Skip to main content
Back to Home

Privacy Policy

Last updated · September 29, 2025

This Privacy Policy explains how StarterApp ("StarterApp," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you access our website, codebase, and related services (collectively, the "Service").

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1) Who we are & roles under data protection laws

For personal information we collect directly (for example your account details, billing info, support interactions), StarterApp acts as a data controller (GDPR) / business (CCPA/CPRA).

If you use StarterApp to build your own products that process your end users’ personal data, you act as the controller/business for that data.

2) Information we collect

We collect personal information only when necessary, by lawful and transparent means.

A. You provide directly

  • Account identifiers (name, email)
  • Authentication info (via OAuth tokens/IDs; we do not access your Google password)
  • Billing info (handled by payment processor; we do not access card information)
  • Support requests, survey responses, or feedback

B. Collected automatically

  • Device and log data (IP address, browser, OS, timestamps, error logs)
  • Product usage events (for example feature interactions)
  • Cookies or similar technologies for session management and basic analytics (see §10)

C. From third parties

  • Google OAuth basic profile: name and email (see §7)
  • Payment processor responses (for example payment status)

We do not knowingly collect sensitive personal information (for example health data, precise geolocation).

3) How we use personal information (purposes)

We use personal information to:

  • Provide, operate, and secure the Service (auth, session management, fraud prevention, debugging)
  • Process purchases and manage subscriptions or licenses
  • Provide support and respond to inquiries
  • Improve and develop the Service (usage analytics, quality, performance)
  • Send transactional messages (for example account notices, critical updates)
  • Comply with law, enforce our Terms and policies, and protect rights and safety

We do not sell personal information.

4) Legal bases (GDPR/UK GDPR)

Where GDPR applies, we rely on:

  • Contractual necessity (to provide the Service you request)
  • Legitimate interests (security, product improvement, preventing abuse, limited analytics)
  • Consent (where required by law, for example certain cookies or marketing)
  • Legal obligation (tax, accounting, compliance)

5) Sharing & disclosures

We disclose personal information only as necessary:

  • Service providers / subprocessors. Hosting, authentication, payments, analytics, logging, and optional AI integrations. These providers act under contract and process data on our behalf.
  • Legal & safety. To comply with applicable law, lawful requests, or to protect rights, safety, and security.
  • Business transfers. In a merger, acquisition, financing, or asset sale, information may be transferred under confidentiality.

We do not rent or sell your personal information. We do not share Google OAuth profile data for advertising.

6) International transfers

Your information may be transferred to and processed in countries other than your own. Where required, we use appropriate safeguards (for example Standard Contractual Clauses, UK Addendum) to protect personal information transferred internationally.

7) Google OAuth disclosure

Data Accessed

When you sign in with Google, we request your name and email address (basic profile). We do not request access to Gmail, Google Drive, contacts, calendars, or other Google data.

Data Usage

We use your name and email to:

  • Create and authenticate your StarterApp account
  • Display your profile info within StarterApp
  • Send transactional emails (for example security notices)

Data Sharing

We do not share Google profile data with third parties except:

  • With our service providers strictly to operate the Service (for example auth session, email delivery)
  • As required by law or for security or abuse prevention

Data Storage & Protection

We store your Google-provided name and email in our database associated with your account, protected with industry-standard security controls (see §9). We do not access your Google password.

Data Retention & Deletion

We retain Google-provided profile data while your account is active and for a limited period thereafter (see §8). You can request deletion at any time (see §12). If you disconnect Google sign-in, we will stop using Google OAuth for your account going forward.

8) Data retention

We keep personal information only as long as necessary for the purposes in this Policy, including to meet legal, accounting, or reporting requirements. Typical retention periods:

  • Account & profile data: While your account is active and up to 24 months after closure (to allow you to re-activate and for fraud or security auditing), unless you request earlier deletion and law permits.
  • Billing/transaction records: Up to 7 years (tax or accounting laws).
  • Logs & security data: Typically 30–180 days, unless needed to investigate issues or comply with law.

We may anonymize or aggregate data for analytics; anonymized data is not subject to deletion requests.

9) Security

We use commercially reasonable safeguards to protect personal information, including encryption in transit, access controls, environment isolation, and vulnerability management. No method of transmission or storage is 100% secure; you are responsible for safeguarding your account credentials and securing your deployments.

10) Cookies & similar technologies

We use minimal cookies and similar technologies for:

  • Authentication/session (required for login and maintaining your session)
  • Security (for example CSRF or rate-limit tokens)
  • Basic analytics to understand feature usage and improve reliability

Where required by law, we will request consent for non-essential cookies and provide controls to manage preferences. Disabling required cookies will prevent login or certain features from working.

11) Your privacy rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete personal information (subject to legal or contractual exceptions)
  • Restrict or object to certain processing
  • Data portability
  • Opt out of certain disclosures defined as “sharing” or “selling” under CPRA (we do neither)
  • Withdraw consent where processing is based on consent

To exercise rights, see §12.

12) Your choices & requests (access, deletion, portability)

You can manage much of your data in-product. For formal requests:

  • Email: legal@starter.app
  • Please include: your name, email, the request type, and any relevant context. We may verify your identity before fulfilling requests. We will respond within the timeframes required by applicable law.

To delete your account, submit a deletion request via email or any provided in-app deletion flow. Deleting your account will remove or de-identify personal information not subject to legal retention.

13) Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us to remove it.

14) Third-party links

Our website and docs may link to external sites we do not control. We are not responsible for their content or privacy practices. Review their policies before providing information.

15) Changes to this Policy

We may update this Policy from time to time. Material changes will apply prospectively and be indicated by the “Last updated” date above. Your continued use after changes become effective constitutes acceptance.

16) Contact us

StarterApp
All inquiries: legal@starter.app