StoreConfig

Privacy Policy

Last updated: September 2025

Introduction

StoreConfig ("we," "our," or "us") provides tools and services to help you manage your app store configuration and related workflows. This Privacy Policy explains how we collect, use, share, and protect information when you use our website, CLI, APIs, and related services (collectively, the "Services"). By using the Services, you agree to the collection and use of information as described here.

Information We Collect

Personal Information

We may collect the following categories of information:

  • Account Information: Name, email, password, authentication tokens, and organization or team details
  • Payment Information: Billing name, address, VAT/tax details, and limited payment method details (processed by our payment processor)
  • Usage Data: CLI commands, API requests and responses (including headers and metadata), feature usage, and configuration actions performed through the Services
  • Device and Technical Data: IP address, approximate location, device identifiers, operating system, browser/CLI version, and diagnostics
  • Logs and Diagnostics: Error reports, crash logs, performance metrics, and troubleshooting data
  • Communications: Support requests, email content, feedback, and survey responses
  • Marketing Preferences: Your opt-in/opt-out choices for communications

Apple Developer Information

To operate the Services, we process your Apple developer credentials and related account data, including:

  • App Store Connect API key (.p8 file), Key ID, Issuer ID
  • App Store Connect account and team identifiers
  • App, subscription, pricing, and configuration metadata

We encrypt credentials in transit and at rest. Where necessary to perform actions on your behalf, we may securely cache tokens and metadata. You represent that you have authority to provide these credentials and to instruct us to act on your behalf. You may revoke access at any time via Apple or through your account settings; revocation may limit functionality.

How We Use Information

We use information to:

  • Provide, operate, maintain, and secure the Services
  • Authenticate you and manage accounts, billing, and subscriptions
  • Execute configuration changes and workflows you initiate
  • Monitor performance, debug, and improve reliability
  • Develop new features and enhance existing functionality
  • Prevent fraud, abuse, and security incidents
  • Comply with legal, tax, and regulatory obligations
  • Communicate about updates, offers, and product news (you can opt out of non-essential communications)
  • Generate aggregated and de-identified insights and benchmarks

We may use aggregated or de-identified data for analytics, research, and to improve the Services. We do not attempt to reidentify de-identified data.

Information Sharing and Disclosure

We share information in the following circumstances:

  • Service Providers and Subprocessors: Vendors that host, store, process payments, provide analytics, email, logging, support, security, or similar services under contracts that restrict their use of information for their own purposes
  • Affiliates and Professional Advisors: As needed for operations, compliance, audits, financing, or legal advice
  • Legal and Safety: To comply with law, lawful requests, or to protect our rights, users, or the public
  • Business Transfers: In connection with a merger, acquisition, reorganization, asset sale, or similar transaction
  • Aggregated/De-identified Data: We may publish or share insights that do not identify you
  • With Your Direction: When you connect third-party integrations or instruct us to share

We do not sell personal information. We may use service providers for analytics and communications consistent with this section.

Data Security

We implement administrative, technical, and physical safeguards, including encryption, access controls, and regular updates. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for actions taken using your account.

Data Retention

We retain information for as long as reasonably necessary to provide the Services, comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes. Backups and logs may be retained for a longer period (for example, up to 180 days) and are deleted on a rolling basis. If you delete your account, certain data may be retained as required by law or for audit, security, and anti-fraud purposes.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal information, and to request portability or object to certain processing. We may need to verify your identity before responding and may deny or limit requests where permitted by law (for example, when fulfilling a request would adversely affect the rights of others or our ability to provide the Services).

To exercise rights, contact us at contact@storeconfig.com. We will respond within the time period required by applicable law.

Legal Bases (EEA/UK/Switzerland)

Where GDPR or similar laws apply, we process personal information based on one or more of the following: performance of a contract, legitimate interests (such as security, improvement, and analytics), compliance with legal obligations, and your consent (which you can withdraw at any time).

Cookies and Tracking

We use cookies, SDKs, and similar technologies for authentication, security, preferences, performance, and analytics. You can control cookies via your browser settings; disabling cookies may affect functionality. We do not respond to "Do Not Track" signals.

Third-Party Services

The Services integrate with third parties including Apple App Store Connect, payment processors, error reporting, logging, and analytics providers. Those services are governed by their own terms and privacy policies.

International Data Transfers

We are a global service and may process information in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers (such as Standard Contractual Clauses). By using the Services, you understand that your information may be transferred to jurisdictions with different data protection laws than your own.

Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 (or a higher age where required by local law). If you believe a child has provided personal information to us, please contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting an updated policy and updating the "Last updated" date above. Changes are effective when posted unless otherwise stated; your continued use of the Services after changes take effect constitutes acceptance.

Contact Us

Questions about privacy? Contact us at contact@storeconfig.com.