Privacy notice

Who is responsible for your data

Apps Almanac is operated by Valotrix Studio SRL (CUI RO42485840), a company established in Romania (European Union) with its registered office at Str. Iernuteni Bl. 40, Sc. 2, Ap. 12, 545300 Reghin, Mures County, Romania. For the personal data described here, Valotrix Studio SRL is the data controller. You can reach us about any privacy matter at hello@appsalmanac.com.

What we collect about you

If you have an Apps Almanac account, we store:

• Your email address.
• When you sign in we email you a one-time code / magic link; we store only a short-lived (10-minute), single-use hash of that code and your email for that request, never a reusable password.
• An optional second-factor (2FA) secret, if you enable it, stored encrypted at rest.
• A signed session cookie identifier so you stay logged in.
• If you sign in with Google or GitHub, we receive your verified email address from that provider to identify your account (for GitHub this is returned via an authenticated API call when no public email is set). We never receive your password.
• Your plan tier and a Stripe customer identifier if you subscribe. Card and payment details are held by Stripe, not by us.
• If we grant you a complimentary plan (for example a beta or verified-store comp), we store which plan was granted, when it expires, and a short internal note recording the reason.
• Your workspace: items you track (categories, apps, developers), saved queries, alert rules, ideas, and items you've dismissed. This includes any free text you enter: the conditions of an alert rule (stored as JSON), and the title, description, and notes you attach to an idea.
• Usage counts per month, used to enforce the free-tier monthly lookup limit.
• A security audit log of sensitive actions (login, billing changes, API-key issuance). Each entry stores a truncated IP address (IPv4 reduced to a /24, IPv6 to a /48 the host-identifying part is dropped) and the first 120 characters of your browser's user-agent string. The full IP and full user-agent are never stored. This log is the balancing record for our legitimate-interest security basis (Art. 6(1)(f)); see “Why we use it” below.
• Your onboarding profile: the audience mode you pick (builder, app owner, merchant, researcher, or agency), how you plan to use Apps Almanac, and your optional self-declared team size and annual-revenue band (these structured answers are stored together as JSON). We keep these as a self-declared profile to tailor what each view shows and the recommendations we surface. You can update or clear them in Settings.
• Interface preferences (theme, locale) and the timestamp of your last visit (used to compute "since you last visited" deltas in digests).
• Feedback you submit, including the page you were on when you sent it.
• If you create API keys, only a hash and a short display prefix never the full key after it is shown to you once.
• Notification endpoints you configure (Slack / Discord / Teams / generic webhook URLs). Because these embed access tokens, we encrypt them at rest and never display the full URL back to you.

What we don't collect

• Your browsing history outside the Apps Almanac app.
• Advertising or cross-site tracking profiles. We do not sell or share your data with advertisers or data brokers.
• Cookies beyond those required for your session, your theme preference, and to remember your analytics consent choice; analytics/replay cookies are set only after you accept the consent banner.

Why we use it, and the legal basis

• To provide the service authenticate you, run your workspace, and deliver the features of your plan. Basis: performance of our contract with you (GDPR Art. 6(1)(b)).
• To take payment process subscriptions and send receipts. Basis: performance of contract, and our legal obligations as a business (Art. 6(1)(b)/(c)).
• To keep the service secure enforce plan limits, detect abuse, and investigate incidents (the audit log). Basis: our legitimate interest in operating a safe, non-abused service (Art. 6(1)(f)).
• To send essential messages billing receipts and material service announcements. Basis: performance of contract / legitimate interest.
• To send the weekly digest if, and only if, you opt in (an unchecked box at signup, or the toggle in your email settings), we email you a once-a-week “State of Shopify Apps” summary built from public market aggregates. Every digest carries a one-click unsubscribe, and you can turn it off anytime at Settings → Email notifications. Basis: your consent (Art. 6(1)(a)), withdrawable at any time.
• To send product updates if you opt in (the separate marketing toggle at signup or in Settings → Email notifications), we may email occasional product-news broadcasts. These are distinct from the weekly digest, carry a one-click unsubscribe, and are off unless you opt in. Material service notices (e.g. billing or security changes) are sent regardless, as they are not marketing. Basis: your consent (Art. 6(1)(a)), withdrawable at any time.

We never default you into marketing email: both the weekly digest and product-update broadcasts are strictly opt-in, off by default, and one-click unsubscribable.

Who else processes your data (sub-processors)

We use a small number of trusted service providers who process personal data on our instructions, under a data-processing agreement. Sub-processor list last reviewed: 2026-06-10.

