--- title: "iOS App Store Privacy Disclosures for AI Voice (2026): Guideline 5.1.2(i)" description: "Apple's November 2025 update to App Review Guidelines added explicit third-party AI disclosure requirements. Here is what AI voice agent apps must include in 2026." canonical: https://callsphere.ai/blog/vw4e-ios-app-store-privacy-disclosures-ai-voice-2026 category: "AI Voice Agents" tags: ["iOS", "App Store", "Privacy", "Voice AI", "AI Disclosure"] author: "CallSphere Team" published: 2026-04-09T00:00:00.000Z updated: 2026-05-07T16:13:36.444Z --- # iOS App Store Privacy Disclosures for AI Voice (2026): Guideline 5.1.2(i) > Apple's November 2025 update to App Review Guidelines added explicit third-party AI disclosure requirements. Here is what AI voice agent apps must include in 2026. > Apple updated guideline 5.1.2(i) in November 2025 to require explicit disclosure when personal data is shared with third-party AI. As of 2026, every AI voice agent app on the App Store has to declare what data goes to which AI provider — and obtain explicit user consent. ## Background Apple's App Review Guidelines have always required disclosure when sharing personal data with third parties. The November 2025 update to 5.1.2(i) makes the AI clause explicit: "You must clearly disclose where personal data will be shared with third parties, including with third-party AI, and obtain explicit permission before doing so." Apple does not define "third-party AI" precisely, so developers must interpret broadly: GPT, Claude, Gemini, Whisper, ElevenLabs, Deepgram, AssemblyAI, and any service that processes user data through models. In addition, Apple's Privacy Nutrition Labels (the App Store privacy section) added more data-type options in 2026 and made third-party SDK signatures + privacy manifests mandatory for many SDKs. AI voice agent apps must populate the label honestly: voice recordings, transcripts, contact info, and audio metadata are all in scope. ## Architecture ```mermaid flowchart LR User[User] -- consent --> App[iOS App] App -- data flow --> Manifest[Privacy Manifest] Manifest --> AppStore[App Store Review] App -- voice/transcript --> AI[Third-Party AI Provider] App -- declare --> NutritionLabel[Privacy Nutrition Label] ``` ## CallSphere implementation CallSphere's iOS clients across the six verticals (real estate, healthcare, behavioral health, legal, salon, insurance) include explicit per-feature consent flows: - **Real Estate (OneRoof)** — On first call attempt, the iOS client surfaces a sheet listing exactly what audio leaves the device and to which providers (Pion Go gateway 1.23 → NATS → 6-container pod with CRM, MLS, calendar, SMS, audit, transcript). See [/industries/real-estate](/industries/real-estate). - **Healthcare** — Same plus a HIPAA-specific BAA disclosure and explicit "PHI may be transmitted" consent. See [/industries/healthcare](/industries/healthcare) and [/lp/healthcare](/lp/healthcare). - **/demo browser path** — Browser cookie banners cover the same ground. See [/demo](/demo) and [/privacy](/privacy). 37 agents · 90+ tools · 115+ DB tables · 6 verticals · HIPAA + SOC 2 · $149/$499/$1499 · 14-day [/trial](/trial) · 22% affiliate at [/affiliate](/affiliate). ## Build steps with code ```xml NSPrivacyAccessedAPITypes NSPrivacyCollectedDataTypes NSPrivacyCollectedDataType NSPrivacyCollectedDataTypeAudioData NSPrivacyCollectedDataTypeLinked NSPrivacyCollectedDataTypeTracking NSPrivacyCollectedDataTypePurposes NSPrivacyCollectedDataTypePurposeAppFunctionality \`\`\` ```swift // Surface explicit consent UI before first AI call func ensureAIConsent() async -> Bool { if UserDefaults.standard.bool(forKey: "ai_consent_v2") { return true } let consent = await AIConsentSheet.present( providers: ["OpenAI Realtime (USA)", "Internal CallSphere AI Pod"], dataTypes: [.voice, .transcript, .contactName]) if consent { UserDefaults.standard.set(true, forKey: "ai_consent_v2") } return consent } ``` ## Pitfalls - **Buried disclosure inside Terms of Service** — Apple now requires the AI disclosure to be specifically visible at the consent moment, not in fine print. - **Outdated Privacy Nutrition Label** — If you add a new AI provider, you must update the label before the next submission or risk rejection. - **Missing PrivacyInfo.xcprivacy** — Required for many SDKs as of 2026; Xcode 15+ will warn. - **Tracking-related domains** — If you use third-party analytics that the AI provider also uses, treat as Tracking and obtain ATT consent. - **Children's app categories** — Heightened review for any AI on apps targeting under-13 users. ## FAQ **Does the rule apply to first-party AI?** No — only third-party AI. If you self-host the model on your own VPC it counts as first-party. **What about anonymous voice samples?** If they could be re-identified through voice biometrics, treat as personal data. **Does Whisper running on-device count?** No — purely on-device inference does not trigger 5.1.2(i). **Is consent required every call?** No — once per material change in providers or data types. **Can I share voice samples with multiple AI providers?** Yes if explicitly disclosed and consented. ## Sources - [https://developer.apple.com/app-store/app-privacy-details/](https://developer.apple.com/app-store/app-privacy-details/) - [https://techcrunch.com/2025/11/13/apples-new-app-review-guidelines-clamp-down-on-apps-sharing-personal-data-with-third-party-ai/](https://techcrunch.com/2025/11/13/apples-new-app-review-guidelines-clamp-down-on-apps-sharing-personal-data-with-third-party-ai/) - [https://www.techbuzz.ai/articles/apple-clamps-down-on-third-party-ai-data-sharing-in-app-store](https://www.techbuzz.ai/articles/apple-clamps-down-on-third-party-ai-data-sharing-in-app-store) - [https://dev.to/arshtechpro/apples-guideline-512i-the-ai-data-sharing-rule-that-will-impact-every-ios-developer-1b0p](https://dev.to/arshtechpro/apples-guideline-512i-the-ai-data-sharing-rule-that-will-impact-every-ios-developer-1b0p) - [https://support.apple.com/en-us/102399](https://support.apple.com/en-us/102399) See CallSphere's privacy practice at [/privacy](/privacy), try the [/demo](/demo), or start a [/trial](/trial). --- Source: https://callsphere.ai/blog/vw4e-ios-app-store-privacy-disclosures-ai-voice-2026