Privacy Policy

1. Your app never leaves your browser

AppAudit is local-first by design. When you run an audit, the extension reads your Bubble application's in-memory structure inside your browser, redacts known secret patterns locally, and runs a deterministic rules engine in a Web Worker.

We do not receive your application data. There is no backend that processes it. There is no AI provider in the loop. There is no telemetry pipeline that ships fragments of it elsewhere. The audit you see is computed on your machine.

2. Information we receive directly

We receive only the information you choose to give us directly to operate the billing relationship and respond to you:

• Subscription email. When you subscribe through our payment processor, the processor shares the email address associated with your subscription so we can deliver your license key and subscription receipts.
• Payment information. Payment is handled by our payment processor, which acts as merchant of record. We do not receive or store your card details. We receive only the information the processor passes to us to confirm the subscription (such as transaction reference, amount, and email).
• Support correspondence. If you email us, we retain your message and any attachments to respond to you and maintain a record of the request.

3. What the browser extension does on your machine

When you click “Audit my app” inside your Bubble editor:

• The extension reads your app’s in-memory structure from the page.
• The extension redacts known secret patterns before any preview renders. Redacted patterns include API keys, JSON Web Tokens, HTTP bearer tokens, cloud access keys, personal access tokens for code-hosting platforms, chat-platform tokens, and generic high-entropy strings.
• The extension runs a deterministic rules engine over the sanitized structure in a Web Worker, then renders findings inside the extension UI.
• The extension validates your license key against our license server.

The license-key check is the only network call the extension makes during an audit. The payload contains only the license key and basic activation metadata (such as the installation identifier the extension uses to enforce device limits). Your Bubble application data is never part of that request.

4. How we use the information we receive

We use the information we receive to:

• Activate, validate, and renew your subscription.
• Send transactional emails (license delivery, subscription receipts).
• Respond to support requests.
• Comply with applicable legal obligations.

We do not sell personal information. We do not display advertising in the Service. We do not use audit content to train machine-learning models — we do not receive audit content at all.

5. Third-party processors

We rely on a small number of third-party providers to operate the Service. Each processes only the information needed for its function:

• Payment processor (merchant of record). Handles subscription checkout, billing, and applicable tax collection. Receives the information you provide at checkout.
• License server. Validates license keys for the extension. Receives the license key and minimal activation metadata.
• Transactional email service. Sends license delivery and receipts. Receives the email address and message content.
• Static-site hosting provider. Serves https://getappaudit.com. Receives standard server-level request information that any web host receives.
• Form submission service. If you submit the optional feature-updates email form on https://getappaudit.com, your email is delivered to us through a third-party form service. Receives only the email address you submit.

The current list of processors is available on request to support@getappaudit.com.

6. Data retention

We retain only the information needed to operate the Service and meet our legal obligations:

• Subscription and license records are retained for as long as your subscription is active and for a period afterward to satisfy billing, accounting, and tax requirements.
• Support correspondence is retained for as long as needed to address the issue and a reasonable period afterward.
• Audit content is not retained because we do not receive it.

You can ask us to delete information we hold about you, subject to legal retention obligations, by emailing support@getappaudit.com.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or object to certain uses of your personal data, and to withdraw consent. To exercise any of these rights, email support@getappaudit.com. We will respond within a reasonable time consistent with applicable law.

You may also have a right to complain to your local data-protection authority.

8. Security

We implement reasonable technical and organizational measures to protect data:

• Data in transit between the extension and the license server is encrypted in transit.
• Secret patterns are redacted in your browser by the extension before any preview renders, and your application data is not transmitted to us at any point.
• Access to processor systems is restricted to authorized personnel and protected with industry-standard controls.

No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

9. Children

The Service is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact support@getappaudit.com.

10. International users

AppAudit is offered globally. Information you provide may be processed in the country where our processors operate. Where required by law, we rely on appropriate safeguards for cross-border transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on https://getappaudit.com and update the "last updated" date. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact

For privacy questions, requests, or complaints:

Email: support@getappaudit.com