Privacy Policy
This policy explains what Spaceport collects when you use it, how that data is stored and shared, and how to control it.
1. What we collect
From you directly:
- Your email address, so we can create your account, send your sign-in link, and email you receipts.
- Payment details, handled entirely by Stripe. We never see or store your card number.
- Optional credentials and project data you enter into the dashboard: App Store Connect API key (.p8 file, key ID, issuer ID), RevenueCat secret key, app name, bundle ID, subscription pricing.
Automatically:
- Browser cookies for authentication (one Supabase session cookie, one Stripe Checkout session cookie).
- Server logs containing IP address, user agent, and request paths, used for debugging and abuse prevention.
We don't run third-party analytics, A/B testing, or advertising trackers.
2. How sensitive credentials are stored
The App Store Connect .p8 private key and the RevenueCat secret key you upload are encrypted at rest using AES-256-GCM before being written to our database. The encryption key is held only on our servers; without it, the ciphertext is unreadable. We can't recover your keys if we lose ours, which is why both keys are easy to re-upload from the dashboard at any time.
3. How we use your data
- To run the service: generate your Xcode projects, sync with App Store Connect and RevenueCat, send your sign-in links.
- To process payments via Stripe.
- To reply to your support requests.
- To detect, investigate, and prevent abuse.
We do not sell your data to anyone. We don't share it for advertising or marketing purposes.
4. Sub-processors
We share data only with the third parties needed to run Spaceport:
- Stripe for payments and subscription billing.
- Resend for transactional email (sign-in links, receipts, contact replies).
- Supabase for database and authentication.
- Our hosting provider (currently Railway) for serving the site and running the API.
When you choose to connect your own accounts to Spaceport (Apple App Store Connect, RevenueCat, Firebase, OpenAI, Anthropic), data is sent to those services only with your explicit configuration and at your direction.
5. Cookies
The only cookies Spaceport sets are for authentication (Supabase session) and the Stripe Checkout flow. No analytics, no advertising, no third-party tracking cookies.
6. Your rights
You can at any time:
- Update your email or saved credentials from the dashboard.
- Request a full export of the data on your account.
- Delete your account, which removes your data within 30 days.
Users in the EU, UK, and other jurisdictions with similar privacy frameworks have additional rights (access, rectification, erasure, portability, objection, restriction). To exercise them, email us.
7. Data retention
We keep your account data while you have an active account. After account deletion, personal data is removed within 30 days. Limited records (Stripe transactions, invoice records) may be retained longer where required by law โ typically seven years for tax purposes.
8. Children
Spaceport is a tool for developers building iOS apps. We don't knowingly collect personal data from anyone under 13. If you believe we've received data from a child in error, contact us and we'll delete it.
9. Changes to this policy
If we change this policy in a way that affects how your data is used, we'll email the address on your account.
10. Contact
Privacy questions or data requests: use the contact form.