• Stripe payment processing. Stripe collects your name and card details directly during checkout; from us it receives only your email and a customer reference. We never see or store your card details.
• Google / GitHub optional sign-in identity providers. If you choose social sign-in, the provider authenticates you and returns your verified email address; we use it only to identify your account. Using one is entirely optional (email sign-in works without them).
• Resend transactional email delivery (e.g. sign-in codes / magic links and account emails). Receives your email address and the message content.
• Render application hosting. Our database and servers run on their infrastructure; operational logs may transit their systems.
• Sentry error monitoring & diagnostics. Receives technical error data and, with your consent, masked session replays of activity within the Apps Almanac app only: these replays never capture or reconstruct your browsing history outside our service. Configured for EU data residency; no advertising use.
• Mixpanel product analytics, used only with your consent. EU-hosted. Receives a pseudonymous user identifier and product-usage events never your email or name.
• Better Stack uptime & infrastructure monitoring. Receives service health signals, not personal data.

Analytics and session replay run only after you accept the consent banner; you can change this anytime in Settings → Data & privacy.

Some of these providers may process data outside the European Economic Area. Where that happens, the transfer is covered by appropriate safeguards (such as the European Commission's Standard Contractual Clauses).

If we add or replace a sub-processor that handles your personal data, we will update this notice and announce the change in the in-app changelog at least 30 days before the new provider starts processing. If you object to the change, email hello@appsalmanac.com within that window; if we cannot resolve your objection, you can export your data and delete your account before the change takes effect.

How long we keep it

We keep your account data while your account is active. If you delete your account, everything tied to your user is erased from our database: all tracked items and their activity history and score snapshots, saved queries, ideas, alert rules and their channel routing, notification channels, your inbox notifications, the records of any broadcasts sent to you, your monthly usage counts and lookup history, API keys, and audit-log entries. Any feedback you submitted is unlinked from your account and its text is removed; we retain only the anonymized category label (e.g. “bug”) for product analytics, with no way to tie it back to you. Stripe retains billing records independently, under its own policy and applicable law.

Even while your account is active, some data is pruned on a rolling basis:

• Activity history (tracked-item change events) kept for 90 days, then deleted automatically.
• Inbox notifications (alert & digest items) kept for 180 days, then deleted automatically.
• Security audit log kept for 12 months, then deleted automatically.
• Score history (the trajectory snapshots behind a tracked item's sparkline) kept for 365 days, then deleted automatically.
• Feedback (the free-text notes you send us) kept for 365 days, then deleted automatically.
• Billing & usage records subscription status is kept for the life of your account so we can run billing; monthly usage counts are kept only for the current period (older months are pruned automatically). Everything tied to your account is removed when you delete it. One exception: invoices and the billing records behind them (held by Stripe, our payment processor) must be retained for 10 years from the end of the financial year of the transaction, as EU and Romanian tax and accounting law requires, even after you delete your account. Basis: our legal obligation (Art. 6(1)(c)).

Your rights under the GDPR

As a data subject in the EU, you have the right to:

• Access get a copy of the personal data we hold about you. You can download a full export of your account data at any time from your Settings.
• Erasure delete your account and the associated data. You can do this yourself from your Settings; the deletion is immediate and cascades across your workspace.
• Rectification correct inaccurate data. Most fields are editable in Settings; email us for anything you cannot change yourself.
• Portability receive your data in a structured, machine-readable format (the export above is JSON).
• Objection & restriction object to, or ask us to restrict, processing based on our legitimate interests. Email us and we will assess your specific situation. One category cannot be toggled off while your account is active: the security audit log (login, billing events, API-key issuance). It is the technical record we need to investigate and prove incidents and breaches, and disabling it for individual accounts would undermine the security of all accounts. The legal basis for it is legitimate interest (Art. 6(1)(f)); it is kept for 12 months and then deleted automatically.
• Withdraw consent where we rely on your consent, withdraw it at any time without affecting prior processing.

To exercise any of these, use the controls in Settings or email hello@appsalmanac.com. We respond within 30 days. You also have the right to lodge a complaint with a supervisory authority in Romania this is the National Supervisory Authority for Personal Data Processing (ANSPDCP), or the authority in your own EU country of residence.

Data about Shopify apps and their developers

Our analytics include information about Shopify apps and the developers who publish them. That information comes from public listings on the Shopify App Store, which anyone can read without signing in. See data sources for what we organize, how, and how a developer can ask for their listing to be excluded from our analysis.

Changes to this notice

We announce material changes in the in-app changelog. The effective date at the top of this page reflects the current version.