Privacy Policy

Effective date: April 16, 2026 · Last updated: April 16, 2026

We don't sell your data. We don't track you across apps or the web. We don't run ads. GapSpark is designed to be privacy-first from the ground up. This page explains exactly what we collect and why.

Who we are

GapSpark (the “App”) is developed by AI AutoSite (the “Developer”, “we”, “us”). This policy applies to the GapSpark iOS application and its supporting backend services.

What we collect

If you choose to sign in

Sign in with Apple is optional. It's required only to use features like saving ideas or running Deep Dive analyses. When you sign in, we collect:

Your Apple User ID — a stable identifier Apple provides that lets us recognize you on return visits. We never receive your Apple ID password.
Your name — only if you choose to share it with the app during Sign in with Apple (first sign-in only).
Your email address — either your real email or Apple's private relay address (@privaterelay.appleid.com), depending on your choice.

If you save items

When you save a pain point or app idea, we store a reference to that item and the timestamp, associated with your Apple User ID.

What we don't collect

No analytics or telemetry
No advertising identifiers (IDFA)
No device fingerprints
No location data
No contacts, photos, calendar, or any other device data
No IP address logging for individual users
No behavioral tracking across apps or websites

How we use data

The data described above is used only to:

Let you sign in and recognize you on return visits
Associate saved ideas and pain points with your account
Track how many Deep Dive analyses you've run today (to enforce the 3-per-day free limit)

We do not use your data for advertising, profiling, or any other purpose.

AI processing and third parties

Apple Foundation Models (on-device)

When you generate an app idea on a compatible device (iPhone 15 Pro or newer with iOS 26+ and Apple Intelligence enabled), the processing happens entirely on your device. No data leaves your device for this feature.

Cloudflare Workers AI (backend batch analysis)

Our backend uses Cloudflare Workers AI to analyze public App Store review text (not your personal data) to extract pain points. Reviews are collected from Apple's public RSS API. No user-identifying information is sent to Cloudflare Workers AI.

Anthropic Claude API (Deep Dive)

When you request a Deep Dive analysis, our backend sends the pain point text and related public review text to Anthropic's Claude API for analysis. We do not send your name, email, Apple User ID, or any personal data to Anthropic. Only the public pain point and review content is sent. Anthropic's own data handling is governed by their privacy policy.

Apple Sign in with Apple

Authentication is handled by Apple. Apple's handling of your Apple ID is governed by Apple's privacy policy.

Data storage

Your Apple User ID, associated name/email, and saved items are stored in a Cloudflare D1 database (SQLite at the edge) operated by the Developer. Data is stored encrypted at rest and in transit. The database is hosted on Cloudflare's global infrastructure.

Data retention

We keep your data for as long as your account exists. If you delete your account (see “Your rights” below), we delete all associated data within 30 days.

Your rights

You have the right to:

Access the data we hold about you
Correct inaccurate data
Delete your account and all associated data
Revoke access through your iPhone's Settings → Apple ID → Sign-In & Security → Apps Using Apple ID → GapSpark → Stop Using Apple ID
Export your data (contact us)

To exercise any of these rights, contact us at the email below. We respond within 30 days.

Children's privacy

GapSpark is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will delete it.

International users

GapSpark is designed for users globally. Cloudflare stores data at the edge nearest to you. If you are in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively — including the rights above, plus the right to lodge a complaint with a supervisory authority.

We do not sell personal information as defined by the CCPA. We have never sold personal information and have no plans to.

Security

All data in transit is encrypted using TLS 1.3. Authentication tokens are stored in the iOS Keychain (hardware-backed on supported devices). Backend secrets (API keys) are stored in Cloudflare's encrypted Secrets store. That said, no system is 100% secure — if you notice a security issue, please contact us immediately.

Changes to this policy

We may update this policy as the app evolves. Material changes will be announced in the app and via the effective date above. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

For privacy questions or to exercise your rights, contact:

AI AutoSite
Email: privacy@ai-autosite.com
GitHub: github.com/ai-autosite