Privacy Policy

Last updated: March 6, 2026

Introduction

AppDroid ("we", "us", "our") operates the appdroid.dev website and the AppDroid container security scanning platform. This Privacy Policy describes how we collect, use, and protect your information when you use our services. This Privacy Policy forms part of our Terms of Service.

Information We Collect

Account Information. When you create an account, we collect your name, email address, and username through our authentication provider (Clerk). If you sign in via a third-party provider such as GitHub, we receive your profile information from that provider.

Payment Information. When you subscribe to a paid plan, payment details are collected and processed by Stripe. We do not store your credit card numbers on our servers.

Container Image Data. When you use our scanning service, we process container image references and scan metadata (image paths, scan status, event logs). Scan results are associated with your account.

Automatic Data. We automatically collect standard web data including IP addresses, browser type, device information, and usage patterns when you interact with our services.

Cookies and Tracking. We use cookies and similar technologies for authentication and session management. Our authentication provider (Clerk) sets cookies necessary for you to sign in and stay signed in. We do not use third-party advertising or tracking cookies.

How We Use Your Information

Provide, operate, and maintain our container scanning services
Process payments and manage your subscription
Send service-related communications (account alerts, security notices)
Improve and develop our platform
Respond to your support requests

We process your account and scan data on the basis of performing our contract with you (our Terms of Service). We process automatic data on the basis of our legitimate interest in maintaining the security and performance of our services.

Third-Party Services

We use the following third-party services to operate our platform:

Clerk — authentication and identity management
Stripe — payment processing and subscription billing

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Data Retention

We retain your account information and scan data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Upon deletion, we will remove your personal data within 30 days, except where we are required by law to retain it.

Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and access controls. API authentication tokens are stored securely and can be revoked at any time through your account settings.

Data Location

Your data is stored and processed in the United States. If you are accessing the Service from outside the United States, you consent to the transfer of your data to the United States for processing.

Your Rights

You have the right to access, correct, or delete your personal information. You may also request a copy of the data we hold about you. To exercise any of these rights, contact us at the address below.

California Residents. Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.

European Residents. Under the General Data Protection Regulation (GDPR), you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to withdraw consent and lodge a complaint with a supervisory authority.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

Contact

If you have questions about this Privacy Policy, contact us at legal@appdroid.dev.