This Privacy Policy describes how AsoRanker (published by Cédric Fonsat EI — HAFO PRIME) collects, uses, stores, and protects your personal data, in compliance with the General Data Protection Regulation (GDPR — EU 2016/679) and applicable French data protection law.
1. Data Controller
Cédric Fonsat (Sole Trader — HAFO PRIME) SIRET: 904 420 072 00020 15 Rue du Marché, 13015 Marseille, France Email: contact@asoranker.com
AsoRanker is a B2B service intended exclusively for developers and companies with an application published or in development on the Apple App Store or Google Play.
2. Data We Collect
As part of using AsoRanker, we collect the following data:
2.1 Account and Identification Data
- First and last name
- Professional email address
2.2 Billing Data (via Stripe)
Payment data is processed directly by Stripe, Inc. We never store your banking details. Stripe acts as a data processor.
2.3 Mobile Application Data
As part of the ASO service, we collect and store:
- Apple Connect API credentials you voluntarily provide: Key ID, Issuer ID, Vendor Number
- Your Apple Connect API Private Key (stored encrypted — never stored in plain text in the database)
- Your application's App ID (public data)
- Public App Store listing data: title, subtitle, description, keywords, screenshots, reviews, downloads and other ASO metrics
2.4 Usage and Analytics Data
- Aggregated analytics data (page visits) collected via Vercel Analytics, PostHog and Google Analytics 4 (GA4)
- Verification data via Google reCAPTCHA (may include IP address)
2.5 Communications
- Transactional emails sent via Resend (account confirmation, account notifications, etc.)
3. Purposes of Processing
Your data is collected for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance (Art. 6.1.b GDPR) |
| ASO service delivery (analysis, optimization) | Contract performance (Art. 6.1.b GDPR) |
| Billing and subscription management | Legal obligation + contract performance |
| Sending transactional emails | Contract performance (Art. 6.1.b GDPR) |
| Service improvement (analytics) | Legitimate interest (Art. 6.1.f GDPR) |
| Security and fraud prevention | Legitimate interest (Art. 6.1.f GDPR) |
4. Data Retention
Your data is retained for as long as your account is active, then for a maximum period of 3 years from the date of account closure or the end of your last subscription, for legal and accounting purposes.
Billing data is retained for 10 years in accordance with French accounting obligations.
5. Sub-processors and Recipients
We use the following sub-processors to deliver the service:
| Sub-processor | Role | Location |
|---|---|---|
| Vercel Inc. | Web hosting | USA (servers in Europe) |
| Neon Inc. | PostgreSQL database | Europe |
| Stripe, Inc. | Payment and billing | USA (PCI-DSS certified) |
| PostHog Inc. | Product analytics | Europe (EU Cloud) |
| Google LLC | Analytics (GA4) + reCAPTCHA | USA (EU Standard Contractual Clauses) |
| Resend, Inc. | Transactional email delivery | USA (EU Standard Contractual Clauses) |
All sub-processors provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures, in accordance with the GDPR.
6. International Transfers
Some of our partners (Stripe, Google) may process data outside the European Union. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an equivalent level of protection.
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of sensitive data in the database (including the Apple Private Key)
- HTTPS/TLS connections
- Access to data limited to authorized personnel only
- Hosting on certified infrastructure
8. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data ("right to be forgotten")
- Right to restriction: restrict the processing of your data
- Right to data portability: receive your data in a structured format
- Right to object: object to certain types of processing
To exercise your rights, you can:
- Delete your account directly from Settings → Delete my account in the application (all your data is automatically deleted)
- Send an email to contact@asoranker.com
We commit to responding to all requests within a maximum of 1 month (extendable to 3 months for complex requests).
You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): cnil.fr — 3, Place de Fontenoy, 75007 Paris, France.
9. No Data Protection Officer (DPO)
Due to the size of our organization (sole trader / micro-enterprise), we are not required to appoint a DPO. For any questions regarding the protection of your data, please contact us directly at contact@asoranker.com.
10. Policy Changes
We reserve the right to modify this policy at any time. Any significant change will be communicated to you by email or through the application interface. The date of last update is shown at the top of this page.