App Store Reject

Privacy Policy

Last updated: April 11, 2026

App Store Reject is operated by Go Apps Go, LLC (“we,” “us”). This policy explains what we collect when you use the site, the CLI tools, and the related services, how we use that information, who we share it with, and the rights you have over it.

1. Information We Collect

Account information

When you sign in with Google or GitHub we receive your name, email address, and profile image from the OAuth provider. We also store your role (user, moderator, admin), tier (free, indie, pro), an optional display name, and your contribution counts.

Content you submit

  • Rejection screenshots you upload and the text we extract from them using OCR.
  • Community solutions, comments, votes, flags, and appeal drafts you create.
  • Metadata about your submissions, such as timestamps, upload source, and matched guideline codes.

CLI and scan data

If you use the asr command-line tool to scan your own apps, we receive the bundle identifier, platform (iOS or Android), framework (for example native, Expo, or React Native), and the findings produced by our scan checks — guideline code, confidence level, check ID, and surrounding code snippets used to explain the finding. We do not receive your full source code or application binaries.

Billing information (paid tiers)

When you subscribe to a paid tier, our payment processor Stripe collects and processes your payment details directly. We store a Stripe customer ID and the status of your subscription on our servers; we never see or store your full payment card number.

Email signup data

When you sign up for early access or guideline change alerts we collect your name (optional), your email address, the signup timestamp, and any UTM campaign parameters present in the URL.

Usage data

  • Pages viewed, features used, and anonymized interaction events via PostHog analytics.
  • Server logs and error traces via Vercel and Sentry, including request paths, user IDs, and client identifiers used for rate limiting.

2. How We Use Your Data

  • Operate the site: show you your submissions, let you vote and comment, run scans, and generate appeal letter drafts.
  • Process content: run OCR on uploaded images, use AI models to clean and categorize them, and generate embeddings for search and deduplication.
  • Send transactional email such as upload confirmations, scan results, guideline change alerts you opted into, and product updates.
  • Enforce rate limits, detect abuse, and keep the service reliable.
  • Improve the product through analytics and error monitoring.

3. AI Processing

When you upload a screenshot, submit content, or use a feature powered by AI, the relevant text and metadata are sent to our AI subprocessors:

  • Anthropic (Claude) — for OCR cleanup, categorization, moderation, appeal letter drafting, and guideline change summarization.
  • OpenAI — to generate embedding vectors used for semantic search and deduplication.

These providers process your data as subprocessors on our behalf. Anthropic and OpenAI state that data submitted through their APIs is not used to train their models by default. See their privacy policies for details. You can choose not to upload content if you do not want it processed by these providers.

4. Screenshots and Scan Data Retention

  • Uploaded screenshots are stored in Convex storage. The single highest-confidence screenshot per published rejection is retained as a reference image for as long as that rejection remains on the site.
  • OCR text, AI-cleaned text, and embedding vectors associated with a rejection are retained for as long as the rejection is published.
  • Scan records — bundle ID, platform, framework, and findings — are retained on your account so you can view scan history and compare results over time.
  • Admin audit logs are retained for 90 days.

5. Third-Party Services (Subprocessors)

We share data with the following service providers strictly as needed to run the service. Each maintains its own privacy policy and security practices.

  • Convex — primary database, file storage, and serverless backend.
  • Vercel — hosting and content delivery for the website.
  • Anthropic — AI text processing (see section 3).
  • OpenAI — embedding generation (see section 3).
  • Resend — transactional email delivery.
  • PostHog — product analytics.
  • Sentry — error and performance monitoring; may capture user IDs, request URLs, and stack traces.
  • Stripe — payment processing for paid tiers.
  • Google and GitHub — OAuth sign-in identity providers.

6. Cookies and Similar Technologies

We use:

  • Authentication cookies set by our auth system when you sign in.
  • Analytics cookies set by PostHog to measure product usage.

We do not use third-party advertising or marketing cookies.

7. Social Media Posting

We operate an automated social media account, @appstorereject, which posts trending rejections and guideline change summaries. Posts are generated from aggregated, publicly available content; we do not include personally identifying information from user submissions in automated posts.

8. Data Retention Summary

  • Account data: retained while your account is active; deleted on request within 30 days.
  • Uploaded screenshots: reference image retained while the corresponding rejection is published; other copies may be removed once processing is complete.
  • OCR and AI-generated text: retained with the corresponding rejection.
  • Scan history: retained with your account.
  • Admin audit logs: 90 days.
  • Analytics and error logs: retained per provider defaults, typically up to 12 months.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your data.
  • Withdraw consent for analytics or marketing emails.
  • Unsubscribe from promotional emails at any time via the link in each message.

To exercise any of these rights, email hello@goappsgo.co.

10. Children

App Store Reject is intended for software developers and is not directed at children under 13. We do not knowingly collect information from children under 13.

11. International Transfers

We are based in the United States, and our subprocessors may process data in the United States and other countries. By using the service you consent to the transfer of your information to the United States.

12. Changes to This Policy

We may update this policy as the product evolves. The “Last updated” date above reflects the most recent change. Material changes will be announced by email or on the site.

13. Contact

Go Apps Go, LLC
hello@goappsgo.co

See also our Terms of Service.