Privacy Policy

Last Updated: 11/12/2025

1. Introduction

SideKit (“we,” “our,” or “us”) provides backend-as-a-service (BaaS) infrastructure and tooling for mobile applications. Customers of SideKit (“customer”, “developer”, “app developer”) are those who integrate the SideKit SDK or call the SideKit API within their applications. This Privacy Policy describes how we collect, use, store, and process information when developers integrate the SideKit SDK or access our services.

We design SideKit as a privacy-first analytics and messaging platform, giving developers strict control over what leaves their applications. This Privacy Policy applies globally to all jurisdictions in which applications using SideKit are distributed.

2. Information We Collect

SideKit does not store IP addresses, email addresses, device identifiers, or any other personally identifiable information. It is against our terms of service for developers to send personal data to our services.

2.1 Data Collected via the SideKit SDK

The SDK may collect the following non-identifying metadata:

  • Country
  • Language
  • Device type
  • Operating system version
  • App version
  • Developer-defined signals (configured by the app developer)

2.2 Security and Version Validation Requests

Applications may contact SideKit for:

  • Version validation
  • Integrity or security checks
  • Developer-configured messages
  • Engagement features

These requests contain only the same non-PII metadata listed above and any other metadata the developer chooses to add.

2.3 Information We Collect from Account Holders (Developers)

When you create a SideKit account or otherwise use our platform as a developer, we may collect the following information:

  • Email address and username
  • Organization or company name (if provided)
  • Billing information, such as payment method and billing address
  • Support requests and communications
  • Dashboard usage logs, authentication logs, and service activity necessary to operate your account

All information collected is strictly limited to what is necessary to provide, maintain, and improve the Services.

3. How We Use Information

3.1 How We Use Collected Metadata

We use collected metadata to:

  • Provide aggregate analytics to developers
  • Validate app versions and ensure integrity
  • Operate and improve backend infrastructure

This data cannot be used to identify individuals.

3.2 How We Use Developer Account Information

We use account data for the following purposes:

  • Account Management: To create, authenticate, and maintain your SideKit account
  • Billing and Payments: To process fees and manage subscriptions
  • Support and Communications: To respond to inquiries, provide updates, and troubleshoot issues
  • Service Improvement: To monitor platform usage and improve performance, reliability, and security
  • Compliance and Legal Obligations: To comply with applicable laws and enforce our Terms of Service

Developer account data is never shared with third parties for marketing purposes and is only accessed by authorized personnel on a need-to-know basis.

4. Legal Basis for Processing

Processing is based on:

  • Contractual necessity: delivering services requested by developers
  • Legitimate interests: providing analytics, security, and infrastructure

Developers may have their own legal obligations depending on their jurisdiction and app design.

5. Data Sharing and Transfers

We do not sell, rent, or trade data. We share only aggregated, non-identifiable analytics with developers using SideKit.

Because services operate globally, data may be processed in regions outside a user's jurisdiction. Transfers occur with appropriate technical and contractual safeguards.

Infrastructure Providers (Cloudflare)

SideKit uses Cloudflare for content delivery, routing, logging, and security infrastructure. While SideKit does not collect or store IP addresses, Cloudflare may process and temporarily log IP addresses and other network-level request metadata as part of normal operations. This processing is transient and governed by Cloudflare’s data-processing terms. SideKit does not access, use, or store this data.

6. Data Retention

SideKit retains metadata and request-related data with associated values as specified by developers indefinitely for the following purposes:

  • Provide analytics configured by developers
  • Operate service functionality
  • Comply with legal obligations

7. Security

We implement administrative and technical safeguards, including access control and minimizing the type and amount of data that a user can access at any given time.

8. Children’s Privacy

SideKit does not collect PII and is not designed to independently identify or track children. Developers are responsible for lawful deployment of analytics within child-directed applications and for ensuring compliance with applicable child-privacy regulations.

9. Developer Responsibilities

Developers integrating the SideKit SDK must:

  • Ensure submitted custom signals never contain PII
  • Ensure their use of SideKit complies with applicable laws

10. User Rights

Because SideKit does not collect personal data, standard data-subject rights (access, correction, deletion) generally do not apply. Developers may provide appropriate mechanisms within their applications if required by local laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy. Material changes will be reflected in the “Last Updated” date above.

12. Contact Us

For questions regarding this Privacy Policy, contact: support@appsidekit.com