Werte für App Store Connect → App Privacy. Apple zeigt diese Antworten auf der App-Produktseite. Müssen mit PRIVACY_POLICY.md und PrivacyInfo.xcprivacy übereinstimmen. (Apple-Kategoriennamen sind englische Fixbegriffe aus App Store Connect.)
Frage 1: „Do you or your third-party partners collect data from this app?"
Antwort: Yes — denn unser Cloudflare-Worker erhält IP + User-Content, und unsere Drittanbieter (Google, OpenAI, Anthropic, OpenRouter) erhalten User-Content. Auch wenn wir nichts speichern, gilt das nach Apples Definition als „Collected".
Begründung: Apple definiert „Collected" als „transmitted off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time." Cloudflare-Logs (7 Tage) und Drittanbieter-Verarbeitung erfüllen das.
Frage 2: Data Types
Für jeden gesammelten Datentyp die folgenden Sub-Fragen beantworten:
- Used to Track you? — bei allen Datentypen No (kein Cross-App-Tracking, kein ATT).
- Linked to user? — No (kein Account, keine User-ID).
- Purpose — siehe Tabelle.
Data linked to a user identifier — keine Einträge.
Data NOT linked to the user (alles bei uns)
| Datentyp (Apple-Kategorie) | Erfasst? | Zweck (Apple-Multiselect) | Begründung |
|---|---|---|---|
| Contact Info → Email Address | Nein | – | Wir haben keinen E-Mail-Erhebungs-Flow |
| Health & Fitness | Nein | – | – |
| Financial Info → Payment Info | Nein | – | Apple verarbeitet Zahlungen; wir sehen nur einen signierten Beleg |
| Location → Precise / Coarse | Nein | – | Keine Standortabfrage |
| Sensitive Info | Nein | – | – |
| Contacts | Nein | – | – |
| User Content → Photos or Videos | Ja | App Functionality | Bilder gehen an Google (Handschrift-Erkennung) bzw. OpenAI/Anthropic (Solve/Tutor) |
| User Content → Customer Support | Ja, falls genutzt | App Functionality | E-Mail an Support, optional |
| User Content → Other User Content | Ja | App Functionality | Frei eingegebener Aufgaben-Text, Tutor-Prompts |
| Browsing History | Nein | – | – |
| Search History | Nein | – | – |
| Identifiers → User ID | Nein | – | Kein Account |
| Identifiers → Device ID | Nein | – | Kein IDFA, keine Werbe-ID |
| Purchases → Purchase History | Ja | App Functionality | StoreKit-JWS wird an unseren Worker geschickt, um Entitlement zu verifizieren |
| Usage Data → Product Interaction | Nein | – | Keine Analytics-SDKs |
| Usage Data → Advertising Data | Nein | – | Keine Werbung |
| Usage Data → Other Usage Data | Nein | – | – |
| Diagnostics → Crash Data | Nein¹ | – | Nur on-device über Apple Console |
| Diagnostics → Performance Data | Nein¹ | – | Keine Performance-Telemetrie |
| Diagnostics → Other Diagnostic Data | Ja, optional | App Functionality | Cloudflare-Worker loggt HTTP-Status + IP für 7 Tage (Missbrauchsabwehr) |
| Other Data | Nein | – | – |
¹ Falls in Zukunft TestFlight-Crash-Reports aktiviert werden, „Crash Data → App Functionality" auf Ja setzen.
Frage 3: Tracking (ATT)
Antwort: No — die App führt kein Tracking durch und zeigt keinen ATT-Prompt. Daher entfällt der ganze Tracking-Abschnitt im Privacy Label.
Übersetzte Antworten als ASCII-Tabelle (zum Abhaken im UI)
[Data Used to Track You] — None
[Data Linked to You] — None
[Data Not Linked to You]
├── Photos or Videos [App Functionality]
├── Other User Content [App Functionality]
├── Purchases / Purchase History [App Functionality]
├── Customer Support [App Functionality]
└── Other Diagnostic Data [App Functionality]
Konsistenz-Check (vor dem Submit prüfen)
- ☐ Privacy Manifest (
PrivacyInfo.xcprivacy) listet keine getrackten Domains. - ☐ Required-Reason-APIs im Manifest sind ausgefüllt (
UserDefaults,FileTimestampfalls genutzt — siehe Manifest-Datei). - ☐ Privacy Policy nennt Google, OpenAI, Anthropic, OpenRouter, Cloudflare namentlich.
- ☐ Keine Analytics-SDKs eingebunden.
