AppBoost
← Back to home

Privacy Policy

Last updated: May 14, 2026

AppBoost is operated from Japan under Japanese law. The Japanese version of this policy is the authoritative reference; this English version is provided for convenience.

AlphaByte Inc. (the “Company”) handles personal data of users of AppBoost (the “Service”) as set out in this Privacy Policy.

1. Data Collected and Purposes

DataCollectedPurpose
Email addressAt registrationAccount management, Daily Digest delivery, notices
Display name (optional)Profile settingsPersonalised UI text
Tracked apps and keywordsWhile using the ServiceRank tracking, keyword analysis
Payment identifiers (Stripe Customer ID / Subscription ID, subscription status, period end)When subscribing to a paid planSubscription management, billing, cancellation, access to the Stripe Customer Portal. Card numbers are not stored on our servers.
Access logs (IP, User-Agent, timestamp)While using the ServiceSecurity, abuse detection, statistics
Cookies / similar technologyWhile using the ServiceSession management, usage analytics

We do not use this data outside the stated purposes except where required by law or with the User’s consent.

2. Subprocessors

We rely on the following third-party services with the minimum data necessary. Each is governed by an appropriate contract requiring adequate security.

VendorLocation / regionPurposeData shared
Vercel Inc.USAHostingAccess logs (IP, UA, …)
Supabase, Inc.Tokyo (ap-northeast-1)Database / authAll data registered in the Service
Resend, Inc.USADaily Digest / transactional emailEmail address, digest body
Google LLC (Gemini API)USAAI features (e.g. keyword research)Text submitted by the user
Google LLC (Google Analytics 4)USASite analyticsCookie ID, UA, anonymised IP
Apple Inc. (iTunes Search / RSS API)USAApp Store chart / review dataNo personal data sent (public lookups only)
Stripe, Inc.USAPaid plan billing and Subscription managementEmail, card data (held by Stripe, never on our servers), billing address, payment history

The current list of subprocessors is published at Subprocessors.

Status of paid plans: The Stripe Checkout / Customer Portal / Webhook payment flow opened on May 15, 2026. We use Stripe, Inc. as a subprocessor as noted above. See the relevant sections for how payment identifiers are handled.

3. AI Features

  • When you use AI features (keyword research, etc.), the text you submit is sent through Google LLC’s Gemini API.
  • We opt into Google’s “no training” setting so that API inputs are not used to train models.
  • Inference logs may be retained for a limited period as per Google’s policy.

4. Retention

  • After cancellation: data is kept 30 days, then automatically deleted.
  • General data (rank / keyword history): retained up to the per-plan limit, then rolled off.
  • Billing / tax records: retained for the statutory 7-year period.
  • Access logs: 90 days, unless investigating a security incident.

5. Cookies

TypePurposeRequired?
Auth cookie (Supabase Auth)Keep you signed inRequired
Settings cookieUI preferences, delivery time, …Required
Payment cookies (Stripe Checkout / Customer Portal)Fraud detection, page operation (set by Stripe; we can’t read them)Required on paid plans
Analytics (Google Analytics 4)Site analytics, improvementOptional

You can disable cookies in your browser, but some features (such as signing in) will stop working.

6. Your Rights

You may ask us to:

  • disclose the personal data we hold about you;
  • correct, add to, or delete inaccurate data;
  • stop using your data or stop sharing it with third parties;
  • stop sending you emails;
  • delete your account entirely.

Send requests to the contact at the bottom of this page. We will respond within a reasonable time after verifying your identity.

7. Security

  • Traffic is encrypted with TLS 1.2 or higher.
  • Databases use at-rest encryption (AES-256).
  • Row-Level Security (RLS) prevents access to other users’ data.
  • API tokens are stored as SHA-256 hashes.
  • Server access is limited to a small number of operators.

8. International Transfers

Vercel, Resend, Google LLC (Gemini, GA4) and Stripe, Inc. are located in the United States. User data may be transferred to the United States for the operation of the Service and the processing of payments. Each provider maintains industry-standard security (Stripe is PCI DSS Level 1 / SOC 2 / ISO 27001 certified) and contractual protections.

Our primary data store, Supabase, is hosted in Tokyo (ap-northeast-1).

9. Data Protection Officer

Taishi Yamasaki (Representative Director, AlphaByte Inc.)
Contact: taishi@alphabyte.co.jp

10. Updates

We may update this policy to reflect changes in the law, the Service, or the list of subprocessors. Material changes will be announced at least 30 days in advance through the Service or by email.

11. Contact

AlphaByte Inc. (Personal Information Handler)
Marutake Bldg. 6F, 3-1-36 Minami-Aoyama, Minato-ku, Tokyo 107-0062, Japan
Email: taishi@alphabyte.co.jp
Phone: +81-80-1408-6436

Changelog

  • 2026-05-15: Stripe payments opened. The §2 callout has been updated to reflect this.
  • 2026-05-14: Stripe, Inc. added as a subprocessor; payment identifiers added to collected data; Stripe cookies added to the cookie table.
  • 2026-05-02: Initial version.