AppTriage AppTriage
Privacy Terms

Privacy Policy

Last updated: March 1, 2026 · Effective immediately
Privacy Policy Terms of Service

Introduction

AppTriage ("we", "our", "us") operates the AppTriage web application at apptriage.com. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

By using AppTriage, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

Information We Collect

Account Information

When you create an account, we collect your email address and a password. Your password is stored securely using one-way cryptographic hashing — we never store or have access to your plain-text password.

App Store Connect Credentials

If you connect App Store Connect for review imports, we store your API key ID, issuer ID, and private key. These credentials are encrypted at rest using Fernet symmetric encryption (AES-128-CBC) and are only decrypted in-memory to make authorized API calls to Apple. They are never logged, cached, or transmitted to any third party.

Feedback Data

We store the feedback and review data that you import or receive through in-app feedback forms. This includes:

  • Review text and ratings imported from the App Store
  • Feedback messages submitted through your public feedback forms
  • Submitter email addresses (only if provided voluntarily through your feedback form)
  • Device and browser metadata (user agent, screen resolution, timezone, language)
  • Country-level geolocation derived from IP addresses — we do not store IP addresses

Usage Data

We collect basic usage data to monitor service health and improve the product. This includes page views, error logs, and performance metrics. We use Sentry for error tracking, which may capture technical context around errors (stack traces, browser information) but does not capture personal data.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the AppTriage service
  • Import and display App Store reviews in your dashboard
  • Send email replies to feedback submitters on your behalf
  • Send you notification emails about new reviews, low ratings, or import failures
  • Monitor, diagnose, and improve service reliability
  • Enforce our Terms of Service and prevent abuse

We do not use your data for advertising, profiling, or automated decision-making.

Data Storage & Security

Your data is stored on managed PostgreSQL databases with encrypted connections. All data is transmitted over HTTPS/TLS. App Store Connect credentials are encrypted at rest using industry-standard Fernet encryption.

We follow security best practices including:

  • Encrypted database connections and backups
  • Credential encryption at rest (Fernet/AES)
  • Rate limiting on all API endpoints
  • CSRF protection on all form submissions
  • Regular dependency updates and vulnerability monitoring

Data Sharing

We do not sell, trade, or otherwise share your personal information with third parties, except in the following limited circumstances:

  • Apple App Store Connect API — to import your reviews, using the credentials you provide
  • Email service provider — to deliver notification and reply emails on your behalf
  • Sentry — for error tracking and service monitoring (technical data only)
  • Legal requirements — when required by law, court order, or to protect our legal rights

Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your feedback data, app configurations, and credentials are deleted within 30 days
  • Anonymized, aggregated usage statistics may be retained
  • Data required by law (e.g., billing records) may be retained as legally required

Your Rights

You have the right to:

  • Access — view and export your feedback data at any time via CSV export
  • Correction — request correction of inaccurate personal data
  • Deletion — delete your account and all associated data
  • Opt out — disable notification emails from your account settings
  • Portability — export your data in a standard format (CSV)

To exercise any of these rights, contact us at privacy@apptriage.com or use the relevant features in your account settings.

Cookies

We use essential session cookies to keep you logged in and to protect against cross-site request forgery (CSRF). These are strictly necessary for the service to function.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on the service. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of AppTriage after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us: