Legal

Terms of Service

Last updated: May 11, 2026

1. Purpose

StatHall (“the Service”) is a web platform that unifies technical data (Sentry, Firebase Crashlytics) and business data (App Store Connect, Google Play) from your mobile applications into a single read-only cockpit. The Service is delivered as Software-as-a-Service at stathall.com.

These Terms of Service (“Terms”) govern access to and use of the Service by any user (“You”). Creating an account entails unconditional acceptance of these Terms.

2. Publisher

The Service is personally published by Sébastien Soulier, individual entrepreneur (French micro-entrepreneur regime).

  • Address: 12 Rue Georges Brassens, 32600 Lias, France
  • SIRET: 10483848700015
  • Contact: contact@stathall.com

3. User account

3.1 Public signup

Public signup requires a valid email address and a password of at least 12 characters. A verification email is sent to the provided address; the account is only activated after the verification link is clicked (valid 24 h).

Administrator approval. Since V3.S9, account requests created through public signup require approval by a platform administrator. Indicative processing time is 24 to 48 hours. You will receive an email confirmation upon approval, or a motivated rejection email otherwise. Requests that remain undecided for more than 30 days are automatically closed; you may then submit a new request.

3.2 Invitation-based creation

An app owner or co-owner can invite you by email. The invitation link carries an opaque token valid for 7 days and can only be consumed once. The inviter can revoke the link at any time before it is used. Invitation-based accounts are activated immediately, without going through administrator approval: possession of the token sent to the target address stands as proof.

3.3 Access roles

Four access levels coexist:

  • super-administrator (platform): sees the list of apps and their technical metadata (name, connector configuration, sync status), but does not have access to business data (reviews, anomalies, AI summaries, crashes, detailed metrics) of an app they are not a member of. To intervene technically on an app they don’t administer, they must grant themselves a temporary tracked access (see 3.5) or be added as owner / co-owner / viewer by a team member.
  • app owner: full control of the app, including deletion and ownership transfer
  • app co-owner: all owner rights except app deletion and ownership transfer
  • app viewer: read-only access, no modification rights.

Assigning access roles to an app is done exclusively through the invitation system (apart from ad-hoc intervention by a super-administrator under the temporary access defined in 3.5).

3.4 Ownership transfer

The principal owner of an app can transfer ownership to an existing co-owner or to a super-administrator from the Team tab of the app page. The recipient becomes principal owner and the previous owner keeps a co-owner access so as not to lose visibility on the app during the handover. Both parties receive a confirmation email and the event is logged in the audit trail.

A super-administrator can, in exceptional cases (owner unreachable, departed, deceased, or dismissed), force the transfer from the admin console at the request of a legitimate third party (heir, HR department, official support). This action requires a written reason (10-character minimum), kept in the audit trail, and can be accompanied by supporting documentation provided by the third party initiating the request (death certificate, HR attestation, mandate) as a PDF, PNG or JPEG file, up to 5 MB. When present, this document is stored encrypted at rest for 3 years for audit and contestation purposes, with an integrity hash recorded in the audit log. The forced transfer triggers an immediate email notification to the previous owner with a link to contest; the previous owner keeps a co-owner access.

3.5 Super-administrator temporary access

To intervene technically on an app they are not a member of (support, debug, incident response), a super-administrator can grant themselves a temporary access (“break-glass”) limited to a duration between 1 and 72 hours. This access:

  • requires a written reason (20-character minimum), entered at request time and visible to the app owner
  • triggers an immediate email to the owner with the super-administrator’s identity, the requested duration, and the reason
  • is recorded in the app’s audit trail (creation, data access, revocation, expiration)
  • can be revoked at any time by the app owner from the app page, or by the super-administrator themselves
  • expires automatically at the deadline, with a confirmation email to the owner.

The history of temporary accesses (reasons, durations, dates) remains visible in the audit trail for 30 days after expiration, then is cleaned up.

3.6 Responsibility

You are solely responsible for keeping your credentials confidential and for any activity performed through your account. Any fraudulent or unauthorized use must be reported to contact@stathall.com as soon as possible.

3.7 Two-factor authentication

Two-factor authentication (TOTP) is mandatory for all accounts. A 24-hour window after email verification lets the user finish onboarding before being redirected to enrollment. In development environments, the enrollment constraint is lifted but manual enrollment remains available.

4. Service description

StatHall is a read-only tool. The Service:

  • Reads data from your third-party accounts (Sentry, ASC, Google Play) using the credentials you provide
  • Stores this data in its database to compute aggregates, anomalies and summaries
  • Sends no data back to your third-party accounts and performs no action (no review responses, no release modification)
  • Sends no outbound notifications (email, SMS, push, webhook) except the strictly necessary transactional emails (verification, password reset, deletion confirmation).

5. User obligations

You agree to:

  • Only connect third-party accounts you legitimately own or for which you have explicit authorization
  • Comply with the terms of service of the third-party services (Sentry, Apple, Google) you connect through StatHall
  • Not attempt to bypass the Service’s security or multi-tenant isolation mechanisms
  • Not use the Service for unlawful activity or activity contrary to public order.

6. Third-party credentials and security

The credentials you enter (API keys, .p8 files, service accounts) are encrypted in the database using Fernet with a master key held by the publisher. Credentials are never logged in clear. You can delete them at any time from your app’s configuration page.

7. Availability

The Service is provided “as is”. The publisher commits to best-effort availability but offers no contractual service level agreement (SLA). Interruptions may occur for maintenance, upgrades or external causes (hosting provider, third-party APIs).

8. Intellectual property

The source code, trademark and graphical assets of the Service remain the publisher’s property. The business data you ingest (reviews, crashes, metrics) remains your property; you retain the right to erasure and portability (see Privacy Policy).

9. Pricing

The Service is offered free of charge. Voluntary donations can be made through the channels listed on the /donate page. No financial obligation is tied to use of the Service.

10. Suspension and termination

10.1 By the user

You may delete your account at any time from the My account → Privacy page. Deletion takes effect after a 30-day cancellation window (cf. GDPR art. 17).

10.2 By the publisher

The publisher may suspend or terminate an account in case of breach of these Terms, obvious abusive use (quota bypass, scraping, attack) or request from a competent authority. A notification email will be sent when possible.

11. Limitation of liability

As the Service is provided free of charge, the publisher’s liability is limited to direct damages resulting from gross or intentional fault. The publisher cannot be held liable for:

  • Loss of third-party data hosted at Sentry, Apple or Google
  • Temporary unavailability of the Service
  • Business decisions made based on the data served (aggregates and AI summaries are provided for information only).

12. Governing law

These Terms are governed by French law. Any dispute relating to their interpretation or performance falls under the jurisdiction of the courts competent for the publisher’s registered office, except for imperative provisions to the contrary.

13. Changes

The publisher may change these Terms. Any material change will be notified by email at least 15 days before its effective date. Continued use of the Service after this date constitutes acceptance of the new Terms.