You trust us with your App Store Connect credentials, review data, and user feedback. Here is exactly how we protect it.
When you connect your App Store Connect account, your API key is encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256). The encryption key is stored separately from the database. Credentials are only decrypted in memory during import jobs and are never logged, cached, or exposed in API responses.
Google Play credentials use a service account JSON key, which is similarly encrypted at rest with the same Fernet scheme.
All traffic to apptriage.com is served over HTTPS (TLS 1.2+). HTTP requests are redirected to HTTPS. API calls to Apple and Google use their respective secure endpoints.
AppTriage uses a strict tenant-isolation model. Every database query is scoped to your account. There is no shared data between tenants. Your feedback items, reviews, forms, and settings are only accessible to your authenticated session.
When AI auto-categorization is enabled (Pro and Business plans), feedback text is sent to an AI model to classify it as bug, feature request, praise, or complaint. We send only the feedback text — no credentials, no user email addresses, no metadata. AI processing happens synchronously and results are stored in your account. We do not use your data to train AI models.
Your data is retained for as long as your account is active. When you delete a project, all associated feedback items, replies, and form submissions are permanently deleted. When you delete your account, all data is permanently removed within 30 days.
You can export all your data at any time via CSV or JSON export.
AppTriage runs on industry-standard cloud infrastructure with encrypted storage volumes. Database backups are encrypted. Access to production systems is restricted to the founding team and requires multi-factor authentication.
If you discover a security vulnerability, please report it to security@apptriage.com. We take every report seriously and will respond within 48 hours. See our security.txt for contact details.
Questions about security? Email us at security@apptriage.com. We are happy to answer specific questions about how your data is handled.
Free for your first app. No credit card required.
