Privacy Policy for ASC Pilot

Effective Date: June 4, 2026

1. Introduction and Data Controller

Welcome to ASC Pilot. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, process, and disclose your information when you use our web-based platform (the "Service").

The Data Controller responsible for your personal data under the General Data Protection Regulation (GDPR) is:

Inspicon Bogusz Houszka
ul. Ślebodzińskiego 3/2, 54-703 Wrocław, Poland
Tax Identification Number (NIP): PL 8981841498
Contact email: apps@inspicon.com

2. What Personal Data We Collect

When you use ASC Pilot, we may collect the following types of data:

Account Data: E-mail address and an encrypted password hash (managed via our authentication provider).

Operational Data: App Store Connect API keys (.p8 files), Key IDs, and Issuer IDs. Note: These are technical credentials required for the Service to function and connect to Apple Inc., not strictly personal data, but they are securely encrypted and stored.

Technical and Usage Data: IP address, browser type, device information, and logs of your interactions with the Service (e.g., login times, features used) necessary for security and debugging.

Billing and Subscription Data: Information regarding your current subscription plan. Note: We do not collect or store your credit card details. All payment processing is handled by our Merchant of Record (see section 4).

3. Purposes and Legal Basis for Processing

We process your personal data in accordance with the GDPR on the following legal bases:

Performance of a Contract (Art. 6(1)(b) GDPR): To create and manage your Account, provide the ASC Pilot services, authenticate your access, and execute mass deployments to App Store Connect as requested by you.

Legitimate Interests (Art. 6(1)(f) GDPR): To ensure the security of our Service, prevent fraud, analyze usage trends to improve our Platform, and provide customer support.

Legal Obligation (Art. 6(1)(c) GDPR): To comply with tax, accounting, and other legal obligations under Polish and EU law.

4. Data Sharing and Third-Party Processors

We do not sell your personal data. We share your data only with trusted third-party service providers (Data Processors) required to operate ASC Pilot:

Supabase: We use Supabase for database hosting and user authentication. They process your login credentials and operational data securely on our behalf.

Lemon Squeezy (Merchant of Record): All purchases, billing, and invoicing are handled by Lemon Squeezy. When you purchase a subscription, you interact directly with Lemon Squeezy, which acts as an independent Data Controller for your payment and billing information. We only receive confirmation of your subscription status and basic non-financial billing details.

Apple Inc.: Our Platform interacts with the App Store Connect API using the credentials you provide. Data synchronized between ASC Pilot and Apple is subject to Apple's privacy terms.

5. International Data Transfers

Our primary databases are hosted within the European Economic Area (EEA). However, some of our third-party processors (such as Supabase or Lemon Squeezy) may process data outside the EEA (e.g., in the United States). Whenever your data is transferred outside the EEA, we ensure it is protected by appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

Account Data: Retained for as long as your Account is active. If you delete your Account, we will erase your personal data within 30 days, except where the law requires us to hold it longer.

Billing Data: Retained for the period required by tax and accounting laws (typically 5 years).

Logs and Technical Data: Retained for a short period (usually up to 90 days) for security and debugging purposes, after which it is deleted or anonymized.

7. Your Privacy Rights (GDPR)

If you are located in the EEA or the UK, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data when it is no longer necessary for the purposes collected.
• Right to Restriction of Processing: You can ask us to suspend the processing of your data in certain scenarios.
• Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at apps@inspicon.com. You also have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (PUODO).

8. Cookies and Tracking Technologies

ASC Pilot uses strictly necessary cookies and local storage tokens required for the platform to function properly (e.g., maintaining your logged-in session via Supabase). Because these cookies are essential for the Service you requested, we do not require your explicit consent to use them. We do not use third-party marketing or tracking cookies that require consent under the ePrivacy Directive.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending an e-mail notification.