Privacy Policy

Last updated: March 18, 2026

1. Controller

Compel (“we”, “our”, “us”) is operated by Roop Labs, LLC. For questions about this policy or your personal data, contact us at privacy@compel.sh.

Our servers are hosted in the European Union (Hetzner, Germany). If you are in the EU/EEA, the GDPR applies to your data.

2. Data We Collect

Account data

When you sign up, we collect your email address and a hashed password. You may optionally provide a display name.

App tracking data

To provide our service, we store the iOS App Store App IDs, keyword lists, and daily ranking snapshots you configure.

Usage & analytics

We use PostHog (EU-hosted instance) to collect anonymised product analytics such as page views, feature usage, and session recordings. You can opt out via your browser's Do Not Track signal or by contacting us.

Payment data

Payments are processed by Stripe. We store only your subscription status and plan tier. We never see or store your full card number.

Transactional email

We use Resend to send password-reset and account-related emails. Your email address is shared with Resend for this purpose.

Log data

Our servers automatically log IP addresses, request timestamps, and HTTP status codes for security and debugging purposes. Logs are retained for 30 days.

3. Legal Basis (GDPR)

• Contract performance — providing the ranking-tracking service you signed up for.
• Legitimate interest — security logging, fraud prevention, product improvement analytics.
• Legal obligation — retaining billing records as required by applicable law.
• Consent — optional marketing communications (you can unsubscribe at any time).

4. Data Sharing & Sub-processors

We share data only with the following processors:

• Hetzner Online GmbH (Germany) — cloud infrastructure & storage.
• Stripe, Inc. (US, EU SCC) — payment processing.
• Resend, Inc. (US, EU SCC) — transactional email.
• PostHog, Inc. (EU-hosted) — product analytics.
• Apple Inc. — App Store keyword ranking data is fetched from Apple's public APIs.

We do not sell your personal data to third parties.

5. Data Retention

Account data is retained for as long as your account is active. After account deletion, personal data is purged within 30 days. Anonymised aggregate statistics may be retained indefinitely.

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to: access, rectify, or erase your personal data; restrict or object to processing; receive a portable copy of your data; and lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@compel.sh. We will respond within 30 days.

7. Cookies

We use a single session cookie to keep you logged in. We do not use third-party advertising cookies. PostHog may set analytics cookies; these can be blocked with standard browser tools.

8. Security

All data is transmitted over HTTPS/TLS. Passwords are stored as bcrypt hashes. We conduct regular dependency audits and apply security patches promptly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by email to registered users at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

10. Contact

For any privacy-related questions, contact us at privacy@compel.sh.