StoreShield
FR Start free trial

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains how Jonathan Benay, trading as Hangeul Studio ("we", "us") collects and processes personal data in connection with the StoreShield macOS application and the website at storeshield.app.

We are the data controller for the personal data described in this policy. You can reach us at privacy@storeshield.app for any privacy-related request.

Data Protection Contact: privacy@storeshield.app

1. The short version

  • The desktop App processes your .ipa files entirely on your Mac. We never receive, store or analyse your binaries.
  • We collect only what we need to deliver the Service: your email and country (for checkout and license delivery), and basic technical logs of the Site.
  • We do not sell your personal data, and we do not use it for advertising.

2. Data we process

2.1 Data you provide

  • Email address — when you purchase a Pro license, contact support, or subscribe to product update notifications.
  • Billing information (name, country, VAT number where applicable) — collected directly by our payment processor Paddle; we receive a redacted record for accounting and license issuance.
  • Support correspondence — the content of any email you send us, kept for 24 months for follow-up and quality.

2.2 Data collected automatically

  • Site server logs — IP address, user-agent, requested page, timestamp. Kept up to 30 days for security and abuse prevention.
  • License validation pings — when you activate Pro, the App contacts our license server with your license key and a hashed device identifier. We store the count and timestamp of activations to enforce the 3-Mac limit, but we do not log scans, file paths, file names or any data extracted from your .ipa.

2.3 Data we do not collect

  • The contents of any .ipa file you scan.
  • Your scan history, scan results, or the names of apps you analyse.
  • Any analytics, telemetry or usage tracking from the App.
  • Cookies of any kind on the Site (we use no analytics or advertising trackers).

3. Why we process your data and on what legal basis

  • To deliver and operate the Service (Art. 6(1)(b) GDPR — performance of a contract): processing your purchase, issuing and validating your license, providing support.
  • To meet legal obligations (Art. 6(1)(c) GDPR): keeping invoices and accounting records for the period required by French law (typically 10 years).
  • To secure the Service (Art. 6(1)(f) GDPR — legitimate interest): logging, abuse detection, and bug investigation.

4. Who has access to your data

We rely on a small set of carefully chosen sub-processors, all of them GDPR-compliant:

  • Paddle.com Market Limited (Ireland & UK) — payments, invoicing and tax compliance, acting as merchant of record.
  • Cloudflare, Inc. (USA, with EU edge presence) — hosting of the Site and the license-validation Worker.
  • Resend, Inc. (USA) — transactional email delivery for license delivery and support replies.

These providers act as data processors and only handle your data on our instructions, under written data-processing agreements that include the EU Standard Contractual Clauses for any transfer outside the EEA.

5. International transfers

Some of our processors are based outside the European Economic Area (notably in the United States). When personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses and additional safeguards as required by the GDPR.

6. Retention

  • Customer record (email, license): kept while the subscription is active and for up to 12 months after the last activity, then deleted.
  • Invoices and tax records: 10 years (French commercial code).
  • Server logs: 30 days.
  • Support emails: 24 months.

7. Your rights

Under the GDPR, you have the right to:

  • Request access to your personal data;
  • Request rectification of inaccurate data;
  • Request erasure ("right to be forgotten") subject to our legal-retention obligations;
  • Request restriction of processing or object to processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time, where consent is the legal basis;
  • Lodge a complaint with your national data-protection authority. In France, this is the CNIL — cnil.fr.

To exercise any of these rights, write to privacy@storeshield.app. We respond within 30 days.

8. Children

The Service is intended for software developers and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us so we can delete it.

9. Changes to this policy

We will post any changes to this policy on this page and, for material changes, notify Pro customers by email. The "Last updated" date at the top reflects the current version.