A
UrlToApk

Privacy Policy

Last updated: 2026-05-03

UrlToApk (“we”, “our”, “us”) builds Android APKs from public web URLs you provide. This policy explains what data we collect when you use the platform at apkforge.net, how we use it, and the rights you have over it.

1. What we collect

  • Account data: email address, name, password hash (argon2id), optional phone, and avatar URL.
  • Build data: the source URLs you submit, the build configuration you choose (orientation, permissions, splash, etc.), and the resulting APK files. We retain build logs for support and abuse-detection purposes.
  • Payment data: USDT-TRC20 transactions are recorded with your wallet address, tx hash, amount, and the plan you purchased. We never see card numbers.
  • Operational telemetry: IP address, user agent, request timing, and error traces (via Sentry, when enabled). Retained 30–90 days.

2. How we use it

  • To deliver the service: authenticate you, run builds, deliver APKs, credit payments.
  • To prevent abuse: rate-limit, detect fraud, ban malicious accounts.
  • To improve the product: aggregate, anonymised usage analytics.
  • To contact you: transactional emails (verification, reset, build/payment status). Marketing emails are opt-in via your notification preferences.

3. Sharing

We do not sell personal data. We share data only with subprocessors strictly necessary to run the service: our hosting provider, our object-storage provider for APKs, our SMTP provider for transactional email, and our error-tracking provider when configured. Each is bound by a data processing agreement.

4. Retention

  • Account data: kept while your account is active. Deletion on request (see below).
  • Builds & APKs: kept for 90 days after the last download or build completion, then deleted.
  • Payment records: retained 7 years to comply with financial-record obligations.
  • Logs & telemetry: rotated after 90 days.

5. Your rights

You can access, correct, export, or delete your account data at any time. Use the in-app Settings → Security page or email support@apkforge.net. For EU/UK users: this fulfils your rights under GDPR/UK GDPR. We respond within 30 days.

6. Security

Passwords are hashed with argon2id. JWTs are short-lived and stored in httpOnly Secure cookies. All traffic to the API is served over TLS. Logged-out tokens are blacklisted server-side.

7. Children

UrlToApk is not directed at children under 16. We do not knowingly collect data from them.

8. Changes

Material changes will be announced in-app and by email at least 14 days before they take effect.

9. Contact

Questions? Reach us at support@apkforge.net.