Privacy Policy
Last updated: April 30, 2026
This Privacy Policy explains what personal data appsops.store ("we," "us," or "our") collects, why we collect it, who we share it with, and what rights you have. We have written it in plain English. If anything is unclear, email hello@appsops.store and we will explain.
1. What we collect
| Category | What it is | Why we collect it |
|---|---|---|
| Account data | Email address, salted password hash | Authentication and account recovery |
| Billing data | Stripe customer ID, subscription ID, invoice history | Manage your subscription and provide receipts. We never see or store your card details — Stripe handles those directly. |
| App Store Connect credentials | Issuer ID, Key ID, and the private .p8 file | Push pricing changes to Apple on your behalf when you ask us to. The private key is encrypted at rest with symmetric AES (Fernet) and decrypted only in memory at the moment of an API call. |
| App data | The Apple app IDs and subscription IDs you query, plus a price-change log of actions you initiate | Provide the audit trail and price-history features. |
| Usage data | IP address, user-agent, request timestamps in server logs (Nginx + gunicorn) | Security, abuse prevention, and debugging. Logs are kept for up to 30 days unless required for an investigation. |
| Cookies | One session cookie (Flask login) | Keep you signed in. We do not use third-party advertising or tracking cookies. |
2. How we use your data
- To provide, secure, and improve the Service.
- To process your subscription, send receipts, and respond to support requests.
- To detect, prevent, and respond to fraud, abuse, or security incidents.
- To comply with legal obligations.
We do not sell your personal data to anyone.
3. Who we share your data with
We share data only with sub-processors that need it to provide the Service:
| Processor | What they receive | Why |
|---|---|---|
| Stripe, Inc. | Email, name (if provided), card details (collected directly by them), billing country, IP at checkout | Process payments and manage subscriptions |
| Apple Inc. — App Store Connect API | Your API key + the price-change requests you initiate | Apply price changes to your apps in the App Store |
| Hetzner Online GmbH (Germany) | Server hosting; encrypted-at-rest database; server logs | Run the Service infrastructure |
If we ever add a new sub-processor that materially affects your data, we will notify you by email and update this list.
4. Where your data is processed
The application servers and database are located in Falkenstein, Germany. Stripe processes payment data globally in line with their own privacy policy. If you are in the EU/EEA or the UK, your data is processed within the EU; transfers to other regions (for example, when Stripe routes payment data to the US) rely on Standard Contractual Clauses or equivalent legal mechanisms.
5. How long we keep your data
- Account data — for as long as your account is open. After you delete your account, we erase your record within 30 days.
- Billing records — kept for the period required by tax law (typically up to 7 years), retained by Stripe.
- Server logs — up to 30 days, then rotated and deleted.
- App Store Connect credentials — until you delete them. You can do this from your dashboard at any time.
6. How we secure your data
- All connections use TLS (HTTPS) with a Let's Encrypt certificate.
- Passwords are stored as salted hashes (Werkzeug PBKDF2 by default).
- App Store Connect private keys are encrypted at rest with symmetric encryption (Fernet / AES-128); the encryption key is stored on the server file system, separate from the database.
- Card details never touch our servers — Stripe Checkout collects them directly and we receive only a customer/subscription token.
- Access to production infrastructure is limited to authorized maintainers and protected by SSH keys.
7. Your rights
If you are in the EU/EEA, the UK, or another jurisdiction with similar laws (such as California's CCPA), you have the right to:
- Access the personal data we hold about you.
- Correct data that is inaccurate or incomplete.
- Delete your account and personal data.
- Export your data in a machine-readable format.
- Object to certain processing or withdraw consent where applicable.
- Lodge a complaint with a data-protection authority in your country.
To exercise any of these rights, email hello@appsops.store. We will respond within 30 days.
8. Children
The Service is not directed at people under 18 and we do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. If a change is material, we will notify registered users by email at least 14 days before it takes effect. The "Last updated" date at the top reflects the most recent revision.
10. Contact
For privacy-related questions, requests, or complaints, email hello@appsops.store.