Privacy Policy

This Privacy Policy explains how Bootstrap ("we", "us", "our") collects, uses, and protects information when you use our App Store Optimization (ASO) toolkit available at bootstrap-growth.com (the "Service").

1. Who we are

The Service is operated by Pokidov Dmitrii, registered as an individual entrepreneur (Empresário em Nome Individual) in Lisbon, Portugal, with NIF 317488260. We are the data controller for the personal data described in this policy. For any privacy-related question, write to ceo@themorning.space.

2. What we collect

• Account data: email address, display name, hashed password, IP address and user-agent of each session.
• Workspace data you create: keyword lists, competitor entries, briefs, uploaded files, and screenshots you generate or store inside the Service.
• Usage data: timestamps and counts of API calls (e.g. keyword research runs, screenshot generations) — used to enforce plan limits.
• Billing data: handled entirely by our payment processor Paddle (see Section 5). We never receive or store your card details.

3. How we use it

• To provide the Service (authenticate you, save your work, generate ASO outputs).
• To operate paid plans (track usage against limits, show your subscription status).
• To send transactional emails (verification, password reset, billing notifications).
• To investigate abuse or violations of our Terms of Service.

4. AI processing

The Service uses third-party large language models to generate keyword recommendations, screenshot copy, and other ASO outputs. When you submit a query, relevant text from your workspace (e.g. competitor names, brand context) may be sent to Anthropic (Claude API). Anthropic processes that content per its own privacy policy and does not train its models on API inputs by default.

5. Payments (Paddle)

All payments are processed by Paddle.com Market Limited, which acts as the Merchant of Record. When you check out, you are redirected to Paddle's hosted checkout. Paddle collects your name, email, billing address, payment method, and tax/VAT information as required by law. We receive only a transaction reference and the resulting subscription state. Paddle's privacy policy: paddle.com/legal/privacy.

6. Cookies and storage

We set a single first-party HTTP-only session cookie (aso_session) to keep you signed in. We do not use advertising cookies or third-party trackers. Your browser may also store small amounts of UI state in localStorage (e.g. last opened tab).

7. Data sharing

We do not sell your data. We share data only with:

• Anthropic — to generate AI outputs you request.
• Paddle — to process payments and tax compliance.
• Hetzner Online GmbH — our infrastructure provider (Germany), where the Service and your workspace data are hosted.
• Authorities — only when legally required.

8. Data retention

We retain your account and workspace data as long as your account is active. If you delete your account, we delete your workspace data within 30 days, except where retention is required by law (e.g. invoices kept for 10 years per Portuguese accounting rules — these are held by Paddle).

9. Your rights (GDPR)

If you are in the EU/EEA, UK, or Switzerland, you have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing. To exercise these rights, email ceo@themorning.space. You also have the right to lodge a complaint with your local data protection authority (in Portugal: CNPD).

10. Security

Passwords are stored using PBKDF2-HMAC-SHA256 with 200,000 iterations and a per-user salt. Connections are encrypted with TLS (Let's Encrypt). Session cookies are HTTP-only, SameSite=Lax, Secure-flagged in production.

11. Children

The Service is not intended for users under 16. We do not knowingly collect data from minors.

12. Changes

We may update this policy. The "Last updated" date above reflects the most recent change. Material changes will be announced via email to active accounts.