- ☐
NSUserTrackingUsageDescriptionist nicht im Info.plist (kein ATT-Prompt).
Weitere Homework Tutor-Dokumente
Note: The German version of this document is legally binding. This translation is provided for convenience only.
Values for App Store Connect → App Privacy. Apple shows these answers on the app product page. They must match PRIVACY_POLICY.md and PrivacyInfo.xcprivacy. (Apple category names are fixed English terms from App Store Connect.)
Question 1: "Do you or your third-party partners collect data from this app?"
Answer: Yes — because our Cloudflare Worker receives IP + user content, and our third-party providers (Google, OpenAI, Anthropic, OpenRouter) receive user content. Even though we store nothing, this counts as "Collected" under Apple's definition.
Rationale: Apple defines "Collected" as "transmitted off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time." Cloudflare logs (7 days) and third-party processing meet this.
Question 2: Data Types
For each collected data type, answer the following sub-questions:
- Used to Track you? — for all data types No (no cross-app tracking, no ATT).
- Linked to user? — No (no account, no user ID).
- Purpose — see table.
Data linked to a user identifier — no entries.
Data NOT linked to the user (everything for us)
| Data type (Apple category) | Collected? | Purpose (Apple multiselect) | Rationale |
|---|---|---|---|
| Contact Info → Email Address | No | – | We have no email collection flow |
| Health & Fitness | No | – | – |
| Financial Info → Payment Info | No | – | Apple processes payments; we only see a signed receipt |
| Location → Precise / Coarse | No | – | No location request |
| Sensitive Info | No | – | – |
| Contacts | No | – | – |
| User Content → Photos or Videos | Yes | App Functionality | Images go to Google (handwriting detection) or OpenAI/Anthropic (Solve/Tutor) |
| User Content → Customer Support | Yes, if used | App Functionality | Email to support, optional |
| User Content → Other User Content | Yes | App Functionality | Freely entered task text, tutor prompts |
| Browsing History | No | – | – |
| Search History | No | – | – |
| Identifiers → User ID | No | – | No account |
| Identifiers → Device ID | No | – | No IDFA, no advertising ID |
| Purchases → Purchase History | Yes | App Functionality | StoreKit JWS is sent to our Worker to verify entitlement |
| Usage Data → Product Interaction | No | – | No analytics SDKs |
| Usage Data → Advertising Data | No | – | No advertising |
| Usage Data → Other Usage Data | No | – | – |
| Diagnostics → Crash Data | No¹ | – | On-device only via Apple Console |
| Diagnostics → Performance Data | No¹ | – | No performance telemetry |
| Diagnostics → Other Diagnostic Data | Yes, optional | App Functionality | Cloudflare Worker logs HTTP status + IP for 7 days (abuse prevention) |
| Other Data | No | – | – |
¹ If TestFlight crash reports are enabled in the future, set "Crash Data → App Functionality" to Yes.
Question 3: Tracking (ATT)
Answer: No — the app does no tracking and shows no ATT prompt. The entire tracking section of the privacy label is therefore omitted.
Translated answers as an ASCII table (to tick off in the UI)
[Data Used to Track You] — None
[Data Linked to You] — None
[Data Not Linked to You]
├── Photos or Videos [App Functionality]
├── Other User Content [App Functionality]
├── Purchases / Purchase History [App Functionality]
├── Customer Support [App Functionality]
└── Other Diagnostic Data [App Functionality]
Consistency check (verify before submit)
- ☐ Privacy Manifest (
PrivacyInfo.xcprivacy) lists no tracked domains. - ☐ Required-reason APIs in the manifest are filled in (
UserDefaults,FileTimestampif used — see manifest file). - ☐ Privacy policy names Google, OpenAI, Anthropic, OpenRouter, Cloudflare by name.
- ☐ No analytics SDKs included.
- ☐
NSUserTrackingUsageDescriptionis not in Info.plist (no ATT prompt).
More Homework Tutor documents
Nota: La versión alemana de este documento es la jurídicamente vinculante. Esta traducción se ofrece solo por comodidad.
Valores para App Store Connect → App Privacy. Apple muestra estas respuestas en la página de producto de la app. Deben coincidir con PRIVACY_POLICY.md y PrivacyInfo.xcprivacy. (Los nombres de categoría de Apple son términos fijos en inglés de App Store Connect.)
Pregunta 1: «Do you or your third-party partners collect data from this app?»
