Hello @dimsumthinking,
Thank you for your question about export compliance.
The only thing I can say about this topic is that it's a determination you have to make for yourself and your app based on your understanding of how it works, and the guidelines we provide in the article Complying with Encryption Export Regulations.
Specifically, you may find the following paragraph useful:
Typically, the use of encryption that’s built into the operating system—for example, when your app makes HTTPS connections using URLSession—is exempt from export documentation upload requirements, whereas the use of proprietary encryption is not. To determine whether your use of encryption is considered exempt, see Determine your export compliance requirements.
I hope this helps.
Best regards,