Privacy Policy

1. Who We Are

AppSwap is an independent service that helps Android developers find testers for their apps. If you have questions about this policy, contact us at [email protected].

2. Information We Collect

We collect only what is necessary to operate the Service:

• Account information: email address and hashed password when you register.
• App listings: app name, Google Play URL, Google Group URL, opt-in link, and task description you provide.
• Test submissions: screenshot URL and optional notes you submit as proof of testing.
• Session data: a session token stored in an httpOnly cookie to keep you logged in.
• Usage data: standard server request logs (IP address, browser, pages visited) retained briefly by our infrastructure provider.

3. How We Use Your Information

• To create and manage your account.
• To display your app listings to other registered developers.
• To process testing tasks and the credit system.
• To communicate with you about your account (e.g., important service updates).
• To detect and prevent abuse or fraudulent activity.

We do not use your data for advertising and we do not sell it to third parties.

4. Information Shared With Others

Within the Service, your app listings (name, URLs, task description) are visible to other registered users. Your email address is never shown to other users.

We rely on the following infrastructure providers who may process your data on our behalf:

• Cloudflare — hosting, CDN, and database (Cloudflare Pages + D1). Data is governed by Cloudflare's Privacy Policy.

5. Cookies and Sessions

We use a single httpOnly session cookie to keep you authenticated. This cookie is not used for tracking or advertising. It expires when you log out or after a period of inactivity.

6. Data Retention

We retain your account data for as long as your account is active. If you wish to delete your account and all associated data, email us at [email protected] and we will process the deletion within 30 days.

7. Security

Passwords are hashed using PBKDF2 and never stored in plain text. Session tokens are stored in httpOnly cookies to prevent JavaScript access. We follow reasonable security practices, but no system is 100% secure.

8. Children's Privacy

The Service is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will remove the account.

9. Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data. To exercise any of these rights, email us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top will reflect any changes. Continued use of the Service after changes are posted constitutes acceptance.