At CheckAppSec, we understand that security researchers and developers need to analyze applications without compromising their privacy or storing sensitive data. Our platform is designed with zero data retention as a core principle.
✓ We do NOT store your uploaded applications
✓ We do NOT keep analysis results permanently
✓ We do NOT share your data with third parties
✓ We do NOT require user accounts or registration
Automatic Data Deletion
All uploaded files and analysis results are automatically deleted after 2 hours. This ensures:
Your proprietary applications remain confidential
No long-term storage of your intellectual property
Compliance with data minimization principles
Reduced risk of data breaches or unauthorized access
Access Control
Each analysis is protected by a unique session token that is:
Generated randomly and unpredictably
Stored only in your browser (not on our servers)
Required to access analysis results
Inaccessible to other users or third parties
This means only the browser that uploaded the file can view the results. Even we cannot access your analysis without your session token.
Manual Deletion
You have full control over your data:
Click the "Delete Now" button to immediately remove all analysis data
Deletion is permanent and cannot be undone
No backup copies are kept after deletion
Data is purged from memory, cache, and storage
What We Collect
Uploaded Files (Temporary)
When you upload an IPA file for analysis, we temporarily store it in our secure server to perform security scanning. The file is:
Stored in an isolated temporary directory
Never logged, backed up, or archived
Deleted immediately after analysis completes
Automatically purged after 2 hours maximum
Analysis Results (Temporary)
Security scan results are kept in memory only and include:
Identified vulnerabilities and security issues
Detected hardcoded sensitive data
App permissions analysis
Security risk score
Technical Logs (Minimal)
We maintain minimal logs for system operation:
Timestamp of analysis requests
Analysis ID (random UUID, no personal info)
Processing status (success/failure)
No IP addresses, user agents, or identifying information
What We Do NOT Collect
NO user accounts or registration data
NO email addresses or contact information
NO IP addresses or browser fingerprints
NO cookies or tracking technologies
NO analytics or third-party scripts
NO permanent storage of your applications
Compliance & Standards
Our platform is designed to meet enterprise security requirements:
GDPR Compliant: Data minimization and right to erasure
CCPA Compliant: No sale of personal information
ISO 27001 Principles: Information security best practices
SOC 2 Type II Ready: Secure data handling procedures
Your Rights
You have complete control over your data:
Right to Delete: Use the "Delete Now" button anytime
Right to Access: View your results with your session token
Right to Privacy: No tracking or data collection
Right to Transparency: Full disclosure of our practices
Security Measures
We protect your data with:
TLS/SSL encryption for all data in transit
Isolated processing environments for each analysis
No cross-contamination between user uploads
Secure random token generation
Automatic cleanup and data purging
Updates to This Policy
If we make changes to this privacy policy, we will update the "Effective Date" at the top of this page. We will never reduce your privacy protections without clear notice.
Contact Us
If you have questions about our privacy practices: