Privacy Policy

This Privacy Policy describes how Viral Apps Labs LLC ("Appshotr," "we," "us," or "our") collects, uses, and shares information when you use the Appshotr website and service at appshotr.com(the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you sign in with Google OAuth, we receive and store your name, email address, and Google account identifier. We do not receive or store your Google password.

1.2 Uploaded Images

You upload app UI screenshots so the Service can generate App Store screenshot designs. These images are stored on our infrastructure (see Section 4) and are associated with your account.

1.3 Generated Images

Screenshots produced by the AI generation process are stored and linked to your account so you can access, download, and manage them.

1.4 Payment Information

We use Stripe to process payments. Your credit card number, billing address, and other payment details are collected and processed directly by Stripe. We do not store your full credit card number on our servers. We may store your Stripe customer ID, subscription status, and transaction history for billing purposes.

1.5 Usage Data

We may collect basic analytics about how you use the Service, including pages visited, features used, generation counts, and timestamps. This data helps us understand usage patterns and improve the Service.

1.6 Device and Log Data

Our servers automatically record information such as your IP address, browser type, operating system, referring URL, and request timestamps. This data is used for security monitoring and troubleshooting.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service — authenticate your account, process your uploaded images through our AI pipeline, generate and deliver App Store screenshots, and manage your gallery.
• Process billing — manage your subscription or credit pack purchases, issue receipts, and handle refunds.
• Improve the Service — analyze usage patterns, monitor performance, fix bugs, and develop new features.
• Communicate with you — send transactional emails (account confirmation, billing receipts, generation status), and respond to support requests.
• Ensure security — detect and prevent fraud, abuse, and unauthorized access.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Third-Party Services

We share information with the following third-party service providers only as necessary to operate the Service:

3.1 Google (Authentication)

We use Google OAuth for sign-in. When you authenticate, Google shares your name, email, and account identifier with us. Google's use of your data is governed by Google's Privacy Policy.

3.2 Stripe (Payments)

Stripe processes all payments on our behalf. Your payment information is handled in accordance with Stripe's Privacy Policy. We do not have access to your full credit card number.

3.3 OpenAI (AI Image Generation)

Your uploaded screenshots and associated metadata (app name, description, category) are sent to the OpenAI API for AI-powered image generation. OpenAI processes this data to produce your App Store screenshots. Please review OpenAI's Privacy Policy and API Data Usage Policies for details on how they handle data. Under OpenAI's API terms, data submitted through their API is not used to train their models.

3.4 Cloudflare (Image Storage and CDN)

Uploaded and generated images are stored on Cloudflare R2 object storage. Cloudflare may also serve as a CDN for delivering images. Cloudflare's handling of data is governed by Cloudflare's Privacy Policy.

3.5 Analytics

We may use third-party analytics services to understand how users interact with the Service. If implemented, these tools collect anonymized usage data (pages visited, session duration, feature engagement) and do not collect personal information such as names or email addresses through the analytics platform.

4. Data Storage and Security

4.1 Where Your Data Is Stored

Our backend infrastructure is hosted on Hetzner VPS servers, which may be located in Germany and/or the United States. Uploaded and generated images are stored on Cloudflare R2 in the US region. Account data (name, email, generation history) is stored in our database on Hetzner infrastructure.

4.2 How We Protect Your Data

We implement reasonable administrative, technical, and physical safeguards to protect your data, including:

• All data in transit is encrypted using TLS (HTTPS) connections.
• Access to production systems is restricted to authorized personnel only.
• Authentication tokens are stored in your browser's localStorage and transmitted over encrypted connections.
• We do not store passwords — authentication is handled entirely through Google OAuth.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. AI Processing Disclosure

Appshotr uses OpenAI's gpt-image-2 model to generate App Store screenshots via style transfer. When you initiate a generation:

• Your uploaded app UI screenshot(s) are sent to the OpenAI API.
• Text metadata you provide (app name, description) is included in the generation prompt.
• OpenAI processes this data on their infrastructure to produce the generated images.
• Under OpenAI's API Data Usage Policies, inputs and outputs submitted through their API are not used to train OpenAI models.

The generated images are returned to us, stored on our infrastructure, and made available in your account. You retain ownership of the generated screenshots and may use them in accordance with our Terms of Service.

6. Data Retention

6.1 Active Accounts

We retain your account information, uploaded images, and generated images for as long as your account is active or as needed to provide the Service.

6.2 Account Deletion

You may request deletion of your account and all associated data at any time through your account settings or by contacting us at privacy@appshotr.com. Upon receiving a deletion request:

• Your account data, uploaded images, and generated images will be permanently deleted within 30 days.
• Backups containing your data will be purged within 90 days.
• We may retain anonymized, aggregated data that cannot be used to identify you (e.g., total generation counts).

6.3 Billing Records

We may retain billing transaction records for up to 7 years as required by applicable tax and financial regulations, even after account deletion. These records contain only transaction metadata (dates, amounts, plan type) and do not include payment card details.

7. Your Rights

7.1 General Rights

Regardless of where you are located, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct any inaccurate information.
• Deletion — request deletion of your account and personal data.
• Export — request a portable copy of your data in a commonly used format.

7.2 European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

• Legal basis for processing — we process your data based on (a) the performance of our contract with you (providing the Service), (b) your consent (where applicable), and (c) our legitimate interests (improving the Service, preventing fraud).
• Right to restriction — you may request that we restrict processing of your personal data in certain circumstances.
• Right to object — you may object to processing based on legitimate interests.
• Right to lodge a complaint — you have the right to lodge a complaint with your local data protection authority.

7.3 California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights, including:

• Right to know — you may request the categories and specific pieces of personal information we have collected about you.
• Right to delete — you may request deletion of your personal information.
• Right to opt out of sale — we do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
• Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@appshotr.com. We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

8. Children's Privacy

Appshotr is not directed to individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@appshotr.com and we will promptly delete that information.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States and Germany. These countries may have data protection laws that differ from those of your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) where applicable, and the data protection provisions of our agreements with third-party service providers.

10. Cookies and Local Storage

Appshotr does not use traditional tracking cookies. We use the following browser storage mechanisms:

• Authentication tokens — stored in your browser's localStorage to keep you signed in. These are strictly necessary for the Service to function and are not used for tracking.
• Theme preference — your light/dark mode preference may be stored in localStorage for a consistent experience.

If we implement third-party analytics in the future, we will update this policy accordingly and, where required, obtain your consent before placing any non-essential cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Effective date" and, where practicable, by sending a notification to the email address associated with your account. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@appshotr.com
• Company: Viral Apps Labs LLC

We aim to respond to all inquiries within 30 days.