Our app was rejected, after being in the App Store for more than a year, for requesting personal data from users and then uploading it to our servers without notifying users.This was the rejection notice "To collect personal data with your app, you must make it clear to the user that their personal data will be uploaded to your server and you must obtain the user's consent before the data is uploaded."Does anyone know if this permission (a permission asking the user whether or not they consent to their personal data being collected) is required if we decide to store the data locally instead of uploading it to our servers? We don't want to scare users with a messag, especially since we're collecting data that is not really even that "personal".

Our app was rejected with reason:"Your app unlocks or enables additional functionality with mechanisms such as promo codes, data transfer codes, license keys, augmented reality markers, or QR codes, which is not appropriate for the App Store.Specifically, your app uses a code."We do have a code in the app that users can use to personalize their experience. The goal of the code is not to unlock any in-app purchases but instead to let users who come through certain channels customize their experience in the app. Is this something we should appeal with Apple, or does the Apple policy apply to any apps that have codes at all, even if they have nothing to do with in-app purchases?