# Terms of Service Effective 2026-04-20. Plain-language v1; a legal-reviewed version will supersede it. ## Intended use AppAttest delivers API keys and service tokens to your iOS app after Apple App Attest verifies the app at runtime. Secrets live in AppAttest infrastructure until your app proves it's really your app; they then land in the device Keychain. Supported pattern: *secrets-of-secrets*. The keys AppAttest delivers authenticate calls from your app to services you operate or consume. The end user of your app is not a user of AppAttest. ## What you can store - API keys for third-party services (OpenAI, Anthropic, Stripe publishable or restricted keys, analytics vendors, feature flag services). - Short-lived service tokens issued to your app. - Signing or encryption keys used by your app to call services you operate. - Per-environment configuration values that must not ship in the binary. ## What you cannot store Uploading any of the following is a Terms violation and may result in suspension without refund: - Protected health information (PHI), as defined by HIPAA or equivalent regulation. - Payment card data (PCI): cardholder data, PANs, CVV/CVC values, full magnetic stripe or chip data. - Government-issued identifiers: SSNs, national IDs, passport numbers, driver's license numbers, tax IDs. - End-user personally identifiable information (PII). AppAttest secrets belong to your app, not to the people using it. - Credentials that grant administrative control over your AppAttest account or billing. - Any data you are contractually or legally required to encrypt at rest under a key you control exclusively. If a secret's disclosure would trigger a regulated breach-notification obligation, it does not belong in AppAttest. ## Acceptable use - One tenant's secrets stay within that tenant. You may not relay secrets across accounts you do not own. - You may not use AppAttest to deliver payloads unrelated to authenticating your app. - You are responsible for registering bundle identifiers you have the right to use. - Automated traffic to exhaust another tenant's quota or extract secrets outside the attested-device path is prohibited. ## Billing Each project on AppAttest is independent for billing. Sandbox usage is included indefinitely for development. A project becomes live by subscribing — subscribing IS the act of going live. The per-project subscription includes an allowance of requests per cycle; usage above that allowance is metered against rates published on the pricing page and drawn from a per-project prepaid balance you fund via top-up. Subscription and balance are independent — canceling the subscription does not affect the balance, and topping up the balance does not affect the subscription. Balance cannot go below zero; when allowance and balance are both exhausted, delivery for that project pauses until top-up or the next cycle reset. Each project gets a small trial allowance of production requests before subscribing, drawn from the first cycle's allowance so the total cycle-one budget is unchanged. ## Termination You can cancel at any time from the dashboard. AppAttest can suspend accounts for violations of the content prohibitions above, for repeated automated abuse, or for non-payment. On deletion, stored secrets are destroyed within 30 days. ## Liability AppAttest is provided on an as-is basis. Liability is limited to fees paid in the 12 months preceding the event giving rise to the claim. Apple App Attest is a service of Apple Inc. subject to Apple's own terms. ## Contact