A-P/J workbench · v0 ← Home
// privacy policy

Privacy.

Last updated: 29 April 2026

1. What we collect

Account data. Your email address and an internal user ID. Authentication is handled by AWS Cognito — we never see or store your password.

Billing data. If you upgrade to a paid plan, Stripe processes your payment information. We store only your Stripe customer ID and subscription status; your card number and CVV never touch our servers.

Usage data. The scans you run, the apps you inspect, the candidates you save. We need this to enforce plan limits and provide the service.

Technical data. IP addresses, browser type, request timestamps via standard server logs for security and debugging.

2. How we use it

  • To run scans, build market matrices, and surface gap insights.
  • To enforce credit limits and plan boundaries.
  • To process payments and handle billing disputes.
  • To send transactional emails (welcome, plan changes, payment failures, replies to support tickets).
  • To detect abuse, fraud, or violations of our Terms.

We do not sell your data. We do not use your search history for advertising. We do not have advertising.

3. Subprocessors

We use a small set of trusted infrastructure providers to operate the service:

  • AWS (Cognito, Lambda, API Gateway, CloudFront) — authentication and infrastructure hosting.
  • MongoDB Atlas — primary database for user records, scans, and cached App Store metadata.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • Groq — runs the LLM that writes one-line gap insights for each candidate market. Only the keyword, country, and top-app metadata are sent — no personal data.
  • Upstream App Store data provider — supplies live App Store search and metadata. Only your search query and country code are forwarded; no account or identity data.

4. Data retention

Your account data is retained while your account is active. If you delete your account from Settings → Danger zone, we purge your scans, candidates, ledger entries, tickets, and recent-app history immediately, and remove your authentication identity so the email becomes free again.

Cached App Store metadata expires automatically after 7 days regardless of account status.

Billing records are retained for as long as required by tax and accounting law (typically 7 years), and cannot be deleted on request.

5. Your rights

Depending on your jurisdiction (GDPR for the EU/UK, CCPA for California, etc.), you may have the right to access, correct, export, or delete your personal data. The "Delete account" action in Settings handles deletion end-to-end. For access or export requests, email privacy@appitraj.com and we'll respond within 30 days.

6. Cookies

Authentication cookies (set by AWS Cognito) keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics that follow you elsewhere.

7. Changes

We may update this policy as the service evolves. Material changes will be announced by email and noted in the "Last updated" date above.

8. Contact

Questions? privacy@appitraj.com.