Respuesta: Yes — porque nuestro Cloudflare Worker recibe IP + contenido del usuario, y nuestros proveedores externos (Google, OpenAI, Anthropic, OpenRouter) reciben contenido del usuario. Aunque no almacenamos nada, esto cuenta como «Collected» según la definición de Apple.
Justificación: Apple define «Collected» como «transmitted off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time.» Los registros de Cloudflare (7 días) y el procesamiento por terceros lo cumplen.
Pregunta 2: Data Types
Para cada tipo de dato recopilado, responde las siguientes subpreguntas:
- Used to Track you? — para todos los tipos de datos No (sin seguimiento entre apps, sin ATT).
- Linked to user? — No (sin cuenta, sin ID de usuario).
- Purpose — véase la tabla.
Datos vinculados a un identificador de usuario — sin entradas.
Datos NO vinculados al usuario (todo lo nuestro)
| Tipo de dato (categoría de Apple) | ¿Recopilado? | Finalidad (multiselección de Apple) | Justificación |
|---|---|---|---|
| Contact Info → Email Address | No | – | No tenemos flujo de recopilación de correo |
| Health & Fitness | No | – | – |
| Financial Info → Payment Info | No | – | Apple procesa los pagos; solo vemos un recibo firmado |
| Location → Precise / Coarse | No | – | Sin solicitud de ubicación |
| Sensitive Info | No | – | – |
| Contacts | No | – | – |
| User Content → Photos or Videos | Sí | App Functionality | Las imágenes van a Google (detección de escritura) o a OpenAI/Anthropic (Solve/Tutor) |
| User Content → Customer Support | Sí, si se usa | App Functionality | Correo al soporte, opcional |
| User Content → Other User Content | Sí | App Functionality | Texto de ejercicio introducido libremente, prompts del tutor |
| Browsing History | No | – | – |
| Search History | No | – | – |
| Identifiers → User ID | No | – | Sin cuenta |
| Identifiers → Device ID | No | – | Sin IDFA, sin ID publicitario |
| Purchases → Purchase History | Sí | App Functionality | El JWS de StoreKit se envía a nuestro Worker para verificar el derecho |
| Usage Data → Product Interaction | No | – | Sin SDKs de analítica |
| Usage Data → Advertising Data | No | – | Sin publicidad |
| Usage Data → Other Usage Data | No | – | – |
| Diagnostics → Crash Data | No¹ | – | Solo en el dispositivo vía Apple Console |
| Diagnostics → Performance Data | No¹ | – | Sin telemetría de rendimiento |
| Diagnostics → Other Diagnostic Data | Sí, opcional | App Functionality | El Cloudflare Worker registra estado HTTP + IP durante 7 días (protección contra abusos) |
| Other Data | No | – | – |
¹ Si en el futuro se activan los informes de fallos de TestFlight, poner «Crash Data → App Functionality» en Sí.
Pregunta 3: Tracking (ATT)
Respuesta: No — la app no realiza seguimiento y no muestra ningún aviso ATT. Por ello, toda la sección de seguimiento de la etiqueta de privacidad se omite.
Respuestas traducidas como tabla ASCII (para marcar en la interfaz)
[Data Used to Track You] — None
[Data Linked to You] — None
[Data Not Linked to You]
├── Photos or Videos [App Functionality]
├── Other User Content [App Functionality]
├── Purchases / Purchase History [App Functionality]
├── Customer Support [App Functionality]
└── Other Diagnostic Data [App Functionality]
Comprobación de coherencia (verificar antes de enviar)
- ☐ El Privacy Manifest (
PrivacyInfo.xcprivacy) no lista dominios rastreados. - ☐ Las Required-reason APIs del manifiesto están rellenadas (
UserDefaults,FileTimestampsi se usan — véase el archivo de manifiesto). - ☐ La política de privacidad nombra a Google, OpenAI, Anthropic, OpenRouter, Cloudflare por su nombre.
- ☐ No hay SDKs de analítica incluidos.
- ☐
NSUserTrackingUsageDescriptionno está en Info.plist (sin aviso ATT).
Más documentos de Homework Tutor
Remarque : la version allemande de ce document fait foi sur le plan juridique. Cette traduction est fournie à titre indicatif uniquement.
Valeurs pour App Store Connect → App Privacy. Apple affiche ces réponses sur la page produit de l'app. Elles doivent correspondre à PRIVACY_POLICY.md et PrivacyInfo.xcprivacy. (Les noms de catégorie Apple sont des termes anglais fixes d'App Store Connect.)
