Privacy Policy

Effective Date: June 7, 2026

This Privacy Policy explains how Tap & Swipe SAS ("we", "us", "our") collects and uses information for AppSprint ASO, the macOS app and related website pages at appsprint.app. It also explains what stays on your Mac.

1. Who we are

AppSprint ASO is operated by Tap & Swipe SAS, a company based in France. You can contact us at arthur@appsprint.app.

For checkout, license, subscription, support, and website attribution data, Tap & Swipe SAS is the data controller. For data you send directly to Apple through your own App Store Connect or Apple Search Ads accounts, Apple processes that data under Apple's own terms and privacy policies.

2. Data we collect

We collect the information needed to sell, activate, support, and improve AppSprint ASO:

  • Billing and account data: email address, Whop user or membership ID, plan, billing interval, subscription status, invoices or receipts available through Whop, and payment status. Whop processes payment details. We do not store your full card number.
  • License data: license key, activation status, plan, provider, machine identifier, and timestamps needed to activate the app, validate one-computer licenses, prevent repeated trials, and handle cancellations or failed payments.
  • Website and checkout attribution: landing page, referrer, visitor ID, session ID, Google Ads identifiers such as gclid, gbraid, and wbraid, campaign parameters, UTM parameters, and affiliate referral data when present.
  • Support and email data: messages you send us, your email address, and transactional email content such as license delivery or billing links.
  • Crash and diagnostics data: if crash reporting is enabled, error messages, stack traces, app version, device information, and operating system version. Crash reports are used to fix bugs and should not include your local projects, keywords, metadata, or credentials.

3. Data that stays local

The macOS app is designed so the most sensitive ASO work stays on your device. We do not receive your local keyword projects, competitor research, metadata drafts, optimization history, App Store Connect credentials, Apple Search Ads private keys, Apple Ads campaign data, local MCP data, app settings, or local files unless you choose to send something to us for support.

When you connect Apple services, the app uses your credentials from your Mac or secure local storage to communicate with Apple at your direction. For Apple Search Ads API setup, your private key stays on your Mac and only the public key is uploaded to Apple.

If you push metadata or manage ads from AppSprint ASO, that information is sent to Apple through your connected Apple account. It is not sent to AppSprint servers as part of the normal app workflow.

4. How we use data

We use data to create and validate licenses, manage trials and subscriptions, send license keys and important product emails, prevent license sharing or fraud, provide support, fix bugs, measure our own ads and checkout performance, and comply with legal, accounting, tax, and security obligations.

Depending on the activity, we process data because it is needed to provide the product, because we have a legitimate interest in operating and protecting AppSprint ASO, because we must comply with the law, or because you gave consent where consent is required.

We do not sell your personal data. We do not use your local ASO projects, keywords, credentials, metadata, or Apple account data to train AI models.

5. Cookies, attribution, and Google Ads

The website may use cookies and browser storage for checkout and attribution:

  • aso_ad_attribution: stores Google Ads identifiers, UTM parameters, landing page, and referrer for up to 90 days.
  • visitor_id: helps connect a checkout to a browser visit.
  • session storage: keeps a temporary ASO checkout session ID.
  • affiliate or referral cookies: may be used when you arrive through an affiliate link.
  • Whop cookies: may be set by Whop during checkout, account management, invoice access, or subscription management.

If you reach AppSprint ASO through our Google Ads, we may store ad click identifiers and campaign parameters, then send conversion events such as trial started, paid subscription, or trial cancellation back to Google Ads. Where available, we may include a hashed version of your email address for conversion matching.

We do not send your local app projects, Apple credentials, keyword lists, metadata drafts, or Apple campaign data to Google Ads. You can control cookies in your browser settings, but disabling them may affect checkout attribution or some billing flows.

6. Service providers and sharing

We use service providers to operate the product:

  • Whop: checkout, payments, subscriptions, invoices, receipts, customer account management, and membership status.
  • Cloudflare: website hosting, edge infrastructure, security, caching, and deployment.
  • Neon/PostgreSQL: license, subscription, checkout, and conversion records.
  • Plunk and Amazon SES: transactional emails, including license delivery.
  • Google Ads: ad conversion measurement for our own ads when an ad identifier or hashed email is available.
  • Sentry: crash reporting and error diagnostics, if enabled.
  • Apple: App Store Connect and Apple Search Ads actions that you initiate from the app using your own Apple accounts.

We may also disclose data if required by law, to enforce our Terms, to protect our users or product, or as part of a merger, acquisition, financing, reorganization, or sale of all or part of the business.

7. Retention

We keep data only as long as needed:

  • Billing, invoice, accounting, and tax records: generally 5 to 10 years, depending on legal requirements.
  • License and subscription records: while your subscription is active and for a reasonable period afterward for support, fraud prevention, disputes, and accounting.
  • Checkout and ad attribution cookies: up to 90 days in your browser.
  • Checkout, attribution, and conversion records on our systems: for the period needed to measure ads, prevent abuse, resolve disputes, and meet accounting or security needs.
  • Crash reports: usually up to 90 days unless a longer period is needed to investigate a recurring issue.
  • Local app data: stays on your device until you delete it, uninstall the app, reset your Mac, or remove the related files.

8. Security and international transfers

We use reasonable technical and organizational measures to protect personal data, including HTTPS/TLS, managed hosting, access controls, secure database storage, and limited access to production data. No method of transmission or storage is perfectly secure. You are responsible for keeping your Mac, Apple credentials, private keys, Whop account, and email account secure.

We are based in France, but some providers may process data in other countries, including the United States. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or the EU-US Data Privacy Framework.

9. Your rights and children

If GDPR or other privacy laws apply to you, you may have rights to access, correct, delete, restrict, object to, or export your personal data. You may also have the right to withdraw consent where processing is based on consent.

To make a request, email arthur@appsprint.app. We may need to verify your identity before responding. You can also lodge a complaint with your local data protection authority. In France, the authority is the CNIL: https://www.cnil.fr.

AppSprint ASO is not intended for children under 16. We do not knowingly collect personal data from children.

10. Changes and contact

We may update this Privacy Policy from time to time. The effective date at the top shows when the latest version applies. If changes are material, we will provide notice by email, in the app, on the website, through Whop, or as required by law.

Questions about privacy can be sent to arthur@appsprint.app.

  • Tap & Swipe SAS, France
  • SIREN 100 454 206