Privacy Policy

Last updated: March 19, 2026

App Reviews → Slack ("we", "us", or "our") operates a subscription service that monitors Apple App Store and Google Play reviews and delivers them to your messaging tools. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Account information

When you register, we collect your email address and a hashed password. We never store your password in plain text.

App configuration

To provide the service, we store the Apple App Store numeric IDs and/or Google Play package names you add. These are publicly available identifiers.

Webhook URLs

Slack and Pumble incoming webhook URLs you provide are stored encrypted at rest using AES-256 encryption. They are decrypted only when delivering a review notification and are never logged or shared.

Payment information

Payments are processed entirely by Stripe. We do not store card numbers, CVVs, or any payment instrument details. We store only your Stripe customer ID and subscription status.

Usage data

We collect basic server logs (IP address, request path, timestamp) for security and debugging purposes. Logs are retained for 30 days.

2. How We Use Your Information

• To authenticate you and manage your account
• To fetch publicly available reviews from Apple and Google on your behalf
• To deliver review notifications to the webhook URLs you provide
• To process subscription payments via Stripe
• To respond to support requests

3. Third-Party Services

We interact with the following third-party services to operate:

• Apple — we fetch publicly available review data from the iTunes RSS feed and App Store lookup API
• Google — we fetch publicly available review and app metadata from the Google Play Store
• Stripe — payment processing. See Stripe's Privacy Policy
• Slack / Pumble — we POST review notifications to webhook URLs you provide. We have no other relationship with these services

We do not sell your data to any third party.

4. Data Retention

We retain your account data for as long as your account is active. If you delete an app from your dashboard, its associated IDs and webhook URLs are permanently deleted. If you close your account, all your data is deleted within 30 days.

5. Security

Webhook URLs are encrypted at rest. Passwords are hashed using PBKDF2-SHA256. We use HTTPS for all data in transit. We implement CSRF protection and rate limiting on authentication endpoints.

6. Your Rights

You may request a copy, correction, or deletion of your personal data at any time by contacting us. You can delete individual apps and their associated data directly from your dashboard.

7. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance.

8. Contact

For privacy-related questions, contact us at gngrwzrd@gmail.com.