ASO.dev Security Manifest: Data Privacy & API Key Safety

At ASO.dev, we understand how important it is for you to maintain the confidentiality of your data and to work with tools you can truly trust.
Our main goal is to provide convenient solutions while maintaining the highest level of security.
Below, we will explain why ASO.dev is a platform you can confidently entrust with your work.

All requests to App Store Connect are sent directly from your device to Apple’s servers.
Similarly, when working with Google Play, requests to the Google Play Developer API are executed directly from your device.
We do not redirect your traffic through our own servers. This means your actions remain strictly between you and Apple/Google (subject to your own network rules, e.g. a configured proxy).

Since we do not process or store your actions on the ASO.dev side, any risk associated with a potential leak of confidential information is minimized.

We support different access models, so you can choose what best matches your company’s security requirements.

Allows multiple specialists to work together on one or more projects.
Provides a common set of permissions, convenient for quickly onboarding new team members.

Makes it possible to restrict access to specific apps and/or lock the analytics and financial sections.
Ensures precise control of permissions, which is crucial for complying with the company’s internal security policies.

For Google Play, ASO.dev uses a Google service account.
Permissions are configured in Google Play Console, and you can revoke access at any time.

Bottom line: You always control who can view your data and exactly what they can do within ASO.dev.
If a key is compromised or is no longer needed, you can revoke it at any time, terminating all associated actions.

All keys, passwords, and other confidential data are stored locally on your device - we do not copy them to our servers.

If desired, you can enable API key synchronization (for teamwork or using multiple devices).
In this case, API keys and/or the service account credentials are additionally encrypted with your unique code, inaccessible to ASO.dev.

We do not transfer or sell your data to any organizations, and you do not risk having your confidential information exposed to unauthorized parties.

ASO.dev does not request or store information about your revenue, transactions, etc.

By using Individual API keys, you can completely restrict access to financial reports and analytical data for any user if required by your company’s security policy.

For Google Play, the principle is the same: access is defined by the service account permissions in Google Play Console. You can scope it to specific apps or actions, or revoke it when needed.

If you need strict control over the IP addresses from which actions are performed, ASO.dev provides proxy support.

This mechanism works the same way for App Store Connect and Google Play.

You can specify a separate proxy for each application or project, ensuring clear segmentation of activity and compliance with corporate requirements.

• We use the official App Store Connect API.
• The use of the App Store Connect API in ASO.dev for making changes to users’ apps has been approved by the App Store Review Board.
• All changes you make to your app go through mechanisms provided by Apple itself, and you control these processes by issuing API keys with the necessary permissions.

We extend ASO.dev to Google Play while keeping the same security principles:

• Access is provided via a Google service account, which you configure and control.

You can work in ASO.dev without any API keys.
In this mode, the following features are available:

• Keyword search and market analysis
• Studying competitor apps
• Modifying public metadata and exporting data for further automation via Fastlane

If you need to interact directly with App Store Connect (edit app data, respond to reviews), only then do you provide a key. The level of access depends entirely on you.

ASO.dev automatically collects publicly available information (metadata, search positions, etc.).
Our servers handle analytics, but your personal information is not involved.
We never ask you for extra data, nor do we use your device to collect information about other apps.

We do not collect or use user metadata. Any metadata you enter into ASO.dev remains solely with you.

ASO.dev is an independent platform; we have no external investors interested in buying user data.

If you have concerns or suggestions for improving security, we are always open to dialogue.

We strive to create tools that help you work with App Store Connect faster and more easily, without compromising security.
ASO.dev is built on the principles of:

• Control. All keys and access remain in your hands, not in the cloud.
• Transparency. Clear rules, open encryption mechanisms, and no hidden “gray areas.”
• Flexibility. You decide how and with whom to share access, and we provide all the necessary tools.

ASO.dev is a solution that combines convenience, analytics, and automation with a high level of information security.
We understand how crucial security is for users, which is why:

• We guarantee there are no intermediaries in transmitting your data to App Store Connect.
• We guarantee the same direct-request principle when working with Google Play.
• We ensure reliable encryption and a flexible rights-segmentation system.
• We support proxy mechanisms.
• We adhere to principles of transparency and responsibility so you can use the platform without any doubts.

By choosing ASO.dev, you get a service that not only simplifies the work of developers and marketers but also meets strict corporate-level security requirements.
If you have any questions or wish to propose additional security measures, contact us or book a meeting.
We are always ready to listen and implement the best and most secure solutions for your success.