SLAB collects your email and password only.

SLAB asks for your AppStore credentials which have access to push and publish applications to your AppStore account. At the first login we ask for the MFA/OTP code sent via SMS to your registered mobile phone to authorize the login. slab encrypts and store the user, password and session ID to allow the automated optimization process to run accordingly and collect and update your AppStore data in your slab account – collecting useful information offered on the AppStore - metrics in regards to views, installations and corresponding conversion rates.

SLAB encrypts data in the browser while you enter with a temporary, private GPG/PGP key generated locally by your browser and our public production server key. The encrypted credentials are transferred to our server and stored encrypted. Slab’s code automation has access to the server private key to decrypt and use the credentials accordingly. Only two system operations employees at slab have access to the private key to configure our automatic CI/CD system. slab also generates and configure a new private key and replace the encrypted data for every credential we have stored, when necessary.

SLAB follows a global standard secure software development lifecycle process. Every deployment to our production system requires a mandatory code-review, and a sign-off by our software quality assurance team. All our software deployments are completely automated via continuous integration and deployment processes. Our production environment runs on our own bare-metal hardware with a partnership from an infrastructure-as-a-service provider, Hetzner.(https://www.hetzner.com), which has very strict segregation of internal and public networks where the connection point between public and internal/private networks, and is isolated to a limited and extra-hardened set of machines. SLAB’s public endpoints are secured by a web-application firewall which scans every incoming request before letting it through to our internal clusters on which our software runs. We collect logs centrally and monitor these logs for untypical behavior and anomalies 24/7. Additionally, slab performs server-grade backups of our production databases and encrypt this data with a different set of keys which is stored on corresponding backup servers, in which have no direct access to the internet, except for automated vulnerability software updates.

SLAB uses Hetzner as the main infrastructure-as-a-service vendor who operates ISO certified facilities in Germany and Finland. All private and sensitive data, without exception, is stored on these servers.

As soon as there is a recognized breach, the IT global standard process ensures:

• Identify what has been breached and what data has been affected by the breach

• Identify and mitigate the root cause of the breach

• Communicate to everyone affected by a breach immediately and possibly prompt to change passwords as quickly as possible.

• Publish the breach publicly on our website since we believe only with transparency you can build trust.

All AppStores data require additional multi-factor authentication to actually execute these changes, and in case of a breach, there is no realistic way for an internal or external attacker to do any significant harm to your application and/or your most valuable asset.

SLAB partners with developers to massively increase the free organic installs of their mobile games. As such, slab has the same level of access as any dedicated ASO specialist. With the developer account access, all slab can do is update the data and graphics fields with new keywords, information and graphics. Once SLAB updates the key information, developers have the option to either manually submit the app to the stores or let slab do it automatically. Any other material changes to the app and the developer account are usually protected by another 2-factor verification, so slab cannot make any other changes to the account (such as changing passwords, adding different apps, etc.)