Legal
Privacy Policy
Appswap is built around trust. This policy explains what we collect when you list, buy, verify, and transfer apps — and, just as importantly, the sensitive data we deliberately never store.
Overview
This Privacy Policy describes how Appswap (“Appswap,” “we,” “us”) handles personal information when you use our marketplace for buying and selling software applications. It applies to browsing, listing, checkout, identity verification, and the escrow-protected transfer process.
This is a general policy written to be readable rather than exhaustive, and it is not legal advice. Where local law grants you additional rights, those rights apply. If anything here is unclear, reach out using the contact details at the end.
Information we collect
We collect only what we need to run a trustworthy marketplace. The categories below cover the information you provide and the metadata generated as you use Appswap.
Account & profile
Your name, email address, and the credentials used to sign in, plus any optional profile details you add to your seller or buyer profile.
Listings
Details you publish about an app — name, tagline, price, description, an optional linked GitHub repository and logo, and whether the app stays open-source after sale.
Identity-verification metadata
To verify a seller (KYC) we collect your legal name, country, ID document type, and the verdict of the verification check — its outcome, similarity score, and reason. We do not retain your ID photo or selfie (see below).
Payment metadata
Limited payment metadata. Payments run through Escrow.com; we receive references for the transaction and the billing details Escrow.com shares back — never your full card number or security code.
Messages & contracts
Messages exchanged in a transfer or about a listing, and the legal documents both parties sign in-app (NDA, Asset Purchase Agreement, IP Assignment), each sealed with a tamper-evident hash.
Usage & analytics
Standard technical data — device and browser information, IP address, and how you interact with the marketplace — used to operate, secure, and improve the service.
What we do not store
Some of the most sensitive data passes through Appswap without ever being kept. This is a deliberate design choice — we retain results, not raw secrets.
KYC selfie & ID photos
During identity verification, your ID photo and selfie are processed by AWS Rekognition to compare the two. The photos themselves are not retained — we keep only the verdict, the similarity score, and the reason for that verdict.
Full card numbers & CVD
Your card number and security code are handled entirely by Escrow.com and are never seen or stored by Appswap. We retain only the references Escrow.com returns for the transaction.
How we use information
We use the information we collect for the following purposes:
- Operate the marketplace — publish listings, run checkout, create escrow-protected transfers, and issue Certificates of Ownership.
- Verify seller identity before publishing, and surface verification status in the App Passport.
- Generate, present, and seal the legal documents that both parties sign in a transfer.
- Process payments and hold funds in escrow until the buyer confirms they have full control.
- Coordinate the guided asset handoff and keep both parties informed of transfer status.
- Maintain security, prevent fraud and abuse, and meet our legal and compliance obligations.
- Improve the product through aggregate usage analysis and respond to your support requests.
Third parties & processors
We share information with a small set of service providers who process it on our behalf to deliver core functionality. We do not sell your personal information.
Amazon Web Services (AWS)
Infrastructure hosting and identity-verification image comparison (AWS Rekognition). Rekognition processes verification photos to produce a match result; the photos are not retained.
Escrow.com
Regulated escrow: holds the buyer's funds and disburses to the seller (Escrow.com). Payment details are entered directly with Escrow.com; Appswap never sees your card number. When credentials are not configured, payments run in test mode.
GitHub
Repository provenance and transfers. We read public repository signals for the App Passport, and the Appswap GitHub App moves repository ownership to the buyer during the asset handoff.
Data retention
We keep personal information for as long as your account is active and as needed to provide the service. Records tied to a completed transaction — such as the signed legal documents, their tamper-evident hashes, and the Certificate of Ownership — are retained so that ownership remains verifiable over time and so we can meet legal, tax, and accounting obligations.
When information is no longer needed for these purposes, we delete or anonymize it. As noted above, verification photos and full card details are never retained in the first place.
Security
We apply technical and organizational measures designed to protect your information, and we minimize what we hold — keeping verification verdicts instead of photos, and gateway references instead of card numbers. Executed contracts are sealed with SHA-256 hashes, and each Certificate of Ownership carries a master integrity hash so any later alteration is detectable.
No method of transmission or storage is completely secure. We work to protect your data but cannot guarantee absolute security.
Your rights & choices
Depending on where you live, you may have rights over your personal information, including the ability to:
- Access the personal information we hold about you.
- Correct information that is inaccurate or incomplete.
- Request deletion of your information, subject to records we must keep for legal, tax, or transaction-integrity reasons.
- Object to or restrict certain processing, and withdraw consent where processing relies on it.
- Request a copy of your information in a portable format.
To exercise any of these rights, contact us using the details below. We may need to verify your identity before acting on a request.
International transfers
Appswap and our service providers may process information in countries other than your own. Where information is transferred across borders, we take steps to ensure it remains protected in a manner consistent with this policy and applicable law.
Children
Appswap is intended for adults and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps to remove it.
Changes to this policy
We may update this policy as Appswap evolves. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Continued use of Appswap after an update means you accept the revised policy.
Contact us
Questions about this policy or your information? Reach our privacy team and we will be glad to help.