Privacy Policy
Plain English version: we collect the minimum we need to deliver your report, we don't sell or share your data with marketers, we use a short list of well-known service providers (Stripe, Resend, Anthropic, Vercel, Neon, Sentry), and you can ask us to delete anything we hold about you at any time.
1. What we collect
When you use the free preview
- The Apple App Store URL you paste
- The country code derived from that URL (or your storefront)
- Your IP address and browser user-agent (logged at the request level by our hosting provider, used only for rate limiting and abuse prevention)
- Optionally, your email address — only if you enter it on the "Email me when ready" form on the analyzing page
When you purchase a report
- The email address Stripe verifies during checkout
- Stripe's transaction record (we don't see or store your card number — Stripe is the merchant of record)
- The generated report itself, tied to your purchase
What we don't collect
- No tracking pixels, advertising IDs, or behavioral analytics
- No third-party ad networks
- No social media tracking
- No cross-site tracking cookies
- No phone numbers, addresses, or birthdays
2. Why we collect it
- App Store URL + country — to generate the report you asked for. Without these, the Service literally cannot work.
- Email (optional, before payment) — to email you the report when it's ready, plus a 5-step abandoned-cart sequence at T+0, +4h, +24h, +72h, +7d. You can unsubscribe from any of those emails with one click; the link is in every message.
- Email (verified by Stripe, after payment) — to email you the unlocked report and PDF. Used only for transactional delivery; no marketing without your separate consent.
- IP + user-agent — for rate limiting, abuse prevention, and identifying patterns of automated abuse. Not used for personalization or profiling.
3. Who we share it with (sub-processors)
We use the following well-known service providers, each only for the function listed and only with the data needed for that function:
| Provider | What for | What they receive |
|---|---|---|
| Stripe | Process payments | Email, payment method, billing country |
| Resend | Send transactional + abandoned-cart emails | Email, app name, report URL, generated report content (in the email body / PDF attachment) |
| Anthropic (Claude) | Generate the AI rewrite | The public App Store data we scraped for your URL (title, subtitle, description, screenshots, reviews, etc.). Anthropic does not train on API inputs by default. |
| Vercel | Host the website + serverless functions | Standard request-level logs (IP, user-agent, URL, response code) |
| Neon (via Vercel) | Postgres database — stores reports + emails | Email (if you provided one), App Store URL, generated report content, payment status |
| Sentry | Error + performance monitoring | Stack traces, environment metadata, URL paths. PII scrubbing is enabled — we do not send email addresses or payment details to Sentry. |
We do not share your data with any other party for marketing, analytics, or any other purpose. We never sell your data.
4. How long we keep it
- Generated reports — kept for 12 months after generation, then deleted. If you want yours kept longer, save the PDF — it's emailed to you on purchase.
- Email addresses (paid) — kept indefinitely so we can re-email your report if you lose the link, until you unsubscribe.
- Email addresses (unpaid, for abandoned-cart) — kept for 30 days, then deleted automatically if you don't purchase.
- Stripe transaction data — kept by Stripe per their retention policy; we keep only the transaction reference for accounting purposes.
- Server logs (IP, user-agent) — kept by Vercel for 30 days for security purposes, then aged out.
5. Your rights
You can ask us to:
- Show you everything we have on you — email us, we send you a JSON export within 14 days.
- Delete everything we have on you — email us, we purge within 14 days. Stripe transaction data we cannot delete (legal/financial retention obligations) but we can disconnect it from any other identifier we hold.
- Correct anything — email us with what should change.
- Stop receiving emails — every email has a one-click unsubscribe link. Or email us; we'll remove you manually.
For all of the above, email hello@asoplaybook.ai. We respond to data requests in plain English, not lawyer-speak. We don't charge for these requests.
6. International transfers
We are based in the United States (Wyoming) and our hosting is primarily in the US (Vercel/Neon east coast). If you're in the EU or UK, your data is transferred to the US for processing. Our sub-processors (Stripe, Anthropic, Vercel, Neon, Resend, Sentry) all operate under standard cross-border data transfer mechanisms (Standard Contractual Clauses or equivalent).
7. Security
We use HTTPS for all traffic, store secrets in Vercel's encrypted env-var system, scope database access to the application environment, and use Sentry to detect anomalies. We do not store passwords (no accounts), credit card numbers (Stripe handles payment), or social security numbers.
That said: no system is unbreachable. If we ever discover a breach affecting your data, we will notify you within 72 hours of confirming it.
8. Children
ASO Playbook is for app developers — adults running iOS app businesses. We do not knowingly collect data from anyone under 18. If you believe a child has used the Service, email us and we'll delete the data.
9. Changes to this policy
We may update this policy when we add a service provider, change a retention window, or expand what we collect. The "Last updated" date at the top reflects the current version. Substantive changes affecting data we already hold will be communicated to opted-in email addresses before they take effect.
10. Contact
For any privacy question or data request: hello@asoplaybook.ai