Privacy Policy
Last updated: February 12, 2026
1. Introduction
CEPALabs SH.P.K. ("we", "us", "our") operates ASOgain (asogain.com). This Privacy Policy explains how we collect, use, and protect your personal data when you use our Service.
2. Data Controller
CEPALabs SH.P.K.
Rruga Andon Zako Cajupi, Ndertesa 3, Hyrja Nr. 11
Tirane, 1001, Albania
NUIS: M61327011S
Email: hello@cepalabs.com
3. Data We Collect
3.1 Account Data
When you create an account, we collect:
- Email address
- Display name
- Authentication method (email/password or Google OAuth)
- Profile avatar (if provided by Google)
3.2 App Store Connect Data
If you connect your App Store Connect account, we store your API key credentials (Issuer ID, Key ID, and private key). Your private key is encrypted at rest using AES-256-GCM encryption and is never transmitted to your browser or exposed in any client-side code.
3.3 App and Metadata
We store the app information and metadata you create or import through the Service, including app names, descriptions, keywords, pricing configurations, and analysis results.
3.4 Usage Data
We track your AI generation usage count per month for rate limiting purposes. We do not track page views, clicks, or behavioral data.
3.5 Billing Data
Payment processing is handled by Lemon Squeezy as our merchant of record. We do not store your credit card information. We receive and store your Lemon Squeezy customer ID and subscription ID for account management purposes.
4. How We Use Your Data
We use your data to:
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your account
- Process your requests to App Store Connect on your behalf
- Generate AI-powered metadata and recommendations
- Enforce plan limits and usage tracking
- Manage billing and subscriptions (via Lemon Squeezy)
- Communicate important service updates or security notices
We do not use your data for advertising, profiling, or selling to third parties.
5. Third-Party Services
We use the following third-party services to operate ASOgain:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Database, authentication | Account data, app data | EU (Frankfurt) |
| Vercel | Hosting, deployment | Request metadata (IP, headers) | Global CDN |
| OpenAI | AI metadata generation | App name, category, description (per generation) | US |
| Lemon Squeezy | Payment processing | Email, name, billing info | US |
| Apple App Store Connect | App data sync (at your request) | Your API credentials (encrypted) | US |
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, all your data (profile, apps, credentials, metadata, analyses, and usage records) is permanently deleted from our systems. Deletion is irreversible.
Billing records held by Lemon Squeezy are subject to their own retention policies and applicable tax/accounting laws.
7. Data Security
We implement industry-standard security measures:
- All data in transit is encrypted via TLS/HTTPS
- App Store Connect private keys are encrypted at rest (AES-256-GCM)
- Database access is protected by Row Level Security (RLS) policies
- API routes verify user authentication before processing requests
- Webhook payloads are verified using HMAC-SHA256 signatures
8. Cookies
ASOgain uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
9. Your Rights
Regardless of where you are located, you have the right to:
- Access your personal data — available through your account settings
- Correct inaccurate data — editable in your account settings
- Delete your account and all associated data — available in account settings under "Danger Zone"
- Export your data — contact us for a full data export
- Object to data processing — contact us to discuss
For EU residents, these rights are provided under the General Data Protection Regulation (GDPR). To exercise any of these rights, contact us at hello@cepalabs.com.
10. International Transfers
Your data is primarily stored in the EU (Supabase, Frankfurt). Some data is processed by US-based services (OpenAI, Lemon Squeezy, Vercel, Apple). These transfers are necessary to provide the Service and are covered by each provider's data processing agreements.
11. Children
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. The "Last updated" date at the top reflects the most recent revision.
13. Contact
For privacy-related questions or requests, contact us at: hello@cepalabs.com
See also: Terms of Service · Refund Policy