Privacy Policy

AppApprove is a managed release pipeline for Shopify Apps. This policy explains what data we collect when you use appapprove.com, why, how we use it, and what rights you have.

We collect these categories of data:

• Account signups: email address you submit voluntarily when creating an account.
• Pre-submission check inputs: the app URL, privacy policy URL, shopify.app.toml contents, source-code snippets, and listing copy you submit on /check. These are processed in memory to generate a report and are not persisted to durable storage.
• App build data: when you have us build or maintain an app, the app description and specifications you provide, the generated source code and its GitHub repository, any store or accounts and credentials you connect, and build/deploy logs. Unlike check inputs, this data is retained so we can build, run, and support your app (see Retention).
• Telemetry: standard request logs (IP, user agent, timestamps), error traces (via Sentry when configured), and aggregated usage analytics (page views, feature adoption).

• Email: to authenticate your account and send product updates. Unsubscribe at any time.
• Check inputs: to run the compliance audit and return your report. Inputs are sent to AI providers (currently Google Gemini) for the listing-copy review when you provide listing copy.
• App build data: to generate, deploy, maintain, fix, and support the app you requested, and to provision its repository, hosting, and integrations.
• Telemetry: to keep the service reliable, debug errors, and understand which features merchants find useful.

• Resend — email delivery for transactional and product messages.
• Google (Gemini API) — AI-powered listing-copy review. Listing copy you submit is sent to Google's API for evaluation. See Google's Gemini API terms.
• Anthropic — AI used to generate and maintain your app's code. App build data (your specifications and source code) is processed by Anthropic's API for this purpose.
• GitHub — source-code hosting for your app's repository.
• Cloudflare — hosting and deployment for the apps we build for you.
• Vercel — hosting infrastructure. Standard request logs are processed under Vercel's privacy policy.
• Sentry (if enabled) — error and performance monitoring. Error reports may include sanitized excerpts of request data.

We do not sell your data and we do not use it for advertising.

To build, deploy, fix, and support an app you request, authorized AppApprove personnel may access your app's GitHub repository, any store or accounts you connect, the project data and specifications you provide, and build/deploy logs. This access is limited to what is needed to deliver, maintain, and support the Service, and is covered by confidentiality obligations.

• Email addresses: retained until you unsubscribe or request deletion.
• Pre-submission check inputs: processed in memory, not persisted. After a report is rendered, inputs are discarded.
• Telemetry: request logs retained for 30 days, error traces retained for 90 days.

You have the right to:

• access the personal data we hold about you
• correct inaccurate data
• delete your data ("right to be forgotten")
• port your data to another service
• object to processing or restrict it
• withdraw consent at any time

Email privacy@appapprove.com to exercise any of these rights. We respond within 30 days.

AppApprove uses essential cookies for session management and CSRF protection. We do not use advertising or cross-site tracking cookies.

We will post any changes here and update the "Last updated" date. Material changes will be communicated via email to account holders.

Questions: privacy@appapprove.com