Privacy choices

Appsail uses essential storage for sign-in, security, and theme preferences. With your permission, we also measure feed impressions, feed clicks, and referral attribution.

You can change these settings any time on the cookies page .

Testing Environment: shared preview, not production

How Appsail handles personal data

Privacy notice

How Appsail handles personal data

Appsail is a builder-to-builder product testing platform. This notice covers the data we process to run the service, the optional analytics choices available to builders, and the providers that help us deliver the product.

Last updated: 3/18/2026

Controller summary

Appsail acts as the controller for the account, community, testing, and billing data needed to run Appsail.

Builders can already edit profile data, manage cookie choices, export their data, and delete their account from inside the product.

If you need help with a privacy request that is not self-service yet, start on the Help page .

Data categories

  • Identity and account data such as name, email address, avatar, and profile metadata.
  • Authentication and security data such as sessions, verification tokens, IP-derived protection signals, user agent, and rate-limit records.
  • Product participation data such as projects, comments, poll responses, saves, follows, boosts, and test sessions.
  • Communication data such as direct messages, reactions, notifications, and profile visibility settings.
  • Billing and ledger data such as payment attempts, purchased credits, and credit transaction history.

How Appsail uses data

Service delivery

Appsail processes account, project, testing, chat, notification, and credit data so builders can sign in, publish projects, receive feedback, communicate, and manage their account.

Security and abuse prevention

Session metadata, verification records, and rate-limit signals help protect accounts, reduce abuse, and keep the platform stable.

Optional discovery analytics

Appsail only measures feed impressions and feed clicks when analytics consent is enabled. These optional events help us understand how builders discover projects.

Required product records

Appsail still stores testing, feedback, comment interaction, and credit records as part of the core product history needed to run projects, prevent abuse, and keep balances accurate.

Processors and recipients

Stripe

Credit purchases, checkout sessions, payment confirmation, and transaction reconciliation.

Payment processing may involve transfers outside the EEA subject to Stripe contractual safeguards.

Data categories: account email, payment identifiers, purchase amounts, checkout metadata.

GitHub

Optional OAuth sign-in and GitHub handle verification.

GitHub may process personal data outside the EEA when social login or handle verification is used.

Data categories: GitHub account identifier, public GitHub profile data, OAuth tokens.

Resend

Transactional authentication email delivery.

Email delivery may involve international transfers depending on the sending infrastructure in use.

Data categories: email address, verification and password reset email contents.

Object storage provider

Project media, uploads, and other hosted file assets.

Storage location depends on the configured bucket provider and must be reviewed before EU launch.

Data categories: uploaded media, file metadata, storage object keys.

Jina AI Reader

URL auto-fill and website content extraction for project submission.

Only invoked when a builder explicitly requests auto-fill during project creation or editing.

Data categories: submitted URL, public page content extracted from the submitted URL.

ipapi.co

Optional location auto-detect in account settings.

Only invoked when a signed-in user chooses the auto-detect action.

Data categories: IP address, approximate location lookup response.

Google Fonts

Font asset delivery for the public web UI.

Requests are made by the browser when the app loads shared font assets.

Data categories: IP address, user agent, font asset requests.

Retention and deletion

Active sessions

30 days

Expired sessions are deleted.

Verification and reset tokens

30 days

Expired verification rows are deleted.

Authentication rate-limit records

14 days

Throttle records are deleted after the window and cooling-off period are no longer relevant.

Notifications

180 days

Old notifications are deleted after the retention window.

Analytics events

365 days

Old analytics events are deleted or de-identified after the retention window.

Direct messages and reactions

730 days

Old chat content is deleted after the retention window unless a legal hold applies.

Soft-deleted comments

30 days

Deleted comment bodies are purged after a short recovery window.

Stored scrape markdown

180 days

Raw scraped page content is cleared from older projects.

Temporary uploads

7 days

Abandoned uploads are removed from object storage.

Pending or expired payment attempts

180 days

Pending or expired local payment records are deleted after the retention window.

Your rights

  • Right to be informed about how Appsail collects and uses personal data.
  • Right of access to a copy of the personal data associated with an Appsail account.
  • Right to rectification of inaccurate or incomplete account or profile information.
  • Right to erasure of account data when there is no overriding legal basis to keep it.
  • Right to restrict non-essential processing while a privacy request is being reviewed.
  • Right to data portability for account data that Appsail processes on the basis of consent or contract.
  • Right to object to non-essential analytics, referral, or similar processing.
  • Right to lodge a complaint with the competent supervisory authority in the EEA or the UK.

Use Settings and the Cookies page to manage your data, choices, and account. If you need follow-up help, start on the Help page .

Feature-specific notices

URL auto-fill

When a builder requests auto-fill during project creation or editing, Appsail sends the submitted URL to scraping infrastructure and may fetch the target website directly to extract public metadata, images, and page text.

Location auto-detect

The location auto-detect button in Settings makes a one-off request to ipapi.co using the current IP address. It is optional and only runs when selected by the user.