Privacy Policy

Account Information: When you register, we collect your name, email address, and password (stored as a secure hash).

OAuth & Integration Credentials: When you connect third-party services (e.g., Google, Airtable, Slack), we receive and securely store OAuth access tokens, refresh tokens, and the scopes you have granted. We never receive or store your passwords for these third-party services.

Usage Data: We collect information on how you interact with the platform — workflow runs, feature usage, browser type, IP address, timestamps, and crash reports — to improve the service.

Workflow & Automation Data: Content you create within Aptlystar (workflows, triggers, block configurations, and outputs) is stored to provide the service.

Communications: If you contact us via email or support, we retain those communications to resolve issues and improve our service.

We use the information we collect to:

• Provide, maintain, and improve the Aptlystar platform
• Authenticate your identity and secure your account
• Execute your workflows and automations using the permissions you have granted
• Send transactional emails (account verification, password reset, alerts)
• Send product updates and marketing emails (with your consent; opt-out available)
• Monitor and analyze usage patterns to improve performance and features
• Detect, prevent, and address abuse, fraud, and security incidents
• Comply with legal obligations

We do not sell your personal data to third parties, and we do not use your workflow data to train AI models without your explicit consent.

Aptlystar connects to third-party services on your behalf using OAuth 2.0. Currently supported integrations include (but are not limited to): Google (Gmail, Drive, Calendar, Sheets, Docs), Airtable, Slack, Notion, HubSpot, Jira, Microsoft (Teams, Excel, OneDrive), and others.

What we access: When you connect an integration, Aptlystar requests only the OAuth scopes required for the features you use. For example, connecting Airtable may request scopes such as data.records:read, data.records:write, and schema.bases:read.

Token storage: OAuth access tokens and refresh tokens are encrypted at rest using AES-256 encryption before being stored in our database. Tokens are only decrypted server-side, in memory, when executing an authorized action on your behalf.

Token use: We use stored tokens exclusively to execute workflows and automations you have configured. We never share, sell, or use your OAuth tokens to access your data for any purpose other than running your automations.

Revocation: You can disconnect any integration at any time from the Integrations settings page in Aptlystar. This will delete stored tokens from our system. You may also revoke access directly from the third-party service's account settings.

Aptlystar's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell your personal data. We share information only in these circumstances:

• Service providers: Infrastructure, hosting, payment processing, analytics, and email delivery partners who process data on our behalf under data processing agreements.
• Third-party integrations: When your workflow calls a third-party API (e.g., Airtable, Google), your data is sent to that service per their own privacy policy.
• Legal requirements: If required by law, court order, or to protect our rights or the safety of users.
• Business transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We implement industry-standard security measures to protect your data:

• All data is transmitted over TLS/HTTPS
• OAuth tokens and sensitive credentials are encrypted at rest (AES-256)
• Passwords are hashed using bcrypt and never stored in plaintext
• Access to production systems is restricted and audited
• We conduct periodic security reviews

While we take commercially reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach affecting your rights, we will notify you in accordance with applicable law.

Data is stored on servers located in the United States. By using Aptlystar, you consent to your data being transferred to and processed in the United States.

Depending on your location, you may have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated data.
• Portability: Request an export of your data in a machine-readable format.
• Opt-out: Unsubscribe from marketing emails at any time via the unsubscribe link or account settings.
• Withdraw consent: Disconnect any OAuth integration at any time, which removes our access to that service.

To exercise these rights, contact us at support@aptlystar.dev. We will respond within 30 days.

Aptlystar uses cookies and similar technologies for authentication, session management, and analytics.

• Essential cookies: Required for authentication and core functionality. Cannot be disabled.
• Analytics cookies: We use PostHog and Google Analytics to understand usage patterns. These can be disabled in your browser settings.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

We retain your data for as long as your account is active or as needed to provide the service. When you delete your account:

• Personal data is deleted within 30 days
• OAuth tokens are immediately revoked and deleted
• Workflow data and run history are deleted within 30 days
• Anonymized aggregated analytics data may be retained for longer periods for product improvement
• Backup copies may persist for up to 90 days before permanent deletion

Aptlystar is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If we learn we have collected personal data from a child under 13, we will delete it promptly. If you believe we have inadvertently collected such information, please contact us at support@aptlystar.dev.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will send an email notification to the address associated with your account. We encourage you to review this policy periodically.

Your continued use of Aptlystar after any changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: