What Is Apple’s Account Deletion Requirement for iOS Apps? [2022]

As of June 30, 2022, all iOS apps that support account creation must also allow users to delete their accounts from inside the app.

Read on to learn more about the Apple account deletion requirement and how to comply. Along the way, we'll cover when you need to comply with this rule, what happens if you don't offer account deletion for your app, and data subject access requests (DSARs).

We'll also discuss how Enzuzo can help you set up an easy account deletion flow.

We have an easy solution to help Mobile App Developers become compliant with Apple's Account Deletion requirement. 

What is Apple’s Account Deletion Requirement for iOS Apps?

Apple's account deletion requirement rule requires apps that support account creation to have a mechanism that allows users to delete their accounts from inside the apps themselves.

This requirement impacts any company with an iOS App Store app that offers account creation but doesn't have an in-app option for account deletion.

When Do You Need To Comply with This Rule?

You must comply with the rule immediately. Apple account deletion within apps has been required since June 30, 2022.

What Happens If I Don’t Offer Account Deletion for my App?

Non-compliance may lead to blocked updates or the removal of your app from the iOS store.

What is a Data Subject Access Request (DSAR)?

A DSAR is a user's request to access, delete, or modify the personal data that a business has collected about them. Users often submit DSARs to delete their accounts. Most DSARs are submitted through email, but they can be made through any channel, including social media.

To meet Apple's account deletion requirement, many apps have included a DSAR mechanism. This is usually a button that users can press to send DSARs. 

Another reason for including a DSAR mechanism is to comply with privacy laws like the GDPR and the CCPA, which give users the right to make DSARs. Businesses must follow relevant rules and regulations when fulfilling DSARs or risk fines and other penalties.

For example, if the GDPR applies to your website, you must follow the GDPR's guidelines for fulfilling DSARs.

What Does a DSAR Look Like?

DSARs vary greatly depending on who's writing them. However, most include the following:

• The data subject's name
• A subject line or header stating their reason for contacting you
• A list of the data they want from your business
• Their reason(s) for requesting the data. For instance, they may want to update their data or have it deleted from your company records. 
• Other details to help your business locate their information. This could include a reference number, when they had previously submitted their data to you, and their contact details. 

Here's what a sample DSAR looks like:

Data Subject Access Request

To whom it may concern,

My name is Jane Doe and I've been a regular user of your eCommerce store since April 2018. 

Could you please provide the personal information that your company has gathered from me? I have the right to request this information under the General Data Protection Regulation (GDPR).

I specifically want the following:

• Name
• Email address
• Address
• Purchase records

Please send me this information in a PDF. I also want this data and my account deleted. If you need any other information from me to complete this request, please inform me. 

Thank you so much in advance,

Jane Doe

Mobile: XXX-XXX-XXX

What Happens If I Don't Respond to DSARs in Time?

Once you receive a DSAR, you are required to respond promptly. In most cases, you usually have a month to provide the requested data. 

If you don't respond in time, you may face severe consequences. For example, if you have clients or users in the EU, the GDPR will apply to you. The EU data protection authorities can impose fines of 4% of your worldwide turnover for the preceding financial year or €20 million, whichever is higher.

Other privacy laws, such as California's CCPA, tend to be less strict. However, they typically allow consumers to seek legal action against your business if their data is involved in a breach.

They may also penalize your company for violating the act. Under the CCPA, the penalties are $7,500 for each intentional and $2,500 for each unintentional violation.

How To Set Up an Easy Account Deletion Workflow

Complying with Apple's new account deletion requirement can be a hassle. Luckily, there's a quick and easy way to create an account deletion workflow — through Enzuzo's privacy policy generator.

Follow these steps to get started:

Step One: Use Enzuzo’s Privacy Policy Generator

First, go to Enzuzo's Privacy Policy Generator. 

Fill in the form by answering questions about:

• Your legal business name
• Your business address
• How customers can reach you for additional privacy questions
• Your privacy policy title
• Your border style
• Whether you collect data from customers or users in the United States, European Union, United Kingdom, Canada, Brazil, or other countries

Our generator will use your answers to create a complete privacy policy for your business. 

Step Two: Add the Privacy Policy to Your App

Once you have the finished privacy policy, add it to your app. You can do this by:

• Creating a new app page
• Pasting your privacy policy code — which you can see on your Enzuzo account — into the HTML section of your app page
• Linking the privacy policy page in your app's footer and menu so users can easily find it

Step Three: Users Submit Requests Through the Built-in Form

Enzuzo's privacy policies have built-in data request buttons for CCPA and GDPR data requests. 

As such, you don't need to do anything after pasting in your privacy policy code. Just check to see if the button's big enough for users on different mobile devices and adjust as needed. If you need any help with the HTML, get a developer or a user interface (UI) and user experience (UX) designer to help you.

Optional: Link Directly to Your DSAR Page From Anywhere in Your App

To ensure that users know their rights and have an easy way to make DSARs, consider linking directly to your DSAR form from anywhere in your app. For example, you can link it in checkout before users pay for goods. You can also link your DSAR form in the footer, menu, blog posts, and other relevant pages.

Coming Soon: Enzuzo's Consumer Data Request Form

Already have a privacy policy? No worries. You can use our upcoming standalone Consumer Data Request form to manage data deletion requests. Create an Enzuzo account to learn more about this new feature.

Three ways Enzuzo can help make your Mobile App compliant

Enzuzo is more than just a privacy policy generator — we also provide other features for keeping your mobile app Apple, GDPR, and CCPA compliant. 

Specifically, Enzuzo lets you automate privacy compliance and stay up to date with relevant legislation. What's more, all of our features are designed for mobile viewing.

Automate Privacy Compliance

Enzuzo empowers you to automate privacy compliance by including everything you need in one easy-to-use dashboard. With everything just a click or two away, you'll never miss a DSAR.

Here's how you can use our DSAR workflow to complete data requests:

1. Receive a DSAR. Customers can quickly submit DSARs through a form built into your Enzuzo privacy policy.
2. Verify your customers' identities. Enzuzo verifies your customers' identities so you only process DSARs from confirmed clients. This prevents personal information from being leaked to the wrong person.
3. Get reminders. Enzuzo will send you regular reminders for finishing the DSARs on time.
4. Complete request. Use Enzuzo's dashboard to quickly complete requests and ensure that client data is deleted. You can also generate reports to demonstrate compliance.

Stay Up to Date

Most people don't have the time or energy to read up on privacy law updates, leading to lapses in compliance. That's where Enzuzo comes in. We automatically keep our legal policies and features up to date based on ever-changing privacy laws worldwide, so you're always covered. 

Formatted for Mobile

Last but not least, all of our features are designed for mobile viewing and use accordion drop-down menus. This makes it easy for your users to read your policies and quickly locate the information they want.

How iOS App Ukart uses Enzuzo to streamline account deletion

Many companies have been using Enzuzo to streamline account deletion. A great example is the iOS app Ukart, an app for following karting races. 

Under its settings menu, you can easily find a button for account deletion:

When you press the account deletion button, you'll instantly be taken to the bottom of Ukart's Enzuzo-generated privacy policy. You can then press the "Make a Data Request" button to make a DSAR.

Why you need an affordable solution for Mobile App Compliance

Mobile app compliance can be costly and time-consuming, especially if you're doing all the research and formatting yourself.

That's where an all-in-one mobile app compliance platform like Enzuzo comes in. Besides helping you comply with the Apple delete account requirement, Enzuzo can also help you manage and respond to DSARs. You can also use it to generate privacy policies, cookie banners, and terms of service agreements. 

Interested in learning more about how Enzuzo can help you? Create a free account today.