AppScoutAppScout.gallery
Back to home

Privacy Policy

Last updated: May 28, 2026

AppScout (“we”, “us”, “our”) is a web app that helps indie developers research the Apple App Store. This page explains what we collect, why, and what you can do about it. We wrote it to be readable — no dark patterns, no hidden tracking.

What we collect

When you create an account, we store:

  • Email address
  • Hashed password (we never see your plain-text password — Supabase Auth handles hashing)
  • If you sign in with Google: name, email, profile picture, and Google account ID
  • A unique account ID generated for you

When you use the product, we store:

  • Apps you add to your watchlist and drawers you create
  • Whether your account is on the Free, Pro, or Operator plan
  • Scout chat conversations are stored locally in your browser (localStorage), not on our servers
  • Subscription status from our payments provider (Polar) once billing is live

Automatically, when you visit the site, we collect:

  • Page views, country, browser, and referrer via Umami — a cookieless, privacy-respecting analytics tool we host ourselves
  • Your IP address for rate-limiting (Cloudflare KV stores per-IP request counts for free-tier Scout chat); not associated with your account
  • Standard server logs for debugging (request paths, response codes) retained for a short window

We do not use third-party advertising trackers, sell your data, or build behavioral profiles for resale.

How we use it

  • To provide the service — show you signals, save your watchlist, run Scout chat
  • To authenticate you and keep your session active
  • To send transactional emails (sign-up confirmation, password reset, subscription receipts) via Resend
  • To improve the product — aggregated, anonymized usage patterns to understand what works

We do not send marketing emails without your explicit consent. If we ever introduce a product newsletter, it will be opt-in only.

Who we share data with

We use a small set of trusted infrastructure providers to run the service. Each only sees the data they need to do their job:

ProviderWhat they handle
SupabaseDatabase, authentication, account storage (US/EU regions)
CloudflareHosting our worker code, KV rate-limit counters, R2 cached responses
OpenAIReceives your Scout chat messages to generate responses; subject to OpenAI's API data policy (no training on API data)
TavilyReceives Scout's web search queries when Scout searches outside the App Store
ResendSends transactional emails on our behalf from appscout@tinyappstudio.io
Polar.shProcesses payments as Merchant of Record (when subscriptions launch); they collect billing details directly
UmamiCookieless analytics; aggregates page views without personal identifiers

We don't share your data with anyone for marketing, profiling, or resale. If we're ever required to disclose data by law, we will — but we'll notify you first unless legally prohibited.

Public App Store data

The app rankings, ratings, descriptions, screenshots, and category data shown on AppScout are sourced from Apple's public App Store APIs and public App Store web pages. We don't obtain this data from end users — it's already public.

Download and revenue estimates are computed from public signals (chart position, review velocity). They are presented as ranges with confidence labels, not point predictions.

Cookies and local storage

We use the minimum needed for the product to work:

  • Authentication session cookie (set by Supabase Auth) — required to keep you signed in
  • localStorage for Scout chat history — kept on your device only, never sent to our servers
  • No third-party advertising cookies, no cross-site tracking

Your rights

You can:

  • Access any data we hold about you by emailing us
  • Correct your account email or other info directly in your account settings
  • Delete your account at any time by emailing hello@tinyappstudio.io — we will permanently delete your profile, watchlists, drawers, and subscription record within 30 days
  • Export your watchlist as a list before deletion if you want

If you're in the EU/UK, you have additional rights under GDPR (data portability, restriction of processing, lodging a complaint with your data protection authority). All of these apply.

Data retention

  • Account data: kept while your account is active. Deleted within 30 days of account deletion request.
  • Public App Store rankings + momentum: rolling 30-day window — older data is automatically pruned.
  • Sales/revenue estimates: 14 days of history kept; older versions pruned.
  • Server logs: typically purged within 7 days.
  • Scout chat history: lives in your browser; clearing browser data deletes it.

Security

All traffic uses HTTPS. Passwords are hashed by Supabase Auth using industry-standard algorithms — we never see your plain-text password. Database access is gated by row-level security policies (RLS) so that one user can never read another user's data, even at the database level.

That said, no service is 100% breach-proof. If we ever experience a breach affecting your data, we'll notify affected users within 72 hours and tell you what happened.

Children

AppScout is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, email us and we'll delete it.

Changes to this policy

If we make material changes, we'll update the “Last updated” date at the top and notify signed-in users by email. Small clarifications happen without notice.

Contact

Questions about your privacy, this policy, or data requests: hello@tinyappstudio.io.

AppScout is a project of Mohamed Maail. See also our Terms of Service.