Privacy Policy

1. Introduction

App Config.json ("we," "our," or "us") operates the configuration management platform and related services. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, process, and share your information when you use our services, visit our website, or interact with our APIs.

By accessing or using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect information to provide better services to our users. The types of information we collect include:

2.1 Account & Profile Information

When you create an account, we collect your name, email address, company name, and optionally a profile photo. Business accounts may require additional verification details.

2.2 Usage & Technical Data

We automatically collect configuration metadata (non-sensitive schema structure, environment names, sync timestamps), API request logs, IP addresses, browser/device identifiers, and performance metrics to ensure service reliability and optimize delivery.

2.3 Billing & Payment Information

For paid plans, we collect payment details through our secure third-party processors. We do not store full credit card numbers on our servers. Transaction records are retained for accounting and compliance purposes.

3. How We Use Your Information

We use the collected information for the following purposes:

• To create, manage, and secure your account
• To deliver, maintain, and improve our configuration sync services
• To process transactions and send billing-related communications
• To monitor system performance, detect anomalies, and prevent abuse
• To provide customer support and respond to inquiries
• To send service updates, security alerts, and administrative messages
• To comply with legal obligations and enforce our terms of service

4. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

• Service Providers: Trusted third parties who assist in operating our platform (e.g., cloud infrastructure, email delivery, payment processing) under strict data processing agreements.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
• With Your Consent: When you explicitly authorize us to share information.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• AES-256 encryption for data at rest and TLS 1.3+ for data in transit
• Role-based access control (RBAC) and multi-factor authentication (MFA) for admin operations
• Regular security audits, penetration testing, and vulnerability monitoring
• Strict internal access policies and employee confidentiality agreements

While we strive to protect your information, no system is completely immune to breaches. We will notify affected users and authorities in the event of a confirmed data incident, as required by applicable law.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Account data is retained until you request deletion or your account becomes inactive for 24 consecutive months, at which point it is securely purged from our active systems.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access, correct, or update your account information
• Request deletion of your personal data
• Export your data in a machine-readable format
• Object to or restrict certain processing activities
• Withdraw consent for optional data uses at any time

To exercise these rights, please contact us using the information provided in Section 11. We will respond to verifiable requests within 30 days.

8. Cookies & Tracking Technologies

We use essential cookies to maintain session state and authenticate API requests. We may also use analytics cookies to understand platform usage trends. You can manage cookie preferences through your browser settings. Disabling essential cookies may limit functionality.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information promptly.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or a prominent notice on our dashboard at least 30 days before the new policy takes effect. Your continued use of the service constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Data Protection team: