Privacy Policy
Last updated: June 16, 2026
This Privacy Policy describes how SEW INC. ("Company," "we," "us," or "our") collects, uses, and discloses your information when you use the Appsolid application-protection platform at https://appsolid.net and related services (the "Services").
By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services. If you have questions, contact our Data Protection Officer at dpo@se.works.
Summary of key points
- What we collect: account details you provide, application files you upload, payment data (processed by Stripe), telemetry from applications you protect, and technical and usage data collected automatically.
- Sensitive data: we do not intentionally collect sensitive personal information, and we do not knowingly collect data from children under 18.
- Advertising: we do not use your data for advertising, we do not use third-party tracking cookies, and we do not sell your personal information.
- Telemetry: for monitoring data sent by your end users' devices, you are the controller and we act as your processor under a Data Processing Addendum.
- Your rights: depending on where you live, you may access, correct, delete, or port your data and exercise other rights described below.
- Contact: privacy questions and data requests go to dpo@se.works; general support is help@appsolid.net.
1. Information We Collect
In Short: We collect information you provide, files you upload, and certain data collected automatically.
Information you provide
We collect personal information you voluntarily provide when you register, express interest in our products, make a purchase, or contact us. This may include your name, business email address, business name and contact details, and account password (stored only in hashed form).
Application files you upload
To provide the Services, you upload Android application packages (APK or AAB files). These files may contain your proprietary code and any data you have embedded in them. We process uploaded files solely to perform the protection you select (such as packing, obfuscation, and runtime protections) and to return the protected output and associated reports to you. We do not access the contents of your applications except as necessary to provide the Services or as required by law.
Payment information
If you purchase a paid plan, payment is processed by our payment processor, Stripe. We may receive limited billing details (such as your plan, billing contact, and the brand and last four digits of your card), but we do not store full payment card numbers. Stripe's handling of your payment data is governed by Stripe's privacy policy at https://stripe.com/privacy.
Telemetry from protected applications
If you enable monitoring for an application you protect, the protected application may transmit operational telemetry to us on a best-effort, opt-in basis. This telemetry can include runtime threat-detection events (for example, detection of debugging, hooking, emulation, rooting, or tampering), crash and stability diagnostics, and device metadata such as device model, operating-system version, CPU architecture, application version, coarse region or locale, and timestamps. You configure this telemetry, and we process it on your behalf — see "Our Role: Controller and Processor" below.
Information collected automatically
When you visit or use the Services, we automatically collect technical information, including your IP address, browser and device characteristics, operating system, language preferences, referring URLs, and information about how you interact with the Services. We collect this through server logs and our analytics provider, primarily to operate and secure the Services and for aggregate analytics. We do not process sensitive personal information.
2. How We Use Your Information
In Short: We use your information to provide, secure, and improve the Services, process transactions, communicate with you, and comply with law.
- To create and administer your account and authenticate you.
- To provide the Services, including processing your protection jobs and returning protected builds and reports.
- To operate the monitoring features and present threat, crash, and stability data in your dashboard.
- To process payments and manage subscriptions through Stripe.
- To communicate with you about your account, transactions, security, and support requests.
- To maintain the security and integrity of the Services, including fraud prevention and abuse detection.
- To analyze and improve the Services using aggregate usage data.
- To comply with legal obligations and enforce our terms.
We do not use your information for third-party advertising, and we do not sell your personal information.
3. Legal Bases for Processing (EEA/UK/Canada)
In Short: We only process personal information when we have a valid legal basis to do so.
If you are in the European Economic Area or the United Kingdom, our legal bases include performance of a contract with you; your consent (which you may withdraw at any time); compliance with legal obligations; and our legitimate interests in operating, securing, and improving the Services where those interests are not overridden by your rights and freedoms. If you are in Canada, we process your information with your express or implied consent, except where otherwise permitted or required by law.
4. Our Role: Controller and Processor
In Short: We are a controller for your account and billing data, and a processor for telemetry sent by your end users' devices.
For the personal information of our direct customers — such as account, billing, and support data — SEW INC. acts as a data controller.
For telemetry transmitted by end users of the applications you protect (including threat events, crash diagnostics, and device metadata), you are the controller and SEW INC. acts as your processor. We process that data only to provide the monitoring features, on your documented instructions; we do not use it for our own purposes and we do not sell it. This processing is governed by our Data Processing Addendum (DPA), which is incorporated into our Terms of Service. You are responsible for providing any notices to, and obtaining any consents from, your end users as required by applicable law.
