Privacy Policy

Last updated: March 17, 2026

1. Introduction

BasePrice is a product of Olyndo Ltd (“we”, “us”, or “our”), a company registered in England & Wales (Company Number: 16131446), with its registered address at 124-128 City Road, London, EC1V 2NX, United Kingdom. We operate the website baseprice.io and the BasePrice application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

We may collect the following types of information:

  • Account information: Name, email address, business name, website, and authentication credentials when you create an account (via email/password, Google OAuth, or Apple Sign-In).
  • Store API credentials: App Store Connect API keys (.p8 files, Issuer ID, Key ID) and Google Play service account JSON files you provide for publishing. These are stored in Google Cloud Secret Manager and used solely to execute pricing actions you initiate.
  • Revenue platform credentials: RevenueCat API keys you optionally provide for revenue analytics. Stored in Google Cloud Secret Manager under the same encryption standards.
  • Project and product data: Project configurations, product definitions, pricing templates, price overrides, publish history, and revenue snapshots you create within the application.
  • Usage data: Pages visited, features used, and interactions with our application to improve the service (only with your consent).
  • Payment information: Processed securely through Stripe. We do not store your credit card details on our servers.

3. How We Use Your Information

  • To calculate localized prices across 175+ regions using economic data (exchange rates, purchasing power parity, Big Mac Index, GDP).
  • To publish pricing changes to the Apple App Store and Google Play on your behalf via their official APIs.
  • To monitor for pricing drift and alert you when live store prices diverge from your published configuration.
  • To provide revenue analytics via RevenueCat integration (MRR, subscribers, churn, trial conversions).
  • To process payments and manage subscriptions via Stripe.
  • To communicate important service updates.

4. Data Security

We use industry-standard encryption for data in transit (TLS) and at rest. Store API credentials and revenue platform keys are stored in Google Cloud Secret Manager — they never reside in our application database. We follow security best practices including rate limiting, input validation, and regular security audits.

5. Cookies

We use the following categories of cookies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website and application (powered by Google Analytics 4). These are only set with your explicit consent. You can grant or withdraw consent at any time via the cookie banner or the “Cookie Settings” link in our footer.

We do not use advertising cookies or tracking pixels. For full details, see our Cookie Policy.

6. Third-Party Services

We integrate with the following third-party services:

  • Firebase / Google Cloud: Authentication (email/password, Google OAuth, Apple Sign-In), Cloud Firestore for data storage, and Google Cloud Secret Manager for encrypted credential storage.
  • Google Analytics 4: Website and application usage analytics (only with your consent). We use Google’s Consent Mode v2 Advanced — cookieless pings are sent by default for modelling, and full cookie collection only activates after your explicit consent. Data is processed by Google LLC under Standard Contractual Clauses (SCCs) for EU data transfers. See Google’s Privacy Policy.
  • Stripe: Subscription billing, payment processing, and self-service billing portal.
  • Apple App Store Connect API: Reading and publishing in-app purchase and subscription prices across 175 storefronts, and importing product catalogs.
  • Google Play Developer API: Reading and publishing product prices across 165+ countries, and importing product catalogs.
  • RevenueCat: Revenue analytics integration (MRR, active subscribers, churn, trial conversions). Connected only if you provide a RevenueCat API key.
  • Economic data providers: Exchange rates from open.er-api.com and frankfurter.app (ECB), purchasing power parity data from the World Bank Indicators API, and Big Mac Index data from The Economist (CC BY 4.0 licensed). These are public data sources; no personal data is sent to them.

7. Data Retention & Deletion

You can request deletion of your account and all associated data at any time from your account settings. Upon deletion, we remove all personal data, API credentials, and project configurations within 30 days.

8. Your Rights (GDPR / EEA)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data (also available from account settings).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing of your personal data, including for analytics purposes (you can withdraw analytics consent at any time via the cookie banner).

To exercise any of these rights, contact us at hello@baseprice.io. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in the United States by our service providers (Google Cloud / Firebase, Stripe). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and by the EU-U.S. Data Privacy Framework where applicable.

10. Contact Us

If you have questions about this Privacy Policy, contact us at hello@baseprice.io.

Olyndo Ltd, 124-128 City Road, London, EC1V 2NX, United Kingdom.