Privacy is a core value for Apple, and they enforce it strictly through the App Store guidelines. Failing to comply with privacy requirements is a surefire way to get rejected.
App Tracking Transparency (ATT)
If your app tracks users across apps and websites owned by other companies (e.g., for ad targeting), you must implement the App Tracking Transparency framework.
You need to present the system permission alert request to the user. Crucially, you cannot gate functionality behind this permission. If a user declines, the app must still function normally, just without tracking.
Data Collection Disclosures
In App Store Connect, you must provide a "Privacy Nutrition Label". This involves answering detailed questions about what data you collect (Name, Email, Location, Contacts, etc.) and how it is used (Analytics, Product Personalization, Third-party Advertising).
User Consent Flows
If you are operating in regions like the EU (GDPR) or California (CCPA), you may need additional consent flows. While Apple doesn't strictly enforce GDPR compliance as a rejection reason in the same way as their own guidelines, they do require that you comply with all local laws.
Third-Party SDKs
You are responsible for all code in your app, including third-party libraries. If an advertising SDK you use violates privacy guidelines (e.g., by fingerprinting the device), YOUR app will be the one rejected. Always audit your dependencies.