We collect information you provide directly, information generated through your use of Push My App, and certain technical data automatically.

Account Information. When you register, we collect your name, email address, and profile details through our authentication provider (Clerk). If you sign in via a third-party provider such as Google, we receive the profile information you authorize.

App Store Data. To provide our submission services, we collect the app listing metadata you create or upload, including app names, descriptions, keywords, screenshots, and other assets. If you connect your Apple App Store Connect or Google Play Console accounts, we process the API credentials you provide solely to perform submission actions on your behalf.

Usage & Technical Data. We automatically collect information such as pages visited, features used, device type, browser type, IP address, and referring URLs. This data helps us understand how our service is used and where we can improve.

We use the information we collect to:

• Provide, operate, and maintain the Push My App platform
• Process your app store listings and submit them to the Apple App Store and Google Play Store
• Generate AI-powered metadata suggestions for your app listings
• Process payments and manage your subscription via Stripe
• Send transactional emails such as account confirmations, billing receipts, and service updates
• Provide customer support and respond to your inquiries
• Analyze usage patterns to improve features, performance, and user experience
• Detect, prevent, and address fraud or technical issues

We do not sell your personal information. We do not use your app store listing data for any purpose other than providing the service you requested.

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how you interact with our service.

Essential Cookies. Required for authentication and core functionality. These are set by Clerk (our auth provider) and cannot be disabled while using the service.

Analytics. We use Vercel Analytics and Speed Insights to collect anonymous, aggregated data about page views and performance. These tools do not use third-party cookies and do not track you across other websites.

Google Analytics 4. We use Google Analytics 4 (GA4) to understand aggregate usage trends such as page views, traffic sources, and approximate location (derived from IP address at the country or region level). GA4 sets first-party cookies and may transmit data to Google in the United States. IP addresses are anonymized by GA4 and not stored. You can review Google's handling of this data in the Google Privacy Policy.

PostHog. We use PostHog for product analytics and session replay so we can understand how people use Push My App and improve the product. PostHog captures page views, clicks, and anonymized recordings of browser sessions. Form inputs (including email addresses, passwords, and billing fields) are masked by default and never recorded. Data is hosted in the United States. See the PostHog Privacy Policy.

No Advertising Trackers. We do not use advertising cookies or retargeting pixels. We do not share your browsing data with ad networks.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using parts of the service.

The Push My App application is served from Vercel's edge infrastructure. Persistent data is stored with Neon (our Postgres database provider) and Cloudflare R2 (our object storage for screenshots, app binaries, and other uploaded assets). All three providers offer enterprise-grade security controls. All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. See Section 7 for the full list of sub-processors.

We implement industry-standard security measures including:

• Role-based access controls for internal systems
• Encrypted storage of sensitive credentials (API keys are encrypted before being stored and are never logged)
• Regular security reviews and dependency audits
• Secure authentication through Clerk with support for multi-factor authentication

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We encourage you to use strong passwords and enable MFA on your account.

We retain your data only as long as necessary to provide the service and fulfill the purposes described in this policy.

• Account data is retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
• App store listing data (metadata, screenshots, assets) is deleted when you remove a listing or close your account.
• Usage logs are retained in anonymized form for up to 12 months to help us improve the service.
• Payment records are retained by Stripe in accordance with their data retention policy and applicable financial regulations.

You may request early deletion of your data at any time by contacting us.

We rely on trusted third-party services to operate Push My App. These providers only receive the data necessary to perform their specific function:

• Clerk— Authentication and user management
• Stripe— Payment processing and subscription billing
• Vercel— Application hosting, edge functions, analytics, and performance monitoring
• Google Analytics 4— Aggregate traffic analytics (page views, referrers, country-level geography)
• PostHog— Product analytics and session replay with input masking enabled
• Neon— Managed Postgres database for account and app listing data
• Cloudflare R2— Object storage for uploaded screenshots, app binaries, and other assets
• Anthropic— AI-powered metadata generation for app store listings (Claude models)
• Resend— Transactional email delivery (account confirmations, billing receipts, service updates)
• Apple App Store Connect API— Submitting listings to the Apple App Store (using credentials you provide)
• Google Play Developer API— Submitting listings to the Google Play Store (using credentials you provide)

Each third-party service has its own privacy policy governing their handling of your data. We encourage you to review them. We do not share your data with any third parties for marketing or advertising purposes.

The following sub-processors handle personal data on our behalf:

We maintain data processing agreements with each sub-processor. This list is updated when we add or change providers.

Push My App is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the United States.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for international data transfers. Where applicable, we also rely on the EU-US Data Privacy Framework.

By using Push My App, you acknowledge that your data will be processed in the United States and that US laws may differ from the laws of your jurisdiction.

Depending on your location, you may have specific rights regarding your personal data.

For EEA / UK residents (GDPR):

• Access— Request a copy of the personal data we hold about you
• Rectification— Request correction of inaccurate data
• Erasure— Request deletion of your data
• Portability— Receive your data in a structured, machine-readable format
• Objection— Object to processing based on legitimate interests
• Restriction— Request restricted processing in certain circumstances

For California residents (CCPA):

• Right to Know— What personal information we collect, use, and disclose
• Right to Delete— Request deletion of your personal information
• Right to Opt-Out— We do not sell personal information, so this right is automatically satisfied
• Non-Discrimination— We will not discriminate against you for exercising your rights

To exercise any of these rights, contact us at support@pushmyapp.ai. We will respond within 30 days.

Push My App is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children.

If we become aware that we have inadvertently collected data from a child under the applicable age, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with personal data, please contact us at support@pushmyapp.ai.

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements.

For material changes, we will notify you by email and/or through a prominent notice within the service at least 30 days before the changes take effect. The “Last updated” date at the top of this page will always reflect the most recent revision.

Your continued use of Push My App after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

• Email: support@pushmyapp.ai
• Contact form: pushmyapp.ai/contact

If you are located in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.