Privacy Policy

Last updated: February 2025

1. Information We Collect

Account Information

• Email address (for authentication and communication)
• Password (hashed, never stored in plain text)

Device Information

• Device UDID (collected via enrollment profile with user consent)
• Device model information
• Device name (user-provided)

App Data

• App names, bundle identifiers, and descriptions
• IPA files (stored encrypted on Bunny.net CDN)
• App icons extracted from IPA files

App Store Connect Credentials

• API Key ID, Issuer ID, and private key (encrypted at rest with AES-256-GCM)

2. How We Use Your Information

• To provide the Service: device registration, profile generation, app distribution
• To authenticate your account and send transactional emails
• To track download bandwidth for billing purposes
• To interact with Apple's App Store Connect API on your behalf

3. Data Storage and Security

• All sensitive credentials are encrypted at rest using AES-256-GCM
• Passwords are hashed using Bcrypt
• Data is stored on servers within the United States (fly.io)
• File storage uses Bunny.net CDN infrastructure
• All connections use TLS encryption

4. Data Sharing

We do not sell your data. We share data only with:

• Apple (device UDIDs and profile requests via App Store Connect API, as authorized by you)
• Stripe (payment processing)
• Resend (transactional emails)
• Bunny.net (file storage and CDN delivery)

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all personal data, apps, versions, and device records are permanently deleted within 30 days.

6. Your Rights

• Access and export your data
• Correct inaccurate information
• Delete your account and all associated data
• Opt out of non-essential communications

7. Cookies

We use session cookies for authentication. We do not use tracking cookies or third-party analytics.

8. Contact

For privacy inquiries, contact us at privacy@inhousevision.app.