Privacy
Privacy Policy
Effective May 1, 2026. This product policy draft should be reviewed by qualified counsel before production enterprise use.
1. Overview
This Privacy Policy explains how Apforj handles information for account management, AI-assisted app generation, project hosting, managed backend/runtime services, publishing workflows, billing, support, analytics, and security.
2. Roles
For account, billing, website, marketing, and support data, Apforj generally acts as an independent controller or business. For app end-user data processed through Apforj-managed backend services, Apforj may act as a processor or service provider on behalf of the customer who owns the app.
3. Information We Collect
We may collect account data such as name, email, password or authentication provider, workspace role, and settings; billing data such as plan, invoices, payment status, taxes, and provider references; project data such as prompts, uploaded files, generated code, assets, database schemas, configuration, app metadata, and build logs; runtime data such as app user accounts, app database records, storage objects, request metadata, logs, and diagnostics; publishing data such as store metadata, screenshots, signing data, certificates, credentials, bundle IDs, and privacy labels; and support, usage, cookie, analytics, and security data.
4. How We Use Information
We use information to provide, secure, debug, and improve Apforj; generate and modify app code; operate previews, managed backends, builds, deployments, and publishing workflows; manage credits, billing, fraud prevention, abuse detection, and support; communicate service notices and security alerts; and comply with legal obligations.
5. AI Processing
Prompts, files, app specifications, screenshots, and project context may be sent to AI model providers to generate plans, code, assets, explanations, and reviews. We do not use private project content to train third-party foundation models unless you opt in or we disclose otherwise. AI providers may process data according to their applicable terms and our configuration with them.
6. Sharing
We may share information with AI model providers, cloud hosting and database providers, payment processors, analytics and monitoring tools, support vendors, app stores and publishing integrations when requested, security and fraud-prevention providers, legal or compliance recipients, and parties involved in a business transfer. We do not sell private project content.
7. Publishing Credentials and Secrets
Publishing credentials, signing material, tokens, and private keys are treated as sensitive data. They are used only for requested build, signing, publishing, or integration actions. They are not included in normal account exports and should only be decrypted inside systems that need them for the requested workflow.
8. Retention
Account data is generally retained while your account is active. Project data is retained until deleted by you or your account is deleted. Billing and legal records may be retained as required by law. Backups, audit logs, and security records may be retained for a limited period. Publishing credentials are deleted when disconnected, when the account is deleted, or when no longer needed, subject to backup and legal retention.
9. Export and Deletion
You may export supported account and project data from the Account page and may request deletion of your account. Deletion may be limited by legal obligations, fraud prevention, unresolved disputes, security logs, backups, app store systems, and third-party services.
10. Regional Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, object to processing, withdraw consent, or opt out of certain sharing. To exercise privacy rights, contact the address listed below. We may need to verify your identity before responding.
11. Security
We use reasonable safeguards such as encryption in transit, access controls, credential handling controls, logging, monitoring, and vulnerability management. No online service can guarantee absolute security.
12. Children and Sensitive Use
Apforj is not intended for children under 13 or a higher age threshold where required. Customers should not build child-directed, safety-critical, regulated, or highly sensitive apps using Apforj-managed backend services without appropriate compliance review and safeguards.
13. International Transfers
Data may be processed in the United States and other countries where Apforj, its vendors, or infrastructure providers operate. Where required, we use appropriate transfer safeguards.
14. Contact and Changes
For privacy or security questions, contact privacy@apforj.com or security@apforj.com. We may update this Privacy Policy and will provide notice of material changes where appropriate.