Privacy Policy

ASO Pilot ("we", "us") is operated by an independent developer based in Spain. For any privacy question, email hello@aso-pilot.app.

• Account data: your email address (used as the only identifier). We do not collect your name, profile picture, or social-network info.
• App data you submit: the descriptions, App Store / Google Play URLs, and competitor URLs you paste into ASO Pilot. We process and store the resulting analyses inside your account.
• Public store data: when you give us a store URL, we fetch the public listing (title, description, ratings) from the App Store or Google Play. This data is publicly available — we just retrieve and cache it.
• Billing data: if you upgrade, payment is processed by Stripe. We never see or store your card details. We store only your Stripe customer ID and current subscription status.
• Operational data: standard server logs (IP, user agent, timestamps) for security and debugging. Retained 30 days.

• No third-party trackers (no Google Analytics, Facebook Pixel, etc.).
• We use a privacy-respecting product analytics tool (Plausible / PostHog with anonymous mode) to count page views. No cookies, no fingerprinting.
• We do not sell or rent your data. Ever.
• We do not train AI models on your app data.

• Supabase (Postgres database + auth) — hosted in EU (Frankfurt). Each row is protected by Row Level Security; another user cannot read your data.
• Anthropic (Claude API) — we send your app description and the scraped public metadata to Claude to generate the analysis. Anthropic does not retain prompts or use them for training (per their data usage policy).
• Stripe — billing only. They are PCI-DSS compliant.
• Vercel — application hosting. Edge logs retained 1 day, request logs 30 days.

We use exactly one cookie: a Supabase session cookie that keeps you signed in. It is HttpOnly, Secure, and SameSite=Lax. We do not use marketing or tracking cookies. No cookie banner is required, but we still keep this disclosure for transparency.

Under GDPR and similar laws (CCPA, LGPD), you have the right to:

• Access — export every analysis you have created via the dashboard (JSON / Markdown).
• Rectification — edit your projects and analyses any time.
• Deletion — delete a project, an analysis, or your entire account from the Settings page. Account deletion removes all your projects, analyses, and profile data immediately.
• Portability — same as access. Each analysis exports cleanly.
• Object / withdraw consent — stop using the service, or contact us to request manual deletion.

To exercise any of these rights, the fastest path is the Settings page. If something is unclear, email hello@aso-pilot.app and we respond within 30 days (typically much faster).

• Active account: as long as you keep the account.
• Deleted account: data is removed immediately. Backups roll off within 30 days.
• Server logs: 30 days.
• Stripe data: per Stripe's retention (typically 7 years for tax records).

The following companies process data on our behalf. All have signed appropriate DPAs.

• Supabase (database + auth) — EU region
• Anthropic (AI inference) — US region
• Stripe (billing) — global
• Vercel (hosting) — global edge
• Resend / Postmark (transactional email) — US region

Some subprocessors are based in the US. These transfers rely on the EU-US Data Privacy Framework where applicable, and on Standard Contractual Clauses otherwise.

ASO Pilot is not intended for users under 18.

We notify material changes by email. Minor wording updates are reflected in the "Last updated" date at the top of this page.

Privacy or data questions: hello@aso-pilot.app.