Legal

Privacy Policy

Last updated: May 2026

1. Who We Are

Apporb is operated by Coding Deep Dive inh. Ravi Kumar Sharma, a sole proprietorship registered in Germany.

Address:
Coding Deep Dive inh. Ravi Kumar Sharma
Herzbergstr. 154
10367 Berlin, Germany

Contact: contact@apporb.ai

We are the data controller for the personal data processed through the Apporb website (apporb.ai) and platform.

2. What Data We Collect

2.1 Account & Platform Users

When you create an account or use the Apporb platform, we collect:

  • Name and email address
  • Password (stored as a one-way bcrypt hash — never in plain text)
  • Workspace name and settings
  • Billing address and payment information (processed by Stripe — we never store raw card data)
  • App Store Connect and Google Play credentials you choose to connect (stored encrypted using AES-256-GCM)
  • Content you create within the platform (store listings, screenshots, notification templates)
  • Usage data: number of AI calls made, apps connected, features used
  • Subscription and billing history

2.2 Website Visitors

When you visit apporb.ai, we may collect:

  • IP address and approximate location (country/city)
  • Browser type, device type, and operating system
  • Pages visited, time spent, and referral source
  • Anonymised analytics events (via PostHog and Google Analytics)

2.3 Support & Communications

When you contact us by email, we collect:

  • Your name and email address
  • The content of your message

3. How We Use Your Data

PurposeLegal Basis (GDPR)
Provide and operate the Apporb platformPerformance of a contract (Art. 6(1)(b))
Process payments and manage subscriptionsPerformance of a contract (Art. 6(1)(b))
Enforce plan limits and usage meteringPerformance of a contract (Art. 6(1)(b))
Send transactional emails (invoices, password reset)Performance of a contract (Art. 6(1)(b))
Respond to support requestsLegitimate interest (Art. 6(1)(f))
Improve the platform through analyticsLegitimate interest (Art. 6(1)(f))
Monitor errors and platform stability (Sentry)Legitimate interest (Art. 6(1)(f))
Comply with legal obligations (tax, accounting)Legal obligation (Art. 6(1)(c))
Send product updates or marketing emailsConsent (Art. 6(1)(a)) — you may opt out at any time

4. Third-Party Services We Use

We share data with the following trusted third parties to operate our service:

ServicePurposeData location
StripePayment processing and subscription managementUSA (SCCs apply)
OpenAIAI-powered translation and text generationUSA (SCCs apply)
Google (Play Developer API)Accessing Play Store data on your behalfUSA (SCCs apply)
Apple (App Store Connect API)Accessing App Store data on your behalfUSA (SCCs apply)
PostHogProduct analytics (self-hosted or EU cloud)EU / USA
Google AnalyticsWebsite traffic analyticsUSA (SCCs apply)
SentryError monitoring and crash reportingUSA (SCCs apply)
HetznerCloud hosting and database infrastructureGermany (EU)

SCCs = Standard Contractual Clauses approved by the European Commission for transfers outside the EEA.

We do not sell your personal data to any third party, ever.

5. Third-Party Credentials You Connect

When you connect your App Store Connect or Google Play credentials, those credentials are encrypted at rest using AES-256-GCM with a server-side key. They are only decrypted transiently in memory when making API calls on your behalf. We do not share these credentials with any third party other than Apple and Google directly.

You can delete your credentials at any time from the Settings page. Deletion is immediate and permanent.

6. Data Retention

Data typeRetention period
Account and profile dataUntil account deletion, then 30 days before permanent deletion
Billing records and invoices10 years (German commercial law — §257 HGB)
Connected credentialsUntil you delete them from Settings
Platform content (listings, screenshots)Until account deletion
Error logs (Sentry)90 days
Analytics data (PostHog, Google Analytics)24 months
Support email correspondence3 years from last contact

7. Your Rights Under GDPR

As a resident of the European Economic Area (or anyone using our service), you have the following rights regarding your personal data:

  • Right of accessRequest a copy of the personal data we hold about you.
  • Right to rectificationRequest correction of inaccurate or incomplete data.
  • Right to erasureRequest deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restrict processingRequest that we limit how we use your data in certain circumstances.
  • Right to data portabilityReceive your data in a structured, machine-readable format.
  • Right to objectObject to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consentWhere processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at contact@apporb.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the German supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de

8. Cookies

Apporb uses the following cookies and similar technologies:

CookiePurposeType
access_tokenKeeps you logged in (httpOnly, secure)Essential
workspaceIdRemembers your active workspaceEssential
_ga, _gidGoogle Analytics — website usage statisticsAnalytics
ph_*PostHog — product analyticsAnalytics

Essential cookies cannot be disabled as they are required for the platform to function. You may disable analytics cookies by adjusting your browser settings or using a browser extension such as uBlock Origin.

9. Data Security

We implement the following technical and organisational measures to protect your data:

  • All data in transit encrypted via TLS 1.2+
  • Passwords hashed using bcrypt (12 rounds)
  • Third-party credentials encrypted at rest with AES-256-GCM
  • Database access restricted to application servers only (no public exposure)
  • Infrastructure hosted on Hetzner data centres in Germany (ISO 27001 certified)
  • Error monitoring via Sentry to detect and address vulnerabilities promptly

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Art. 33–34.

10. International Data Transfers

Some of our third-party service providers (Stripe, OpenAI, Sentry, Google Analytics) are based in the United States. Transfers to these providers are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Art. 46(2)(c), ensuring an adequate level of protection for your personal data.

11. Children's Privacy

Apporb is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last updated" date at the top of this page. Continued use of Apporb after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any questions, data requests, or concerns about this Privacy Policy, please contact:

A
Apporb

Coding Deep Dive inh. Ravi Kumar Sharma
Herzbergstr. 154
10367 Berlin, Germany

contact@apporb.ai