5. When and With Whom We Share Information
In Short: We share information with service providers, in business transfers, or where required by law. We do not sell your personal information.
- Service providers (sub-processors). We share information with vendors that perform services on our behalf under contract, as listed below.
- Business transfers. We may share or transfer information in connection with a merger, acquisition, financing, or sale of all or part of our business.
- Legal and safety. We may disclose information where required by law, or where we believe it necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or abuse.
6. Sub-Processors
In Short: We rely on a small set of U.S.-based infrastructure providers to operate the Services.
- Vercel — web hosting, content delivery, and privacy-friendly analytics.
- Convex — application database and backend functions.
- Fly.io — compute for the protection engine.
- Tigris Data — object storage for uploaded application files and protected outputs.
- Stripe — payment processing for paid plans.
- Our transactional email provider — account and service-related email.
A current list of sub-processors is available on request. We require sub-processors to protect personal information consistent with this Policy.
7. Cookies and Analytics
In Short: We use only essential and functional cookies, plus cookieless analytics. We do not use advertising cookies.
We use a small number of strictly necessary cookies to operate the Services, including an authentication session cookie that keeps you signed in and a functional cookie that remembers your language preference. We use Vercel Analytics, which measures aggregate usage without using cookies or tracking you across other websites. We do not use third-party advertising or cross-site tracking cookies. Most browsers let you control cookies; disabling essential cookies may prevent you from signing in.
8. International Data Transfers
In Short: We process information in the United States.
Our Services and infrastructure are operated in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States. Where we transfer personal information from the EEA, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where applicable, the EU-U.S. Data Privacy Framework.
9. Data Retention
In Short: We keep information only as long as necessary for the purposes described in this Policy.
- Account information is retained while your account is active and for a reasonable period afterward, unless a longer period is required by law (for example, tax or accounting requirements).
- Uploaded application files and protected outputs are retained only as long as necessary to deliver them to you, and are deleted or made inaccessible after the applicable processing and download window.
- Telemetry data is retained for a limited period to provide monitoring and analytics, after which it is deleted or aggregated.
When we no longer need personal information, we delete or anonymize it, or — where that is not immediately possible (for example, because it is held in backups) — we securely isolate it until deletion is possible.
10. Data Security
In Short: We use organizational and technical measures to protect your information.
We implement reasonable and appropriate safeguards designed to protect personal information, including encryption of data in transit and at rest, access controls and role-based permissions, and authentication. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
11. Children's Information
In Short: The Services are not directed to children under 18.
The Services are intended for business users who are at least 18 years old. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, please contact dpo@se.works and we will take appropriate steps to delete it.
12. Your Privacy Rights
In Short: Depending on where you live, you may access, correct, delete, and port your information, and object to or restrict certain processing.
Depending on your location, you may have the right to request access to and a copy of your personal information; request correction or deletion; restrict or object to processing; request data portability; and withdraw consent where processing is based on consent. You may also opt out of marketing communications at any time using the unsubscribe link or by contacting us. To exercise your rights, contact dpo@se.works; we will respond consistent with applicable law. If you are in the EEA or UK, you may also lodge a complaint with your local supervisory authority.
United States state privacy rights
If you are a resident of a U.S. state with a comprehensive privacy law — including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, Delaware, and other states as such laws take effect — you may have the right to confirm whether we process your personal information; to access, correct, or delete it; to obtain a portable copy; and to opt out of "sales," "sharing," or targeted advertising and certain profiling. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising these rights. You may appeal a decision by contacting dpo@se.works; if we deny your appeal, you may contact your state attorney general.
California residents may also request information about disclosures for direct marketing under California's "Shine the Light" law. We may need to verify your identity before fulfilling a request, and you may use an authorized agent where permitted by law.
13. Do-Not-Track
Because no common industry standard for "Do-Not-Track" (DNT) signals has been finalized, we do not currently respond to DNT browser signals. We will update this Policy if such a standard is adopted.
14. Updates to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last updated" date and is effective when posted. If we make material changes, we will provide additional notice as required by law. We encourage you to review this Policy periodically.
15. Contact Us
For privacy questions or to exercise your rights, contact our Data Protection Officer, Min Hong, at dpo@se.works. For general support, contact help@appsolid.net.
SEW INC., 200 Continental Drive, Suite 401, Newark, DE 19713, United States.
