ipafy.ioTurn projects into IPA builds

Legal · Privacy Policy

Privacy Policy

Last updated

This Privacy Policy explains what information ipafy handles when you use the service to build iOS applications from your projects, how that information is protected, and the choices available to you.

01

Overview

ipafy is a build automation service that produces iOS application archives (IPA files) from the project source you upload and, when you ask it to, delivers those builds to Apple App Store Connect and to any additional delivery destinations enabled for your account. This policy describes what information ipafy handles when you use the service, how it is protected, and the choices available to you.

We collect only what we need to operate the service and to run the builds you request. We do not sell or rent any data handled by the service. We do not use uploaded project files, credentials, or build artifacts for advertising, profiling, or training third-party models.

02

Information we collect

ipafy collects only the information needed to run the builds you request, to deliver them where you ask, and to operate the service safely.

  • Account information. When you create an account or sign in, we record the identifier returned by your chosen sign-in method (your email address, Telegram ID, or Google account ID), your display name where you provide one, and the avatar you upload. We keep an encrypted session token in your browser so that you do not have to sign in on every request.
  • Project source. When you start a build, you upload your project archive. The archive and its contents are processed solely to produce the build artifacts you requested.
  • Build credentials you supply. For App Store Connect delivery you supply an App Store Connect API key, a Key ID, an Issuer ID, and the target Bundle ID. For engine editor activation you may supply the engine account email, password, and (when required) a two-factor code. For any additional delivery destination enabled for your account, you supply only the credentials that destination requires, as described in the dashboard. These values are used only to perform the action you requested for that specific build.
  • Build artifacts and logs. The service stores the resulting IPA file, the iOS archive, the structured logs from each build, and the configuration that drove the build, so that you can download or re-run them later.
  • Operational telemetry. Standard request metadata (timestamps, status codes, request sizes) is recorded to help us operate and debug the service.
03

How we use information

We use the information described above only to:

  • run the build pipeline you requested and return the resulting artifacts to you;
  • deliver builds to the destinations you explicitly enabled;
  • authenticate you and operate access controls on your account;
  • validate that uploaded archives and credentials are well-formed before starting a build, so that failures surface early and with clear error messages;
  • produce logs that help us diagnose failed builds and operate the service safely.

We do not use uploaded project source, credentials, or build artifacts for advertising, profiling, or training third-party models. We do not sell or rent any data handled by the service.

04

Storage, encryption, and access

Everything you upload to ipafy - your project archive, the credentials you provide for a specific build, and the artifacts the service produces from them - is stored in encrypted form at rest. All traffic between your browser, the service, and the storage layer travels over TLS-encrypted connections.

Your build inputs and artifacts are scoped to your account. Another account using the service cannot read, list, or interact with your data in any way. The credentials you supply for a specific build (such as an App Store Connect API key or engine account credentials) are used solely to perform the action you requested for that build, are not shared with any other user, and are not surfaced to any party other than the third-party platform they are intended for.

The operator does not browse, read, copy, or redistribute the contents of your project source or build artifacts other than as required to run the build you requested, deliver the result where you asked, and provide you with the output. Your data is not used by us for any purpose unrelated to operating the service for you.

05

Retention and deletion

Build inputs and outputs are retained while they remain useful to you. You can delete a build from the dashboard at any time, which removes the associated project source, credentials, and build artifacts from storage. Application logs are retained for a limited period to support operations and debugging, then expire automatically.

When you close your account, we remove the data associated with it within a reasonable period, except where we are required by law to retain specific records for longer.

06

Sharing and disclosure

We disclose information handled by ipafy only in the following situations:

  • to the infrastructure providers that operate the service on our behalf, strictly to provide the infrastructure required to run the service;
  • to the third-party platforms you have explicitly asked us to deliver builds to (such as Apple App Store Connect), strictly to perform the upload you requested;
  • when required by law, valid legal process, or to protect the rights, property, or safety of the operator or users of the service.
07

Third-party platforms you interact with

The following third-party platforms appear in the service because you explicitly choose them, either as a sign-in method or as a destination for a build. Your use of those platforms is governed by their own terms.

  • Apple App Store Connect receives a build when you enable App Store Connect delivery for it.
  • Your game engine vendor activates the engine editor when you enable engine editor activation for a build.
  • Telegram is offered as a sign-in option and, separately, as a destination for the build status notifications you opt into.
  • Google is offered as a sign-in option. We request only the basic profile information needed to identify your account. We do not access Gmail, Drive, Calendar, Contacts, or any other Google service data.

ipafy also relies on infrastructure providers to host the service, store data in encrypted form, run the build compute in isolated short-lived environments, deliver transactional email (such as verification codes), and power the optional in-dashboard text generation features. These providers act on our behalf under data-processing obligations and are bound to use your data only to deliver the infrastructure we have contracted them for. You can request the current list of these providers, including their names and locations, by writing to the contact address below.

08

Outbound network routing

When ipafy needs to talk to Apple on your behalf, some of those API requests leave our servers through dedicated network infrastructure operated by a third-party network-transit vendor. App Store Connect is the main destination. We route traffic this way so that the developer accounts you and other customers manage on the platform are kept apart from each other at the network level, rather than all sharing a single outbound address.

Traffic over this infrastructure is TLS-encrypted between our servers and Apple's servers, and the vendor only sees the encrypted packets. The vendor does not have access to request bodies, response bodies, authentication tokens, or any data belonging to your applications or your users.

We do not publish the name of the vendor. The infrastructure runs outside the European Union, and what travels through it is the encrypted connection metadata described above. Because the vendor has no access to personal data content, we treat it as a network-transit provider rather than a data sub-processor under GDPR Article 28.

09

Security

Connections to the service are served over HTTPS. Account passwords are stored only as one-way cryptographic hashes; we cannot recover the original value. Credentials supplied for a specific build are encrypted at rest, scoped to the build that uses them, and made available to the build environment only for the duration of that build.

No service is perfectly secure. You are responsible for choosing a strong password (or for keeping your third-party sign-in account secure), and for revoking any third-party credential (for example an App Store Connect API key) that you believe may have been exposed.

10

Your rights and choices

You may at any time:

  • delete uploaded archives, configurations, or build artifacts through the dashboard;
  • request a copy of any data we hold about your account by writing to the contact address below;
  • request deletion of your account and the data associated with it.

Depending on where you live, you may have additional rights under local laws such as the GDPR or the CCPA. We will respond to requests in line with those laws.

11

Children's privacy

ipafy is a developer tool and is not directed to children under 13. We do not knowingly collect information from children. If you believe a child has provided information to the service, contact us so that we can remove it.

12

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by an updated date at the top of this page. Continued use of the service after a change indicates acceptance of the revised policy.

13

Contact

If you have questions about this policy or how your information is handled, contact .

Questions about this document? Contact .