Privacy Policy

This Privacy Policy describes how Apped (“Apped”, “we”, “us”) collects, uses, and shares information when you use the Apped mobile app, website, generated app previews, code export, waitlist, and related services (together, the “Service”). Apped is operated by Jasper Aelvoet in Ghent, Belgium.

This policy is part of our Terms of Service. If you do not agree with this policy, do not use the Service.

1. Information we collect

Account and authentication information. When you sign in, we collect information needed to create and maintain your account, such as your name, email address, profile image, authentication provider identifiers, and authentication tokens from Apple or Google if you choose those sign-in methods. Apped also supports guest or anonymous accounts in some contexts, which are linked to an account identifier rather than an email address until you choose to sign in.

Session and device data. To keep you signed in and detect abuse, we process session tokens, IP address, user agent, and request metadata. The mobile app may also store local identifiers on your device for authentication, notifications, analytics, and local app state.

Website waitlist submissions. When you join the waitlist or ask for launch updates on the website, we collect your email address, source label, and timestamps so we can send the update you requested and prevent abuse of the signup form.

App content you create. When you describe an app, we store your app names, descriptions, prompts, chat messages, message ratings, AI responses, generated code, files, icons, snapshots, and per-app memories so that you can return and keep building. If your generated app has server routes or a database, data entered into that preview or generated backend may also be stored by Apped for that app.

Sharing, export, and remix data. If you create a public share link, save someone else's shared app, remix an app, or export code, we process the app metadata, source files, share code, view counts, saved-app records, export tokens, and timestamps needed to provide those features.

Usage, billing, and entitlement data. We track token counts, message volume, plan, entitlement status, subscription expiration, and RevenueCat customer identifiers so we can enforce plan limits, provide paid features, and handle subscription support. Apped does not receive your full payment card number.

Custom model provider settings. If your plan lets you connect your own AI model endpoint, we store the endpoint URL, model ID, validation status, usage metadata, and an encrypted copy of the API key so Apped can route your AI runs to the provider you choose.

Notifications. If you enable notifications, we collect notification preferences, a generated installation ID, platform, and Expo push token so we can send requested alerts such as AI completion, share activity, or weekly reminder notifications.

Feedback and support. If you submit feedback or contact support, we collect your message, category, related app ID if provided, and optional device or app context such as platform, OS version, device model, app version, and build number.

Analytics and diagnostics. We use Firebase Analytics and Crashlytics to understand how the Service is used and to diagnose crashes. These tools may collect events, screen paths, device and OS information, app version, crash logs, performance diagnostics, user ID, plan, and related diagnostic attributes.

2. How we use information

We use the information above to:

• Operate the Service, including authenticating you, storing your apps, and rendering previews.
• Send prompts, generated files, relevant app context, and icon requests to OpenRouter so AI models can generate code, responses, and app icons.
• If you enable a custom model provider, send prompts, generated files, images, tool results, and relevant app context to that provider instead of Apped's managed AI provider for eligible AI runs.
• Run AI tools such as documentation lookup, web search, and URL fetching when needed to answer your prompt or build your app.
• Enforce plan limits, manage subscriptions, and prevent fraud or abuse.
• Provide code export, public sharing, saving, remixing, and notification features.
• Diagnose crashes, debug issues, and improve performance and reliability.
• Respond to feedback and support requests.
• Send waitlist updates, launch invites, and other product messages you asked to receive.
• Communicate with you about the Service, including important changes and support requests.

3. How we share information

We do not sell your personal information. We share information only with the service providers required to run Apped, and only for the purposes described here:

We do not use Apped data to track you across apps or websites owned by other companies, and we do not share user IDs, device identifiers, or analytics identifiers with third-party advertisers, ad networks, or data brokers for advertising or measurement.

• OpenRouter: prompts, generated files, relevant app context, and icon requests are sent through OpenRouter so AI models can generate code, responses, and app icons.
• Custom model providers: if you connect your own compatible AI endpoint, that provider processes the prompts, files, images, tool results, and app context needed to complete your AI runs. Your use of that provider is governed by your own account and agreement with it.
• Authentication providers: if you sign in with Apple or Google, those providers process the authentication information needed to complete sign-in.
• Google Firebase (Analytics, Crashlytics): collects anonymized or pseudonymous usage, device, event, and crash diagnostic data.
• RevenueCat and Apple App Store: process subscription purchases and manage entitlements. Apped never receives or stores your payment card details.
• Expo and platform push services: process push tokens and notification payloads when you enable notifications.
• Web search and retrieval providers: process search queries, URLs, and retrieved page content when the AI uses web search or fetch tools to build or debug your app.
• Hosting and infrastructure providers: store the databases and servers that run the Service.
• Legal and safety: we may disclose information if required by law or to protect the rights, safety, or property of Apped or its users.

4. Public share links

If you create a public share link, the linked app name, description, creator display name, source files needed for the web preview, and other linked contents become accessible to anyone who visits that URL. Other users may be able to save or remix shared apps. Do not put secrets, private credentials, or confidential information in an app you share publicly. You can revoke a share link from the Apped app at any time, but copies already saved or remixed by others may remain in their accounts.

5. Generated app permissions

Generated app previews run inside Apped and may use device capabilities supported by the Apped app, such as camera, microphone, photos, contacts, calendar, reminders, location, notifications, local authentication, local storage, or maps, if the generated code requests them and your device grants permission. Apped does not intentionally collect those permission-protected data types unless you provide them to a generated app, the generated app stores them in its files or backend, or they are included in diagnostics, support, or shared/exported content.

6. Data retention

We retain account, app, generated backend, usage, share, export, notification, and support data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, prevent abuse, and enforce agreements. You can delete individual apps and can delete your account from the account settings screen. You may also contact us at support@apped.dev. Account deletion starts with a short grace period; after that period ends, we remove authentication records, provider identifiers, profile details, notification tokens, usage records, and support records tied to the account. Some generated workspace artifacts may remain in an unavailable or anonymized state where needed for security, abuse prevention, debugging, legal obligations, or service integrity. Backups, logs, billing provider records, and copies already saved, remixed, or exported by others may remain where deletion is not technically immediate or legally required.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to the processing of personal information we hold about you, and to withdraw consent where processing is based on consent. To exercise these rights, email support@apped.dev. We may need to verify your request before acting on it.

If you are in the European Economic Area, United Kingdom, or Switzerland, you may also have the right to lodge a complaint with your local data protection authority. Because Apped is operated from Belgium, the Belgian Data Protection Authority may be a relevant supervisory authority.

8. Security

We use reasonable technical and organizational measures to protect the Service, including encryption in transit, access controls, authentication tokens, and provider security controls. No system is perfectly secure. Do not upload sensitive personal data, private keys, production secrets, regulated health or financial data, or other information you are not comfortable storing with us unless we have agreed in writing that Apped is suitable for that use.

9. Children

Apped is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under the age required to consent to data processing in your country, you may use Apped only with permission from a parent or legal guardian. If you believe a child has provided information to us without appropriate consent, contact us and we will take appropriate action.

10. International transfers

Apped is operated from Belgium, and our providers may process information in the European Economic Area, the United States, and other countries where they operate. When required, we rely on appropriate transfer mechanisms such as contractual safeguards or adequacy decisions.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app or on this page, and the effective date above will be updated. Continued use of the Service after an update means you accept the revised policy.

12. Contact us

Questions about this policy? Email support@apped.dev.