Privacy Policy

Last updated: March 23, 2026

ASOrbit ("we", "our", "us") is operated by Simen Mathiesen Digital (ENK). This policy describes how we collect, use, and protect your information when you use our App Store Optimization platform at asorbit.app.

1. Information We Collect

Account Information

• Email address — used for account creation, login, and communication.
• Password — hashed using Argon2 before storage. We never store or have access to your plaintext password.

App Store Connect Credentials

To sync your app data, you provide App Store Connect API credentials (Issuer ID, Key ID, and Private Key). These are encrypted at rest using AES-256-GCM and only decrypted server-side when making API calls to Apple on your behalf. We never share these credentials with any third party.

App Data

When you connect your apps, we sync and store:

• App metadata (name, subtitle, keywords, description, promotional text, release notes)
• Screenshots and their metadata
• App Store analytics (impressions, page views, downloads, revenue)
• Version and localization information

This data originates from your App Store Connect account and the public iTunes API.

Payment Information

Payments are processed by Stripe. We store your Stripe customer ID and subscription status but never store your credit card number, bank details, or full payment information. See Stripe's Privacy Policy.

Competitor and Keyword Data

We collect publicly available data from the iTunes Search API about competitor apps and keyword rankings. This is public information available to anyone.

2. How We Use Your Information

• Provide the service — sync your app data, track keyword rankings, analyze competitors, and generate optimization suggestions.
• AI-powered analysis — your app metadata (name, description, keywords) and competitor data is sent to our AI provider (OpenRouter) to generate keyword suggestions, ASO assessments, and optimization recommendations. We do not send your email, password, credentials, or personal information to the AI provider.
• Process payments — your email is shared with Stripe to create your billing account.
• Communicate — we may email you about account-related matters (billing, security, service updates).

3. Third-Party Services

We do not sell, rent, or share your personal data with any other third parties. We do not use any analytics or tracking services.

4. Cookies

We use a single session cookie to keep you logged in. This cookie is:

• HttpOnly (not accessible to JavaScript)
• Secure (only sent over HTTPS)
• SameSite=Lax
• Expires after 30 days

We do not use tracking cookies, advertising cookies, or any third-party cookies.

5. Data Security

• Passwords are hashed with Argon2
• Session tokens are hashed with SHA-256 before storage
• App Store Connect credentials are encrypted with AES-256-GCM
• All connections use HTTPS/TLS
• Stripe webhook signatures are verified cryptographically

6. Data Retention

• Account data is retained as long as your account is active.
• iTunes search results are cached for 24 hours and then deleted.
• Session data expires after 30 days.
• If you delete your account, all associated data (credentials, apps, metadata, analytics, keywords) will be permanently deleted.

7. Your Rights

You can:

• Access your data through the app dashboard.
• Delete your App Store Connect credentials at any time from Settings.
• Request account deletion by contacting us.
• Export your data by contacting us.

8. Children's Privacy

ASOrbit is not intended for use by anyone under the age of 18. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice in the app.

10. Contact

For privacy-related questions, contact us at [email protected].