Question 1 : « Do you or your third-party partners collect data from this app? »
Réponse : Yes — car notre Cloudflare Worker reçoit l'IP + le contenu utilisateur, et nos fournisseurs tiers (Google, OpenAI, Anthropic, OpenRouter) reçoivent le contenu utilisateur. Même si nous ne stockons rien, cela compte comme « Collected » selon la définition d'Apple.
Justification : Apple définit « Collected » comme « transmitted off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time. » Les journaux Cloudflare (7 jours) et le traitement par des tiers remplissent ce critère.
Question 2 : Data Types
Pour chaque type de donnée collecté, réponds aux sous-questions suivantes :
- Used to Track you? — pour tous les types de données No (pas de suivi entre apps, pas d'ATT).
- Linked to user? — No (pas de compte, pas d'identifiant utilisateur).
- Purpose — voir le tableau.
Données liées à un identifiant utilisateur — aucune entrée.
Données NON liées à l'utilisateur (tout chez nous)
| Type de donnée (catégorie Apple) | Collecté ? | Finalité (multisélection Apple) | Justification |
|---|---|---|---|
| Contact Info → Email Address | Non | – | Nous n'avons pas de flux de collecte d'e-mail |
| Health & Fitness | Non | – | – |
| Financial Info → Payment Info | Non | – | Apple traite les paiements ; nous ne voyons qu'un reçu signé |
| Location → Precise / Coarse | Non | – | Aucune demande de localisation |
| Sensitive Info | Non | – | – |
| Contacts | Non | – | – |
| User Content → Photos or Videos | Oui | App Functionality | Les images vont à Google (détection d'écriture) ou OpenAI/Anthropic (Solve/Tutor) |
| User Content → Customer Support | Oui, si utilisé | App Functionality | E-mail au support, facultatif |
| User Content → Other User Content | Oui | App Functionality | Texte d'exercice saisi librement, prompts du tuteur |
| Browsing History | Non | – | – |
| Search History | Non | – | – |
| Identifiers → User ID | Non | – | Pas de compte |
| Identifiers → Device ID | Non | – | Pas d'IDFA, pas d'identifiant publicitaire |
| Purchases → Purchase History | Oui | App Functionality | Le JWS StoreKit est envoyé à notre Worker pour vérifier le droit |
| Usage Data → Product Interaction | Non | – | Pas de SDK d'analytics |
| Usage Data → Advertising Data | Non | – | Pas de publicité |
| Usage Data → Other Usage Data | Non | – | – |
| Diagnostics → Crash Data | Non¹ | – | Sur l'appareil uniquement via Apple Console |
| Diagnostics → Performance Data | Non¹ | – | Pas de télémétrie de performance |
| Diagnostics → Other Diagnostic Data | Oui, facultatif | App Functionality | Le Cloudflare Worker journalise le statut HTTP + IP pendant 7 jours (prévention des abus) |
| Other Data | Non | – | – |
¹ Si les rapports de plantage TestFlight sont activés à l'avenir, mettre « Crash Data → App Functionality » sur Oui.
Question 3 : Tracking (ATT)
Réponse : No — l'app ne fait aucun suivi et n'affiche aucun prompt ATT. Toute la section de suivi du label de confidentialité est donc omise.
Réponses traduites en tableau ASCII (à cocher dans l'interface)
[Data Used to Track You] — None
[Data Linked to You] — None
[Data Not Linked to You]
├── Photos or Videos [App Functionality]
├── Other User Content [App Functionality]
├── Purchases / Purchase History [App Functionality]
├── Customer Support [App Functionality]
└── Other Diagnostic Data [App Functionality]
Vérification de cohérence (à contrôler avant l'envoi)
- ☐ Le Privacy Manifest (
PrivacyInfo.xcprivacy) ne liste aucun domaine suivi. - ☐ Les Required-reason APIs du manifeste sont remplies (
UserDefaults,FileTimestampsi utilisées — voir le fichier manifeste). - ☐ La politique de confidentialité nomme Google, OpenAI, Anthropic, OpenRouter, Cloudflare nommément.
- ☐ Aucun SDK d'analytics inclus.
- ☐
NSUserTrackingUsageDescriptionn'est pas dans Info.plist (pas de prompt ATT).
Autres documents Homework Tutor
Nota: la versione tedesca di questo documento è quella giuridicamente vincolante. Questa traduzione è fornita solo per comodità.
