What Apple's 'Not Collected' Label Actually Means for Your Data

If you've scrolled to the bottom of an App Store listing and seen "Data Not Collected," you might have wondered what that actually covers. It's a more specific claim than it looks — and a rarer one than you'd expect.

The Short Version

Apple introduced the App Privacy labels in late 2020 as a kind of nutrition-label system for apps. Developers are required to disclose what data their app collects, how it's used, and whether it's linked to the user's identity. The labels appear on every app's App Store page.

The "Data Not Collected" badge sits at the top of that section and is exactly what it sounds like: the developer is asserting, under Apple's specific definition, that they collect no data from your use of the app.

But What Does Apple Mean by "Collect"?

This is where it gets precise. Apple's definition of collection:

"Collect" refers to transmitting data off the device in a way that allows you and/or your third-party partners to access it for a period longer than what is necessary to service the transmitted request in real time.

Read that carefully. The word collect doesn't mean "does the app look at your data" — apps have to look at data to do anything useful. It means "does the app send your data somewhere that persists."

Under this definition, an app can:

• Read your location all day long — without collecting it, as long as the location stays on your device.
• Write your location to a local database — without collecting it, same reason.
• Call a server to validate a license key, using an anonymous token, and the server discards the request after validation — without collecting.

An app would be collecting if it:

• Sends your location to its own server and stores it in a database.
• Sends any user data to third-party analytics (Mixpanel, Firebase) where the third party can later retrieve it.
• Sends your data to advertising SDKs for attribution or targeting.
• Sends your data to a third party in any way where they can hold it beyond the moment of the request.

Why This Definition Matters

The definition rules out a loophole that would have otherwise emerged: "Well, we only transmit the data in real time, we don't store it." Apple closes this by saying transmission itself counts if the receiving party can access it for longer than the request takes. So you can't launder data through an always-on third party and call it "not collected."

It also means that simply showing a map is not collection. Downloading map tiles, looking at the current weather, geocoding an address — these involve sending queries to third parties, but as long as the responses are real-time and the third party doesn't retain the query, they don't qualify as collection.

The Three Buckets Underneath

When an app does collect data, Apple requires it to be disclosed under one of three categories:

Data Used to Track You

This is the most sensitive category. "Tracking" here specifically means linking data about you (or your device) with data from other companies' apps, websites, or offline properties for targeted advertising or ad measurement, or sharing data with data brokers.

When an app lists entries here, it's the clearest signal that you're being profiled, not just served. This is the ask that iOS 14.5's App Tracking Transparency prompt gates.

Data Linked to You

This is data collected and associated with your identity (your account, email, device ID, etc.). It's the most common bucket. If the app has an account and stores anything tied to it server-side, entries appear here. This isn't necessarily bad, but it's important to know what's in it.

Data Not Linked to You

Anonymous data, stripped of identifiers. Diagnostic crash reports, usage counts not tied to you, etc. Generally the most benign category.

Why So Few Apps Qualify for "Not Collected"

Most apps don't earn the "Data Not Collected" badge, for a few reasons:

1. Analytics SDKs. The moment an app integrates Firebase, Mixpanel, Amplitude, or similar, there's user behavioral data flowing to a third party that retains it. That's collection.
2. Crash reporters with identifiers. Sentry, Bugsnag, Crashlytics — if they send crash reports that include a persistent device ID, that's collection under the definition.
3. Account systems. Any app with a login has at minimum your email or username stored server-side. That's collection.
4. Advertising SDKs. Obviously.
5. Newsletter or email systems. If the app can email you, it stored your email somewhere, which is collection.

To qualify for "Data Not Collected," an app has to shed all of these. Many developers consider that too expensive — the visibility from analytics feels essential, push notifications via a third-party service are convenient, and the ecosystem defaults toward instrumentation.

What It Takes to Earn the Badge

To genuinely ship an app with "Data Not Collected," a developer has to:

• Skip third-party analytics entirely, or use only fully on-device analytics.
• Use Apple-native crash reporting (which is anonymous and aggregated), not third-party.
• Avoid account systems. Rely on Apple's StoreKit for subscriptions.
• Avoid third-party push SDKs. Use APNs directly.
• Store all user data locally (or in the user's own iCloud, which Apple doesn't count as "collection" because the data goes to the user's iCloud, not the developer's).

This is a real architectural commitment. It's not a marketing posture you can adopt after the fact.

How to Actually Read the Label

Next time you're evaluating an app:

1. Scroll to App Privacy on the App Store listing.
2. Is "Data Not Collected" at the top? Strong signal.
3. If not, check "Data Used to Track You" first. Anything here is an orange flag for a utility app.
4. Check "Data Linked to You." Expect some entries (Name, Email) for any app with an account.
5. Tap any category to see the specific data types. Be suspicious of "Location" appearing in "Used to Track You" for a product where tracking isn't the point.

Where Drivio Lands

Drivio's App Store page shows "Data Not Collected" — we don't run analytics SDKs, we don't use third-party crash reporters, we don't have accounts, we don't send data off the device. Your trips stay on your phone and (optionally) sync to your own iCloud. That's not a marketing claim — it's what the architecture permits, by design.

For the deeper mechanics, see how local-first trip tracking actually works.