Skip to main content
← Back to StoraTerms of Service

Privacy Policy

Last updated: March 17, 2026

1. Introduction

Stora (“we”, “our”, or “us”) operates the Stora platform at stora.sh. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you sign in with GitHub, we receive and store:

  • Your GitHub username and display name
  • Your email address
  • Your profile image URL
  • A GitHub OAuth access token (used to access your repositories on your behalf)

Repository Data

When you connect a project, we access your repository contents solely to provide our services (screenshot capture, compliance scanning, ASO optimization). We do not store copies of your source code. Repository data is processed in memory and discarded after use.

App Store Credentials

If you choose to use our publishing features, you may provide Apple App Store Connect API keys or Google Play service account credentials. These are encrypted at rest and used only to publish content on your behalf. We never share these credentials with third parties.

Usage Data

We collect anonymized usage analytics (via PostHog) to improve the product, including:

  • Pages visited and features used
  • Screenshot generation and publishing events
  • Error events (without personal data)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Stora platform
  • Access your GitHub repositories to build and capture screenshots
  • Generate and publish App Store and Google Play assets on your behalf
  • Run compliance scans against App Store Review Guidelines
  • Send you service-related communications
  • Detect and prevent abuse or security issues

4. GitHub Permissions

By default, Stora requests read-only access to your GitHub account and repositories. This includes reading your profile, email, and repository contents.

If you use features that require write access (such as creating pull requests for compliance fixes), we will explicitly ask for additional permissions at that time, with a clear explanation of why they are needed. You can revoke these permissions at any time from your GitHub settings.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data with:

  • Service providers: Third-party services that help us operate the platform (hosting, analytics, AI providers). These providers are contractually obligated to protect your data.
  • AI providers: We use Anthropic (Claude), Google (Gemini), and OpenAI APIs to power AI features. Repository code snippets may be sent to these providers for analysis but are not used for model training.
  • Legal requirements: If required by law, regulation, or legal process.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of sensitive credentials at rest (AES-256-GCM)
  • HTTPS-only communication with HSTS
  • Content Security Policy and other security headers
  • Parameterized database queries to prevent injection attacks
  • Regular security audits

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. Generated screenshots and assets are stored until you delete them or your account. Build artifacts are automatically cleaned up after 30 days.

You can request deletion of your account and all associated data by contacting us at the email below.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Export your data in a portable format

9. Cookies

We use essential cookies for authentication and session management. We use PostHog for analytics, which may set its own cookies. We do not use advertising cookies or trackers.

10. Children’s Privacy

Stora is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

carlton@charmtechnologies.co