We filed a TSI ticket and based on the response:
To detemine if you track, follow the instructions in Detecting when your app contacts domains that may be profiling users.
If you determine that you track, set the the NSPrivacyTracking key to true, then declare the domains that you track.
If you determine that you don't track, don't add the key to your privacy manifest file.
as well as the definition/examples found in these pages (detecting-when-your-app-contacts-domains-that-may-be-profiling-users, optional-disclosure): I believe in our case we the data collection does not track the users and it's safe to not include the internal API domain in the tracking domains and set the NSPrivacyTracking key to false.
bobiechen
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for