Privacy Policy

Last Updated: 02/23/2026

1. Introduction

SideKit (“we,” “our,” or “us”) provides backend-as-a-service (BaaS) infrastructure and tooling for mobile applications. Customers of SideKit (“customer”, “developer”, “app developer”) are those who integrate the SideKit SDK or call the SideKit API within their applications. This Privacy Policy describes how we collect, use, store, and process information when developers integrate the SideKit SDK or access our services.

We design SideKit as a privacy-first analytics and messaging platform, giving developers strict control over what leaves their applications. This Privacy Policy applies globally to all jurisdictions in which applications using SideKit are distributed.

2. Information We Collect

SideKit does not send or store IP addresses via normal operation of the SDK. Outside of the Feedback Center feature described below, it is against our terms of service for customers to send personal data to our services via the SideKit SDK or API.

2.1 Data Collected via the SideKit SDK

The SDK may send the following non-identifying metadata:

  • Country
  • Language
  • Platform
  • Device type
  • Operating system version
  • App version
  • Developer-defined signals (configured by the app developer)

2.2 Security and Version Validation Requests

Applications may contact SideKit for:

  • Version validation
  • Integrity or security checks
  • Developer-configured messages
  • Engagement features

These requests contain only the same non-PII metadata listed above and other data the developer chooses to add.

2.3 Feedback Center Data

When a developer uses the Feedback Center feature, their application may submit the following data through the SideKit SDK or API:

  • Feedback text: Free-form text written by end users of the developer's application
  • End-user identifier: An optional identifier the developer chooses to associate with the feedback (e.g., a username, email address, or opaque ID)
  • User attributes: Optional key-value metadata the developer attaches to the feedback submission
  • Device metadata: The same non-identifying fields listed in Section 2.1 (platform, country, language, device model, OS version, app version)

Because the feedback text, end-user identifier, and user attributes are developer-controlled, they may contain personally identifiable information (PII). Developers are responsible for disclosing this data collection to their own users and obtaining any required consent before transmitting PII to SideKit (see Section 9).

2.4 Information We Collect from Customers

When you create a SideKit account or otherwise use our platform as a developer, we may collect the following information:

  • Email address and username
  • Organization or company name (if provided)
  • Billing information, such as payment method and billing address
  • Support requests and communications
  • Dashboard usage logs, authentication logs, and service activity necessary to operate your account

All information collected is strictly limited to what is necessary to provide, maintain, and improve the Service.

3. How We Use Information

3.1 How We Use Collected Metadata from the SDK

We use collected metadata to:

  • Provide aggregate analytics to developers
  • Validate app versions and ensure integrity
  • Operate and improve backend infrastructure

Outside of the Feedback Center, this data cannot be used to identify individuals.

3.2 How We Use Feedback Center Data

We use Feedback Center data solely to:

  • Display feedback submissions to the developer in the SideKit dashboard
  • Enable the developer to organize, tag, and respond to feedback
  • Provide aggregate feedback metrics and trend analytics

Feedback Center data is accessible only to the developer who owns the application. SideKit does not use feedback data (including any PII it may contain) for its own analytics, advertising, or any purpose other than delivering the Feedback Center feature to the developer.

3.3 How We Use Developer Account Information

We use account data for the following purposes:

  • Account Management: To create, authenticate, and maintain your SideKit account
  • Billing and Payments: To process fees and manage subscriptions
  • Support and Communications: To respond to inquiries, provide updates, and troubleshoot issues
  • Service Improvement: To monitor platform usage and improve performance, reliability, and security
  • Compliance and Legal Obligations: To comply with applicable laws and enforce our Terms of Service

Developer account data is never shared with third parties for marketing purposes and is only accessed by authorized personnel on a need-to-know basis.

4. Legal Basis for Processing

Processing is based on:

  • Contractual necessity: delivering services requested by developers
  • Legitimate interests: providing analytics, security, and infrastructure

Developers may have their own legal obligations depending on their jurisdiction and app design.

5. Data Sharing and Transfers

We do not sell, rent, or trade data. We share only aggregated, non-identifiable analytics with developers using SideKit.

Because services operate globally, data may be processed in regions outside a user's jurisdiction.

Infrastructure Providers (Cloudflare)

SideKit uses Cloudflare for content delivery, routing, logging, and other infrastructure. While SideKit does not collect or store IP addresses, Cloudflare may process and temporarily log IP addresses and other network-level request metadata as part of normal operations. This processing is transient and governed by Cloudflare’s data-processing terms. SideKit does not access, use, or store this data.

6. Data Retention

SideKit retains metadata and request-related data with associated values as specified by developers indefinitely for the following purposes:

  • Provide analytics configured by developers
  • Operate service functionality
  • Comply with legal obligations

Feedback Center data (including feedback text, end-user identifiers, and user attributes) is retained until the developer deletes it through the dashboard or API, or until the developer's account is terminated. Developers may delete individual feedback items at any time.

7. Security

We implement administrative and technical safeguards, including access control and minimizing the type and amount of data that a user can access at any given time.

8. Children’s Privacy

Outside of the Feedback Center, SideKit does not collect PII and is not designed to independently identify or track children. Where a developer enables the Feedback Center in a child-directed application, the developer is solely responsible for ensuring that no PII of children is transmitted without the consent required by applicable law (e.g., COPPA). Developers are responsible for lawful deployment of all SideKit features within child-directed applications.

9. Developer Responsibilities

Developers integrating the SideKit SDK must:

  • Ensure submitted custom signals never contain PII
  • Ensure their use of SideKit complies with applicable laws

Developers who enable the Feedback Center must additionally:

  • Inform their end users that feedback submissions (including any identifier or free-text content) will be transmitted to and stored by SideKit
  • Obtain any consent required by applicable privacy laws before transmitting end-user PII to SideKit
  • Not transmit sensitive personal data (e.g., health information, financial account numbers, government-issued identifiers) through the Feedback Center

10. User Rights

For analytics data outside of the Feedback Center, SideKit does not collect personal data, so standard data-subject rights (access, correction, deletion) generally do not apply.

For Feedback Center data that may contain PII: end users of a developer's application should direct data-subject requests (access, correction, deletion) to the developer. Developers can delete feedback items through the SideKit dashboard or API. If a developer is unable to fulfill a request, the end user may contact us at [email protected] and we will work with the developer to resolve it.

App developers who wish to have their account or data deleted may contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy. Material changes will be reflected in the “Last Updated” date above.

12. Contact Us

For questions regarding this Privacy Policy, contact: [email protected]