forgotten' (Article 17)
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the applicable data protection authority
REQUEST →

Source: §2

California (CCPA / CPRA)
DIFFICULTY: EASY
  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of 'sale' (Apple says it does not sell)
  • Right to opt out of 'sharing' under CCPA (Apple says it does not share)
  • Right to limit use of sensitive personal information (Apple states it does not use sensitive data in ways that trigger this right)
  • Right of non-discrimination for exercising privacy rights
REQUEST →

Source: §2

Nevada
DIFFICULTY: EASY
  • Right to opt out of sale of covered information (Apple states it does not sell under Nevada's definition)
REQUEST →

Source: §6

Rest of world (global policy commitment)
DIFFICULTY: MEDIUM
  • Access, correction, portability, restriction, and deletion — extended to all global users by Apple's own policy, not just legal requirement
  • Right to withdraw consent where consent was the processing basis
  • Right to lodge a complaint with the applicable local regulator
  • Subject to Apple's stated denial grounds: legal obligation, anti-fraud use, others' privacy, 'frivolous or vexatious' requests, or 'extremely impractical' requests
REQUEST →

Source: §2

Children / minors (global)
DIFFICULTY: EASY
  • Verifiable parental consent required before child account creation
  • Parents can exercise all rights via child's account at privacy.apple.com
  • Unauthorized collection of child data deleted as soon as possible
REQUEST →

Source: §8

§8 · Receipts

The actual sources.

Every claim above is anchored to a line in the policy we analyzed. Click any section ID to view it in context.

ANALYZED BY: claude-sonnet-4-6  ·  PROMPT VERSION: honest-policy-v1.5-calibrated  ·  ANALYZED AT: 2026-05-23T19:00:00Z
SOURCE: https://www.apple.com/legal/privacy/en-ww/  ·  POLICY VERSION: 2025-07-30  ·  SNAPSHOT HASH: manual-pdf
  • §1
    What Is Personal Data at Apple?
    "we treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by Apple as "personal data," no matter where the individual lives."
    Original → Snapshot →
  • §2
    Your Privacy Rights at Apple
    "At Apple, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. We have provided these rights to our global customer base and if you choose to exercise these privacy rights, you have the right not to be treated in a discriminatory way nor to receive a lesser degree of service from Apple."
    Original → Snapshot →
  • §3
    Personal Data Apple Collects from You
    "When you create an Apple Account, apply for commercial credit, purchase and/or activate a product or device, download a software update, register for a class at an Apple Store, connect to our services, contact us (including by social media), participate in an online survey, or otherwise interact with Apple, we may collect a variety of information"
    Original → Snapshot →
  • §4
    Personal Data Apple Receives from Other Sources (incl. Applebot / AI training)
    "To power features such as search and as a source for our foundational AI models, Apple uses Applebot, a web crawler, to crawl information that is publicly available on the internet. We have measures in place to reduce the amount of personal data we collect and make no attempt to connect data crawled to any individual Apple user, or to build profiles about individuals. Your private personal data is not used to train our foundational AI models."
    Original → Snapshot →
  • §5
    Apple's Use of Personal Data (purposes, content scanning, retention, no-opt-out notices)
    "Apple uses personal data to power our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal data for other purposes with your consent."
    Original → Snapshot →
  • §5.1
    Apple's Use of Personal Data — Retention
    "When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law."
    Original → Snapshot →
  • §5.2
    Apple's Use of Personal Data — No Automated Decisions
    "Apple does not use algorithms or profiling to make any decision that would significantly affect you without the opportunity for human review."
    Original → Snapshot →
  • §6
    Apple's Sharing of Personal Data
    "Apple does not sell your personal data including as "sale" is defined in Nevada and California. Apple also does not "share" your personal data as that term is defined in California."
    Original → Snapshot →
  • §7
    Protection of Personal Data at Apple
    "We use administrative, technical, and physical safeguards to protect your personal data, taking into account the nature of the personal data and the processing, and the threats posed."
    Original → Snapshot →
  • §8
    Children and Personal Data
    "If we learn that a child's personal data was collected without appropriate authorization, it will be deleted as soon as possible."
    Original → Snapshot →
  • §9
    Cookies and Other Technologies (incl. Apple advertising platform, email tracking)
    "Apple's advertising platform does not track you, meaning that it does not link user or device data collected from our apps with user or device data collected from third parties for targeted advertising or advertising measurement purposes, and does not share user or device data with data brokers."
    Original → Snapshot →
  • §10
    Transfer of Personal Data Between Countries
    "Personal data collected by Apple or an Apple-affiliated company worldwide is generally stored by Apple Inc. in the United States."
    Original → Snapshot →
  • §11
    Privacy Questions / Policy updates
    "When there is a material change to this Privacy Policy, we'll post a notice on this website at least a week in advance of doing so and contact you directly about the change if we have your data on file."
    Original → Snapshot →
Flag an issue

Apple · Grade C

Spotted an error or outdated info? Let us know — we'll review it.

How accurate is this analysis?
Report a shady policy

Know a privacy policy that deserves the treatment? Two ways to tell us:

Option A — Email us

Drop us a line with the company name and policy URL.

✉ report-shady-policies@honestprivacypolicies.org
or
Option B — Quick form