Privacy Policy
Last updated: July 4, 2026
Shipzen ("the App") is a macOS application for managing App Store Connect. It is developed and operated by Sardorbek Rakhimov, an independent software developer ("we", "us"). This policy describes how the App and this website (shipzen.app) handle your data. We built Shipzen local-first on purpose: the less of your data we ever touch, the less can go wrong.
Summary
- No Shipzen account. No sign-up. We do not operate servers that receive your App Store Connect data, credentials, or AI conversations.
- Your credentials are stored in the macOS Keychain on your device and are used only to connect directly to Apple and to the AI provider you configure.
- Purchases are processed by Apple and validated through RevenueCat under a random anonymous identifier. We never see your name, email, Apple ID, or payment details.
- The App can send a small set of anonymous, content-free diagnostic and usage events so we can tell whether it works. Never your content — and you can turn it off at any time.
- The website is a static page. If you join the waitlist, we store your email address solely to tell you when Shipzen launches.
Data Stored on Your Mac
The App keeps its data on your device:
- Secrets in the macOS Keychain — your App Store Connect .p8 private key, AI provider API keys (OpenAI, Anthropic), ChatGPT sign-in tokens, and the local MCP bearer token. Keychain entries are created device-only: they are not synced to iCloud Keychain.
- Non-secret account identifiers — Issuer ID, Key ID, team name, and optional Vendor Number are stored in the Keychain or, when you use multiple account profiles, in a local configuration file in the App's Application Support folder. Your .p8 private key is never written to that file.
- ChatGPT account details — if you sign in with a ChatGPT account, the App stores the resulting tokens and the email address associated with your OpenAI account locally in the Keychain, solely so the App can authenticate and show which account is signed in. This information is never sent to us.
- Local caches — copies of your own App Store Connect data (metadata, reviews, sales and analytics reports, price points) cached in local files so the App is fast and stays within Apple's rate limits.
- Preferences — stored via macOS UserDefaults. No secrets are kept there.
- Optional local log — a diagnostic log you can enable for troubleshooting. It is off by default, redacts credentials, stays on your device, and is only ever shared if you choose to send it to us yourself.
You can delete all of this at any time by removing the App, its data container (via macOS storage management or ~/Library/Containers), and its Keychain items.
Network Connections the App Makes
The App connects only to the following services, and only when you use a feature that requires them:
- Apple App Store Connect API (api.appstoreconnect.apple.com) — to read and write your app metadata, builds, TestFlight data, reviews, reports, and pricing. Your .p8 private key never leaves your Mac; the App uses it locally to sign short-lived tokens that authenticate you to Apple.
- Your AI provider (api.openai.com, api.anthropic.com, or chatgpt.com with auth.openai.com for sign-in) — only if you configure AI features. Requests go directly from your device to the provider under your own key or account; there is no Shipzen proxy in between. The content you choose to process — which can include your app metadata, customer reviews, or analytics summaries — is sent to that provider under its own terms and privacy policy.
- RevenueCat (api.revenuecat.com) — only for validating App Store purchases of Shipzen Pro. See "Purchases" below.
- Exchange-rate API (open.er-api.com) — a plain request for currency rates used by pricing recommendations. It carries no credentials, identifiers, metadata, or personal data.
- Diagnostics (PostHog) — anonymous, content-free events if diagnostics are enabled. See "Diagnostics and Usage Events" below.
- Apple web pages (appstoreconnect.apple.com, developer.apple.com) — open in your browser only when you click a link to a web-only Apple workflow.
The optional MCP server listens on localhost only and is protected by a per-install token. If you connect an external tool (for example an AI client on your Mac) to it, that tool processes your App Store Connect data under its own configuration and policies — review what you connect.
Purchases
Shipzen Pro is sold through the Mac App Store. Payment is handled entirely by Apple against your Apple ID: we never receive your name, email address, Apple ID, payment card, or billing details.
To unlock Pro features and prevent fraud, the App uses RevenueCat, a subscription infrastructure service, as our processor. RevenueCat receives a randomly generated anonymous identifier, App Store purchase receipt and transaction data, and basic app and device information (such as app version and platform). We do not attach your identity to this identifier, and neither we nor RevenueCat can see who you are from it. RevenueCat processes this data to validate purchases and give us aggregate sales statistics, under the RevenueCat Privacy Policy.
Diagnostics and Usage Events
To understand whether the App works reliably and whether its core features get used, the App can report a small set of events to PostHog, an analytics service acting as our processor. These events are deliberately content-free. They are limited to feature milestones (for example, that an account was connected, a first scan was run, or a first save was pushed) and technical measurements (request sizes and counts, the AI provider and model in use, timings, normalized error categories, and the App version), tied to a random install identifier that is not derived from you, your device serial, or your Apple ID.
Diagnostic events never include:
- your prompts, chat messages, or AI responses;
- your App Store metadata, app names, bundle IDs, or customer reviews;
- API keys, tokens, credentials, or account identifiers;
- anything typed into the App.
Where a build includes diagnostics, the App tells you on first launch, and you can turn diagnostics off at any time in the App's settings. Disabling stops all reporting and resets the install identifier. Diagnostics are never required for any feature to work. Builds without this capability send nothing.
This Website
shipzen.app is a static site hosted on Cloudflare Pages. Cloudflare, as our hosting provider, processes visitor IP addresses transiently as part of operating and securing its network. The site sets no tracking cookies and uses no advertising or social trackers. If analytics are enabled, we use Cloudflare Web Analytics, which is cookieless and does not fingerprint or identify visitors.
If you join the launch waitlist, we store your email address, the signup time, and which page section you signed up from, solely to tell you when Shipzen is available. Your IP address is used briefly (up to one hour) to rate-limit abuse and is not stored with your email. We do not use waitlist emails for any other marketing, do not share them, and delete them on request or once launch notifications are done.
What We Never Do
- We do not sell or rent personal information — to anyone, ever.
- We do not run advertising or cross-site/cross-app tracking.
- We do not collect the content of your work: metadata, prompts, chats, reviews, and reports stay between your Mac, Apple, and the AI provider you chose.
Legal Bases and International Transfers
Where the GDPR or similar laws apply, we rely on: performance of a contract (providing the App and processing purchases), legitimate interests (fraud prevention, security, and anonymous diagnostics and usage measurement), and consent (the waitlist). Our processors — RevenueCat, PostHog, and Cloudflare — may process data in the United States and other countries; each commits to lawful transfer safeguards in its own data processing terms.
Your Rights
Most data the App handles is under your direct control on your own device, and you can delete it yourself. For the little we are responsible for — a waitlist email or anonymous purchase and diagnostic records — you can contact us at support@shipzen.app to request access, correction, or deletion, and we will act on it. Note that purchase and diagnostic records are held under random identifiers we cannot link to you, so in some cases we cannot locate data about you precisely because we never had your identity. You may also lodge a complaint with your local data protection authority.
Children's Privacy
Shipzen is a professional developer tool that requires an Apple Developer account. It is not directed at children under 13, and we do not knowingly collect information from children.
Changes to This Policy
If we change this policy, we will publish the revised version here with a new date, and note material changes in the App's release notes. Continued use of the App or website after an update constitutes acceptance of the revised policy.
Contact
Data controller: Sardorbek Rakhimov (Shipzen) — support@shipzen.app.