Valori per App Store Connect → App Privacy. Apple mostra queste risposte nella pagina prodotto dell'app. Devono coincidere con PRIVACY_POLICY.md e PrivacyInfo.xcprivacy. (I nomi delle categorie Apple sono termini fissi in inglese di App Store Connect.)
Domanda 1: «Do you or your third-party partners collect data from this app?»
Risposta: Yes — perché il nostro Cloudflare Worker riceve IP + contenuti dell'utente, e i nostri fornitori terzi (Google, OpenAI, Anthropic, OpenRouter) ricevono contenuti dell'utente. Anche se non memorizziamo nulla, questo conta come «Collected» secondo la definizione di Apple.
Motivazione: Apple definisce «Collected» come «transmitted off the device in a way that allows you and/or your third-party partners to access it for a period longer than necessary to service the transmitted request in real time.» I log di Cloudflare (7 giorni) e l'elaborazione da parte di terzi soddisfano questo criterio.
Domanda 2: Data Types
Per ogni tipo di dato raccolto, rispondi alle seguenti sotto-domande:
- Used to Track you? — per tutti i tipi di dati No (nessun tracciamento tra app, nessun ATT).
- Linked to user? — No (nessun account, nessun ID utente).
- Purpose — vedi tabella.
Dati collegati a un identificatore utente — nessuna voce.
Dati NON collegati all'utente (tutto da noi)
| Tipo di dato (categoria Apple) | Raccolto? | Finalità (multiselezione Apple) | Motivazione |
|---|---|---|---|
| Contact Info → Email Address | No | – | Non abbiamo alcun flusso di raccolta e-mail |
| Health & Fitness | No | – | – |
| Financial Info → Payment Info | No | – | Apple elabora i pagamenti; noi vediamo solo una ricevuta firmata |
| Location → Precise / Coarse | No | – | Nessuna richiesta di posizione |
| Sensitive Info | No | – | – |
| Contacts | No | – | – |
| User Content → Photos or Videos | Sì | App Functionality | Le immagini vanno a Google (rilevamento scrittura) o OpenAI/Anthropic (Solve/Tutor) |
| User Content → Customer Support | Sì, se usato | App Functionality | E-mail al supporto, facoltativo |
| User Content → Other User Content | Sì | App Functionality | Testo dell'esercizio inserito liberamente, prompt del tutor |
| Browsing History | No | – | – |
| Search History | No | – | – |
| Identifiers → User ID | No | – | Nessun account |
| Identifiers → Device ID | No | – | Nessun IDFA, nessun ID pubblicitario |
| Purchases → Purchase History | Sì | App Functionality | Il JWS di StoreKit viene inviato al nostro Worker per verificare il diritto |
| Usage Data → Product Interaction | No | – | Nessun SDK di analisi |
| Usage Data → Advertising Data | No | – | Nessuna pubblicità |
| Usage Data → Other Usage Data | No | – | – |
| Diagnostics → Crash Data | No¹ | – | Solo sul dispositivo via Apple Console |
| Diagnostics → Performance Data | No¹ | – | Nessuna telemetria di prestazioni |
| Diagnostics → Other Diagnostic Data | Sì, facoltativo | App Functionality | Il Cloudflare Worker registra stato HTTP + IP per 7 giorni (prevenzione abusi) |
| Other Data | No | – | – |
¹ Se in futuro vengono attivati i report di crash di TestFlight, impostare «Crash Data → App Functionality» su Sì.
Domanda 3: Tracking (ATT)
Risposta: No — l'app non effettua tracciamento e non mostra alcun prompt ATT. Pertanto l'intera sezione di tracciamento dell'etichetta privacy viene omessa.
Risposte tradotte come tabella ASCII (da spuntare nell'interfaccia)
[Data Used to Track You] — None
[Data Linked to You] — None
[Data Not Linked to You]
├── Photos or Videos [App Functionality]
├── Other User Content [App Functionality]
├── Purchases / Purchase History [App Functionality]
├── Customer Support [App Functionality]
└── Other Diagnostic Data [App Functionality]
Controllo di coerenza (verificare prima dell'invio)
- ☐ Il Privacy Manifest (
PrivacyInfo.xcprivacy) non elenca domini tracciati. - ☐ Le Required-reason API nel manifest sono compilate (
UserDefaults,FileTimestampse usate — vedi il file manifest). - ☐ L'informativa sulla privacy nomina Google, OpenAI, Anthropic, OpenRouter, Cloudflare per nome.
- ☐ Nessun SDK di analisi incluso.
- ☐
NSUserTrackingUsageDescriptionnon è in Info.plist (nessun prompt ATT).