1. Information We Collect
- Account information — your name, email address, password (stored as a one-way bcrypt hash), and organization details. If you sign in with a third-party provider (Google, GitHub, Apple, or SAML SSO via your employer's identity provider), we receive the provider's user identifier and the basic profile fields the provider returns (typically name and email).
- Service data you upload or generate — project metadata, screenshots, store-listing copy, release notes, and similar app configuration.
- Cryptographic signing material and store credentials — App Store Connect API private keys (`.p8`), Android keystore files (`.jks` / `.keystore`) and their passwords, Google Play service-account JSON, Apple Search Ads private keys, and SAML SSO IdP certificates. These are encrypted at rest as described in Section 7 and are used only to perform the operations you request (signing, uploading, syncing, authenticating).
- Billing and purchase metadata required to confirm subscriptions, invoices, refunds, and support requests. We do not store full payment-card data — see Section 4.
- Technical information — IP address, browser type, device details, request logs, and security events used to operate and protect the service.
2. How We Use Information
- To provide, secure, maintain, and improve MySigner.
- To authenticate users, manage organizations, and enforce plan limits.
- To respond to support requests, billing questions, fraud investigations, and service incidents.
- To comply with legal obligations, enforce our terms, and protect the service from abuse.
3. AI-Assisted Features
MySigner offers optional AI-assisted features (translation and rewriting of store-listing copy and release notes). When you use these features, the relevant input you submit is transmitted to a third-party AI service provider acting as a sub-processor, which processes the content under its API data-usage terms (the provider does not train its models on data submitted via the API). We do not send credentials, signing keys, or personal data unrelated to the requested operation. AI features are opt-in per action — they only run when you explicitly invoke them from the dashboard.
4. Billing and Payment Processing
Paid plans are processed through Paddle.com, acting as merchant of record. Paddle handles payment-card data, tax calculation, invoicing, and refund workflows for those transactions; we never see or store full payment-card numbers. We receive subscription, transaction, and customer-identifier metadata from Paddle as needed to provision access and provide support. The merchant name shown on your card or bank statement will be Paddle's, not "MySigner".
5. Cookies and Local Storage
We use only essential cookies and similar storage technologies — to keep you signed in, protect sessions, remember interface preferences such as theme selection, and support core application functionality. We do not set third-party advertising or analytics cookies. We may store limited diagnostic information needed to secure and operate the service.
6. Sub-Processors
We rely on the following categories of third-party service providers (sub-processors) to operate the service. Each has access only to the data needed to perform its function and is bound by appropriate contractual safeguards.
| Category | Purpose | Region |
|---|---|---|
| Cloud infrastructure provider | Application and database hosting | United States |
| Object storage provider | Storage of screenshot exports (when enabled) | EU / US (configurable) |
| Paddle.com (merchant of record) | Subscription billing, invoicing, tax, refunds | UK / EU / US |
| Transactional email provider | Account, security, and billing notifications | EU / US |
| AI service provider | Optional translation and rewriting features (opt-in per action) | United States |
| Third-party identity providers | Sign-in via Google, GitHub, Apple, or your employer's SAML IdP (only if you choose to use one) | Provider-managed |
Application servers and our primary database are hosted with a cloud-infrastructure provider in the United States. International data transfers (for example, where you access the service from the EU/UK) are conducted under appropriate safeguards such as the European Commission's Standard Contractual Clauses, where required by applicable law. We will update this page when we add or replace a category of sub-processor or change hosting region.
Business customers operating under a data-processing agreement (DPA) can request the current list of named sub-processors by emailing support@mysigner.dev.
7. Security
Sensitive credentials you upload — including App Store Connect API private keys, Android keystore files and their passwords, Google Play service-account JSON, Apple Search Ads private keys, and SAML SSO IdP certificates — are encrypted at rest using strong industry-standard encryption. API tokens used by the CLI and by integrations are stored as one-way hashes — we can verify a token, but we cannot read it back. Application traffic is served over HTTPS.
No method of transmission or storage is completely secure. We will notify affected users without undue delay if we become aware of a security incident affecting your data, in line with applicable law.
8. Data Retention and Deletion
We retain account and service data for as long as your account exists. Cancelling a paid subscription does not delete your account — you remain on the Free plan and can re-subscribe any time without losing your data.
You can delete your account at any time from your account settings, or by emailing support@mysigner.dev. When you confirm deletion, your account is immediately deactivated — you can no longer sign in, and any API tokens issued to you stop working. We then send you a personal restoration link by email. If you change your mind within 90 days, you can use that link to reactivate your account exactly as it was. After 90 days, your account and all associated personal data — including organizations you own, store credentials, signing keys, screenshots, release notes, and related records — are permanently deleted from our production systems and cannot be recovered.
If you own organizations that other members belong to, those members are notified by email at the start of the 90-day grace window so they can export anything they need before the organization is deleted. The grace window applies to the whole organization, not just to your individual data; any active, trialing, paused, or pending Paddle subscription tied to your account is cancelled shortly after you confirm deletion, so you are not charged during the grace window.
Some records (such as billing and invoice records, and fraud-prevention logs) may be retained longer where required by law or to resolve disputes.
9. Your Rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, or to object to certain processing activities, including rights granted under the EU/UK GDPR, the California Consumer Privacy Act (CCPA), and similar laws. To exercise any of these rights, contact us at support@mysigner.dev. We will respond within the timeframe required by applicable law (typically 30 days). You may also have the right to lodge a complaint with a supervisory authority in your country of residence.
10. Children
MySigner is a developer tool intended for use by adults and businesses. It is not directed to children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can remove it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date above and, for changes that materially affect your rights, by an in-app notice or email to the address on file. Your continued use of the service after the effective date of an update constitutes acceptance of the revised policy.