Privacy Policy

Effective 2026-05-05. Plain-language v1 — a legal-reviewed version will supersede it. AppAttest is operated by Bault LLC ("we," "us"). If you read something here that contradicts a later legal-reviewed version, the legal-reviewed version controls.

What this covers

This policy describes the personal information we collect about developers using appAttest — the people who sign up, manage apps, and integrate our SDK. It does not cover end users of the apps you build with appAttest. End users of your app are not our users; appAttest delivers your secrets to your app, attested by Apple, and never sees who is using your app.

What we collect

Account data

• Your email address.
• OAuth identifier and basic profile information if you sign in via a third-party provider.
• Account name, team name, role.

Billing data

• Stripe customer ID, subscription status, plan tier, and meter usage. Card details are stored by Stripe; appAttest never receives or stores card numbers.
• Tax and address information collected by Stripe for invoicing.

Application configuration

• Bundle identifiers, app names, environment names, secret names (not values — see below).
• Apple team identifier for the apps you register.

Secret values

• The secret values you store with appAttest are encrypted at rest with envelope encryption (a per-tenant data key wrapped by a dedicated master key in managed key infrastructure). They are decrypted only when an attested device requests them. We do not use the contents of your secrets for any purpose other than delivering them to your attested apps.

Attestation and usage data

• Per-attestation metadata: timestamp, environment (sandbox or production), bundle ID, success or failure code, and the rate-limit / fraud signals required to operate the service.
• Hashed device identifiers from Apple's App Attest. We do not receive or store anything that identifies the end user of your app.
• API call counts, error rates, and rough geographic information (country) derived from server-side IP processing for rate limiting and billing purposes.

Telemetry from this website

• UTM parameters from inbound URLs (utm_source, utm_medium, utm_campaign), persisted in your browser's sessionStorage so we can attribute signups to the campaign that brought you. No cookies are set by appAttest for this; the data lives only in your tab.
• The website does not run analytics, fingerprinting, ad pixels, or session-replay tooling at v1.

How we use it

• To run the service: verify your app, deliver your secrets to attested devices, meter usage against your plan.
• To bill you: produce invoices and process payments via Stripe.
• To keep the service safe: rate limit, detect abuse, audit security-sensitive actions.
• To communicate with you: account notices, security alerts, billing receipts. We do not send marketing email at v1.
• To improve the service: aggregate, de-identified analysis of usage patterns.

Who we share with

We share data with a small set of subprocessors required to run the service. We do not sell or rent your data. The current subprocessors:

• Stripe — billing and payments. Receives your email and card details (which you provide directly to Stripe).
• Resend — transactional email (verification codes, billing notices, account alerts). Receives your email address and the body of the message we send you.
• Apple — App Attest verification on your behalf. Apple's terms apply to attestations performed by your app.
• Managed cloud infrastructure for application hosting, encrypted storage, and key management. All data encrypted at rest.

We require subprocessors to handle data only as needed to perform their service, and to apply security commensurate with the data they process.

Retention

• Account data: retained while your account is active. Deleted within 30 days of account deletion.
• Billing data: retained per tax law in the relevant jurisdiction, typically seven years.
• Secret values: stored until you delete them or delete the app. Destroyed within 30 days of deletion.
• Attestation events: 90 days at full fidelity, then aggregated into anonymized counters.
• Audit log: retained for 365 days for security and compliance review.

Where data is processed

The primary processing region is the United States. Some subprocessors operate in additional regions; their own privacy notices describe specifics.

Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and the data associated with it.
• Export your data in a portable form.
• Object to or restrict certain processing.
• Withdraw consent where consent is the basis for processing.

Most of these can be exercised directly from the dashboard. If you can't, write to privacy@appattest.dev.

Children

appAttest is a developer tool. It is not directed at children, and we do not knowingly collect information from anyone under 13. If you believe we have, contact privacy@appattest.dev and we will delete it.

Security

Secret values are envelope-encrypted with per-tenant data keys wrapped by a dedicated master key in managed key infrastructure. Database connections require TLS. Administrative access is logged. We use principles-of-least-privilege for internal access and rotate credentials regularly. No system is perfectly secure; if you suspect a vulnerability, write to security@appattest.dev.

Changes

We may update this policy. Material changes will be communicated by email and through a banner in the dashboard at least 14 days before they take effect.

Contact

Questions, requests, or a suspected violation: privacy@appattest.dev.
AppAttest is a service of Bault LLC.