Privacy Policy
This policy describes what AppRamp (“we”, “us”) collects when you use the AppRamp website, portal, and gateway (together, the “Service”), and how we handle it.
1. What we collect
Account data
When you create a workspace we store your email address, a salted hash of your password (never the password itself), your company or project name, and timestamps. We do not collect names, addresses, or payment details on the free plan.
Service data
To operate the gateway we store the API specifications you import, the configuration derived from them, and per-workspace request counters (a number per day and per month — not the contents of requests).
Request handling
Requests to your MCP endpoints pass through our gateway to your configured backend. Request and response bodies are processed in memory to perform validation and transformation and are not persisted. Operational logs may include metadata (timestamps, endpoint paths, status codes, error classes) retained for a limited period for debugging and abuse prevention.
2. What we do not do
- We do not sell personal data, to anyone, for anything.
- We do not use your API traffic or specifications to train models.
- We do not run third-party advertising or tracking on the Service.
3. How we use data
We use the data above to provide the Service: authenticating you, serving your endpoints, enforcing plan limits, showing you your own usage, and communicating essential service information. Aggregated, non-identifying statistics may be used to improve the Service.
4. Storage and security
Data is stored on Cloudflare’s global infrastructure. Passwords are hashed with PBKDF2-SHA256 and unique salts. Backend credentials you configure are stored as isolated secrets and injected only at request time, server-side. Access to production systems is restricted and audited.
5. Retention and deletion
Account data is retained while your workspace exists. Sessions expire after seven days. Daily usage counters are retained for 90 days and monthly counters for approximately 13 months. To delete your workspace and associated data, contact legal@appramp.dev; we complete deletion within 30 days.
6. Your rights
Depending on your jurisdiction (including under the GDPR and CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict processing. Write to legal@appramp.dev and we will respond within 30 days.
7. Subprocessors
We use Cloudflare, Inc. for hosting, storage, and content delivery. If you enable optional AI widget generation, prompts are processed by the model provider you select (Anthropic or OpenAI) solely to generate the widget.
8. Changes
We will post any material changes to this policy on this page with a new effective date, and notify workspace owners by email for significant changes.
9. Contact
Questions about this policy: legal@appramp.dev.