Security

An App Store Connect API key is a sensitive credential. This page explains exactly how Daily Sales Email handles yours, what permissions it actually needs, and how to rotate or revoke access at any time.

What we ask Apple for

The App Store Connect API key you generate for Daily Sales Email needs only the Sales and Finance role. We do not request, need, or accept "Admin" or "App Manager" keys. The Sales-and-Finance role is read-only and limited to the Sales and Trends report endpoints; it cannot create or modify apps, manage users, change pricing, push builds, or alter your account in any way.

If a key with broader permissions is uploaded, Daily Sales Email still uses only the Sales and Trends endpoints. The extra permissions are simply unused -- but generating a Sales-and-Finance-only key is the right practice and what we recommend.

How we store the key

The .p8 private key body and metadata (Key ID, Issuer ID, Vendor ID) are bundled into a JSON envelope.
The envelope is encrypted with AES-256-CBC using a randomly generated per-record initialization vector, before being written to our database.
The IV is stored alongside the ciphertext; the encryption key is held outside the database and is loaded into the worker process at startup. Even with a database dump in hand, the encrypted key is unusable.
The plaintext key is decrypted into memory only while a report is being fetched and signed JWTs are being generated. It is never logged, written to disk, or transmitted off-server.

What we read, and what we never touch

The integration is intentionally narrow. We read four report types from the App Store Connect Sales and Trends API:

Daily sales report (units, refunds, proceeds, country breakdown)
Subscription report (active subscribers, trials, proceeds per subscription product)
Subscription event report (conversions, renewals, used for trend math)
Customer reviews (from the public iTunes RSS reviews feed)

We do not access build binaries, beta testers, in-app purchase content, banking and tax information, your apps' source artifacts, user feedback in TestFlight, or any other App Store Connect surface area. There is no read-write integration of any kind.

Data retention

Apple's raw report files are not stored. They are downloaded, parsed, rendered into the email, and then discarded. The numbers shown in your daily email are reproduced freshly from Apple each day; we do not maintain a historical mirror of your sales in our database.

What we do store, per user: your email address, send preferences (which fields, which cadences, which currency), the encrypted API key envelope described above, and a small list of recent review IDs we use to avoid showing the same review in two consecutive emails. That's the entire user record.

Transport

The website and the API calls into App Store Connect are HTTPS-only with HTTP/2. Every API call to Apple is signed with a freshly minted ES256 JWT (RFC 7519) using your private key, with a 15-minute expiration window per the App Store Connect requirements.

Key rotation and revocation

You retain full control of the key at all times.

Rotate: generate a new key in App Store Connect, paste the new contents into the Daily Sales Email account page, save. The previous key is immediately overwritten in our database.
Revoke: revoke the key directly in App Store Connect. The next attempt by Daily Sales Email to fetch a report will fail; you'll get an email letting you know to reconnect with a fresh key. No further data is accessible to us.
Delete account: from the account page, click "Delete account" and confirm. The encrypted authentication record, settings, and email-preferences rows are removed at the next admin tick (typically within five minutes).

Reporting a security issue

If you find a vulnerability or suspected misuse, please report it directly to our contact address rather than via public channels. We aim to acknowledge security reports within one business day.

What we don't claim

We are honest about scope: Daily Sales Email is a small indie service, not a SOC 2 / ISO 27001 audited platform. We don't claim certifications we don't hold. The service is also currently 100% free, which means no commercial relationship and no contractual SLA. The above is what we actually do; if it's not enough for your organization's policy, that's a legitimate reason to use a different tool.

← Back to home