AppEcho

Privacy Policy

Last updated: April 29, 2026

AppEcho ("we", "us") provides a unified inbox for App Store and Google Play reviews — ingest, reply, AI-assisted summary, sentiment, and translation. This Privacy Policy explains what we collect, why, who we share it with, and the rights you have over your data.

Plain version: we collect what's necessary to operate the product. We don't sell your data, run ads, or share it with marketing brokers. You can export or delete everything from your account at any time.

1. What we collect

Account data

  • Email address (required) — login + transactional notifications.
  • Display name and avatar (optional, or imported from Google when you sign in with Google).
  • Hashed password (bcrypt) when you sign up with email — we never see or store your plaintext password.

Workspace data

  • App identifiers you connect (Apple App Store IDs, Google Play package names) and store metadata (icon, public name).
  • Reviews ingested from public Apple and Google APIs — author display name, star rating, review body, locale, posted date.
  • Replies you send through AppEcho — body text and timestamp. Replies post via Apple's and Google's official APIs and become part of your store listing under the standard developer-response model.
  • Reply templates, saved filters, and translation cache.

Store credentials

  • Google Play: OAuth tokens, or your service-account JSON for the Play Developer API. Stored in our database, used only to authenticate with Google on your behalf.
  • App Store Connect: API key (key ID, issuer ID, private key), or — if you chose Apple ID login — the iris session cookies needed to call the legacy Connect endpoints. We never store your Apple ID password; only the short-lived session cookies returned after you complete 2FA.

Billing data

  • Plan tier, subscription status, current period end. Card details are handled entirely by Stripe — we never receive or store your card number, CVC, or expiry. We hold only your Stripe customer ID and subscription ID.

Operational data

  • Session cookies (HMAC-signed, HttpOnly, SameSite=Lax) so the browser stays logged in.
  • Last-seen timestamp, IP address, and user-agent for active sessions — used for security audit and rate limiting.
  • Server logs (request paths, status codes, errors). No body capture.

2. Analytics

Our public marketing pages use Google Analytics 4 to measure aggregate visit metrics (page views, source, country at country-level, anonymized IP). We do not share analytics data with advertisers and have not enabled Google Signals, Demographics, or remarketing.

You can opt out by installing the official Google Analytics opt-out add-on or by enabling Do-Not-Track / a tracking blocker in your browser.

What we do not use:

  • No marketing pixels or ad-network scripts.
  • No fingerprinting or session-replay.
  • No device identifiers beyond a normal user-agent string.
  • No social media tracking.

3. How we use your data

  • To operate the service: ingest reviews, post replies, generate summaries.
  • To authenticate you and prevent abuse (rate limiting, signed sessions).
  • To send transactional email — password reset, team invites, billing receipts. We do not send marketing email.
  • To meet our legal and tax obligations (e.g. retaining invoices for the period required by EU/UK accounting law).

4. Third parties we share with

We use the following sub-processors. Each only receives the minimum data needed to deliver their part of the service.

  • Stripe (US/EU) — payments and subscription billing. Stripe privacy
  • Resend (US) — transactional email delivery. Resend privacy
  • OpenRouter (US) — proxies AI inference for sentiment, summary, suggested replies, and translation. Review text is sent to model providers (OpenAI, Anthropic) for the duration of one request and is not used to train models. OpenRouter privacy
  • Apple App Store Connect and Google Play Console — when you post a reply, your credentials authenticate with the official store API to publish it.
  • Hetzner Online GmbH (Germany / EU) — physical hosting of our application servers and database.
  • Google Analytics (US) — aggregate visit metrics on the public marketing site only (not the signed-in app). Anonymized IP, no advertising features. Google privacy

We do not sell or rent your data.

5. Where your data lives

Application servers and the primary database are hosted in the European Union (Germany). Stripe and Resend are US-based vendors operating under EU Standard Contractual Clauses. AI inference may be processed in the US.

6. How long we keep it

  • Account + workspace data: until you delete the account.
  • Billing records: invoice metadata (no card data) is retained as required by applicable tax and accounting law, even after account deletion.
  • Server logs: kept short-term for security investigations and debugging, then discarded.

7. Your rights

If you're in the EU/UK (GDPR) or California (CCPA), you have the following rights — and we honor them globally regardless:

  • Access — see what we have. Settings → Reply templates, inbox, and the export endpoint cover most of it.
  • Export — the Inbox toolbar has an Export button that gives you a CSV or JSON of all reviews and replies.
  • Delete — Settings → Account → Delete account performs a hard delete of your user, workspaces, apps, reviews, replies, templates, credentials, and Stripe customer record.
  • Correct — update your profile from Settings; ask us by email for anything you can't change yourself.
  • Object — write to us at hello@appecho.xyz.

8. Security

  • HTTPS-only (HSTS preload).
  • Session cookies are HMAC-tagged with a per-deployment secret; HttpOnly + SameSite=Lax + Secure in production.
  • Passwords hashed with bcrypt (cost factor 10).
  • Per-store credentials (OAuth tokens, ASC keys, iris cookies) stored in our application database. Application-level encryption of these sensitive fields is on our roadmap.
  • Rate limits on sign-in, password reset, AI endpoints, and billing actions.

9. Children

AppEcho is a B2B tool for app developers and not intended for users under 16. If you believe a minor has signed up, contact us and we will remove the account.

10. Changes

If we make a material change, we'll post the new version here with an updated date and provide reasonable advance notice — by email or an in-app notice — before it takes effect.

11. Contact

Questions, requests, or complaints: hello@appecho.xyz.

See also: Terms of Service.