privacy.
$ hog cat PRIVACY.md
LAST UPDATED 2026-07-11
RevenueHog is free on the web; the only paid feature is push alerts on iOS. We hold as little about you as the product needs, and only to run it for you. Here's the honest, plain-language version.
what this covers
RevenueHog is a tool for app developers: you connect your own App Store Connect key and we turn Apple's reports and real-time notifications into a live revenue feed, metrics, and optional push alerts. This policy explains what data that involves, why we hold it, and where it lives. It covers the web app, the API, and the RevenueHog iOS app.
your account
When you sign up we store your email address and name, plus a hashed password if you register with one. Authentication is handled by better-auth. If you sign in with Google, we receive your basic profile (name, email, avatar) from Google to identify your account. We never see your Google password. Your account belongs to an organization (workspace); other members you invite can see the organization's data.
your app store connect key
To read your revenue you upload an App Store Connect API key: the .p8 private key, its Issuer ID, and Key ID. The private key is encrypted at rest (AES-256-GCM) and scoped to your organization; the dashboard only ever shows whether a key is present, never its contents. We use it solely to call Apple on your behalf and never share it.
revenue & subscription data
Using your key, we fetch your sales, proceeds, and subscription reports from Apple and store the aggregated figures so we can show your feed, metrics, and customers. This is your own business data, pulled on your instruction. Amounts in other currencies are converted to USD using public daily reference rates. We do not receive your customers' payment details. Apple never shares card or bank information, and neither we nor Apple show it to you.
real-time app store events
If you point Apple's App Store Server Notifications at RevenueHog, we receive and store each signed notification (purchases, renewals, cancellations, refunds, and the transaction identifiers Apple includes). We verify each one and, if you've configured a forwarding endpoint, re-deliver Apple's exact signed payload to your own server. We only forward to URLs you set yourself.
push notifications
If you enable alerts on a device, we store that device's push token (Apple's APNs, or Google's FCM on Android) so we can deliver the notifications you asked for. Tokens are used only to send your own alerts and are removed when a device stops responding or you turn alerts off. Visible push alerts on iOS are unlocked by an in-app subscription purchased through Apple; that purchase is processed by Apple, and we receive from Apple only the signed transaction that tells us your organization's alerts are active and when they renew.
optional sdk data
The RevenueHog SDKs are optional. If you add one to your app, your app can send us the identifiers youchoose (your own app-user id and any attributes you attach) so purchases can be tied to a user in your customers view. This is data you send about your users on your own responsibility; if you don't use an SDK, we never receive it and customers are shown as anonymous transaction-derived records.
usage analytics
We use Vercel Analytics to understand aggregate, anonymous usage of the marketing site and app (page views and performance). It does not build an advertising profile of you. We do not use third-party advertising trackers.
what we don't do
We do not sell your data. We do not share it with advertisers or data brokers. We do not use your revenue data to train models or for any purpose other than running RevenueHog for you. Data is shared with the infrastructure providers below strictly to operate the service, and with the endpoints you explicitly configure.
where your data lives
RevenueHog runs on Vercel (hosting) with a Neon PostgreSQL database, both in the United States. Sub-processors we rely on to run the service include Apple (source of your reports and the App Store notifications), Google (only if you use Google sign-in), Vercel and Neon (hosting/database), and (once configured) an email provider for verification and password-reset messages. Push is delivered directly through Apple (APNs) and Google (FCM).
retention & deletion
We keep your data for as long as your account is active so the product keeps working. There is no self-serve account deletion yet. To have your organization's data (including your stored App Store Connect key) deleted, email us at the address below and we'll remove it. You can remove your credentials or forwarding endpoints yourself at any time in Settings, and turn off alerts to drop your push tokens.
changes to this policy
If we change how we handle data, we'll update this page and the date at the top. Material changes will be reflected here before they take effect.
contact
Questions or data requests? Email privacy@revenuehog.dev.
oink.