Who we are

Aperio is a mobile-first analytics dashboard that lets you connect monetization accounts — such as Google AdSense, Google AdMob, YouTube, and similar advertising or content-revenue platforms — and view your revenue and performance data in one place.

For privacy questions you can reach us at privacy@aperio.app.

For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, the data controller is Aperio, reachable at the contact address below.

Information we collect

Account information. When you sign in with Google, we receive and store your basic Google profile information: your email address, name, and profile picture. We also store preferences you set, such as your time zone (which may be auto-detected from your device) and your display currency.

Connected platform data ("revenue streams"). When you connect a third-party account, you authorize that platform to share data with us through its official API. Depending on the platform, this may include:

• OAuth access tokens and refresh tokens, or an API key, used to retrieve your data
• Performance and revenue metrics such as estimated revenue, impressions, clicks, views, eCPM/RPM, CTR, and fill rates
• Asset-level breakdowns — for example, the names or identifiers of your sites, apps, channels, or ad units
• The identifier of the connected account (for example, the associated email or account ID)

We request only the access scopes needed to display your dashboards. We do not request the ability to make changes to your connected accounts.

Subscription and purchase information. If you upgrade to a paid plan ("Go Pro"), the purchase is processed by Apple or Google through in-app purchase. We do not receive or store your full payment card details; we receive a purchase/subscription status and transaction identifier needed to grant entitlements.

Usage and device information (analytics). We use analytics and diagnostics tools to understand how the App is used and to improve it. This may include device model and operating system, app version, language and region, in-app events and screens viewed, approximate session data, and crash/diagnostic logs. Where required, we collect this only with your consent.

Push notification tokens. If you enable notifications, we store a device push token so we can send alerts (for example, significant revenue changes or account issues). You can turn notifications off at any time in your device settings.

We do not knowingly collect more than what is described here, and we do not collect special-category (sensitive) personal data.

How we use information

We use the information above to:

• Authenticate you and maintain your account
• Connect to your chosen platforms and fetch your revenue data on your behalf
• Calculate, normalize, and display dashboards, trends, comparisons, and insights
• Send push notifications you have enabled
• Provide, maintain, secure, and improve the Service, including troubleshooting and analytics
• Process and manage subscriptions and entitlements
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

Legal bases (EEA/UK): we rely on performance of a contract (to provide the Service you request), your consent (for analytics and notifications where required), our legitimate interests (to secure and improve the Service), and legal obligations.

Google API Services — Limited Use disclosure

Aperio's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve the user-facing features described in this policy.
• We do not transfer or sell Google user data for advertising, marketing, or other unrelated purposes.
• We do not use Google user data to train generalized or non-personalized AI/ML models.
• We allow humans to read Google user data only with your explicit consent, where necessary for security or to comply with applicable law, or in aggregated/anonymized form for internal operations.

This disclosure applies to data obtained through Google sign-in and through connected Google services such as AdSense, AdMob, and YouTube.

How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

We share information only:

• With service providers (processors) who host our infrastructure, store data, deliver push notifications, and provide analytics, under contracts that limit their use of the data to providing services to us.
• With the platforms you connect, only to the extent needed to authenticate and retrieve your data through their APIs.
• For legal reasons, when we reasonably believe disclosure is required by law or to protect our rights, users, or the public.
• In a business transfer, such as a merger, acquisition, or asset sale, subject to this policy.

Data retention

We keep your account and connected-platform data for as long as your account is active. Historical revenue data is retained so you can view trends over time. When you disconnect a platform or delete your account, we delete or anonymize the associated data within a reasonable period, except where we must retain limited information to comply with legal, accounting, or security obligations.

Security

We take reasonable technical and organizational measures to protect your information. Access tokens, refresh tokens, and API keys are stored on our servers and handled only by our backend; they are never exposed to other users, and we apply access controls and ownership checks so your data is only accessible to you. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your choices and rights

• Disconnect a platform at any time inside the App. This stops further data collection from that platform.
• Revoke Google access directly at myaccount.google.com/permissions.
• Turn off notifications and analytics in your device or in-app settings (where offered).
• Access, correct, export, or delete your personal data, and object to or restrict certain processing.
• Delete your account, which removes your profile and associated data as described in Section 6. You can request this in the App or by emailing privacy@aperio.app.

Depending on where you live, you may have additional rights:

• EEA/UK (GDPR): the rights above plus the right to withdraw consent and to lodge a complaint with your local supervisory authority.
• California (CCPA/CPRA): the right to know, delete, correct, and to opt out of "sale"/"sharing." We do not sell or share personal information as those terms are defined. We will not discriminate against you for exercising your rights.

We respond to verified requests within the time required by applicable law.

International data transfers

We may process and store information in countries other than where you live. Where required by applicable law, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

Children

The Service is intended for business use by adults and is not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version in the App with a new "Last updated" date and, for material changes, provide additional notice. Continued use after changes take effect means you accept the updated policy.