/privacy

1. Introduction

App Config.json ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our configuration management platform, dashboard, APIs, SDKs, or related services (collectively, the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, organization name, and authentication credentials when you register or manage your account.
Configuration Data: JSON payloads, environment variables, feature flags, and metadata you actively store or sync through our dashboard or APIs.
Communication: Messages sent to our support team, feedback, or survey responses.

2.2 Automatically Collected Information

Usage Data: API request logs, sync events, dashboard interactions, and performance metrics necessary to deliver the Service.
Device & Network Info: IP address, browser type, operating system, time zone, and referring URLs.
Cookies & Local Storage: Essential cookies for authentication, session management, and preference storage. We do not use third-party tracking cookies for advertising.

3. How We Use Your Information

We use the collected information to:

Operate, maintain, and improve our configuration management infrastructure
Authenticate users and enforce access controls across environments
Monitor system health, detect anomalies, and prevent abuse or security breaches
Provide customer support and respond to service requests
Send administrative notifications (e.g., maintenance windows, policy updates, security alerts)
Comply with legal obligations and enforce our Terms of Service

                        Note: We do not use your configuration data to train AI models, sell to third parties, or for any purpose unrelated to delivering the Service. Your app configs remain strictly within your tenant workspace.
                    

4. Information Sharing & Disclosure

We do not sell, trade, or rent your personal data. We may share information only in the following circumstances:

Service Providers: Trusted third-party vendors who assist with hosting, analytics, billing, or customer support, bound by strict data processing agreements.
Legal Requirements: When required by law, court order, or governmental request, or to protect the rights, property, or safety of App Config.json, our users, or the public.
Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice and continuity of privacy protections.
Aggregated/Anonymized Data: We may publish de-identified usage statistics or system benchmarks that cannot reasonably be used to identify individuals.

5. Data Security & Retention

5.1 Security Measures

We implement industry-standard technical and organizational safeguards, including:

AES-256 encryption for data at rest and TLS 1.3 for data in transit
Role-based access control (RBAC) and mandatory two-factor authentication for administrative actions
Regular security audits, penetration testing, and SOC 2 Type II compliance monitoring
Isolated tenant architecture to prevent cross-customer data leakage

5.2 Data Retention

We retain your data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Upon account deletion or contract termination, we will securely erase or anonymize your data within 30 days, except where retention is legally required.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

Access, update, or correct your personal information
Request deletion or export of your data in a machine-readable format
Opt out of non-essential communications
Restrict or object to certain processing activities
Lodge a complaint with a supervisory authority

To exercise these rights, use the privacy controls in your dashboard or contact us directly. We will respond to verified requests within 30 days. Note that certain operational data (e.g., API audit logs) may be retained longer for security and compliance purposes.

7. Children's Privacy

The Service is intended for business and technical audiences aged 16 and older. We do not knowingly collect personal data from children under 16. If we discover such data has been inadvertently collected, we will take steps to delete it promptly. Parents or guardians who believe their child has provided information should contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email to your registered address or through a prominent notice in the dashboard at least 30 days before the new policy takes effect. Your continued use of the Service after such modifications constitutes acceptance of the updated policy.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

Email: privacy@appconfig.json
Support Portal: https://support.appconfig.json
Mail: App Config.json, Inc. — Data Protection Officer, 100 Innovation Drive, Suite 400, San Francisco, CA 94105, USA

For EU/UK residents, our designated Data Protection Representative is available upon request. We are committed to resolving privacy inquiries promptly and transparently.