Appy

Privacy Policy

Effective: March 28, 2026
Version 2.0

Privacy Overview

Data CollectionData SecurityYour RightsData SharingCookies & Tracking

Our Privacy Commitment

At Appy, we are committed to transparent processing of personal data and to protecting account and analytics data collected through the service.

Information We Collect

Personal Information

  • Email address
  • First and last name
  • Profile information
  • Authentication data

Service Data

  • URLs you shorten
  • QR code preferences
  • Link analytics settings
  • Custom domains

How We Collect Data

1. Account Registration

When you create an account, we collect:

  • Email address (required for account access)
  • First and last name (for personalization)
  • Password (encrypted and stored securely)
  • OAuth data (if you sign up with Google)

2. Service Usage

When you use our URL shortening service:

  • Original URLs you want to shorten
  • Custom slugs and link settings
  • App store URLs for different platforms
  • QR code customization preferences

3. Analytics Data

When someone clicks your links, we automatically collect:

  • Device type and operating system
  • Geographic location (country/region)
  • Referrer information
  • Click timestamps
  • User agent information

Note: Click analytics can include technical identifiers such as IP address, user-agent, and referrer. We use this data for security, abuse prevention, service performance, and aggregated reporting.

Data Security

Security Measures

We implement industry-standard security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. We also apply retention schedules by data category and delete or anonymize data when it is no longer needed for service operation, legal obligations, fraud prevention, or security.

Technical Safeguards

  • HTTPS encryption for all data transmission
  • Bcrypt password hashing
  • JWT token-based authentication
  • Database encryption at rest
  • Regular security audits
  • Access controls and monitoring

Operational Security

  • Limited employee access to data
  • Regular backup procedures
  • Incident response protocols
  • Third-party security assessments
  • Secure development practices
  • Data retention policies

Data Sharing

We do not sell personal data and we do not share user account data with third parties for advertising or resale:

Service Providers

Core Appy account and link data is managed within Appy systems. If you start a paid purchase, checkout and invoicing are handled by Lemon Squeezy as Merchant of Record for that transaction.

Legal Requirements

We may disclose information when required by law, court order, or government regulation.

International Transfers

Your data may be processed in countries outside your residence. Where required by law, we apply appropriate transfer safeguards and contractual protections.

Cookies & Tracking

We use cookies and similar tracking technologies. Essential cookies are required for service operation. Non-essential analytics cookies are enabled only where consent is required and provided:

Essential Cookies (Always On)

  • Authentication tokens
  • Session management
  • Security features
  • User preferences

Analytics Cookies (Optional Where Required)

  • Usage patterns
  • Performance metrics
  • Feature effectiveness
  • Error tracking

Your Privacy Rights

Depending on your jurisdiction (including KVKK and GDPR regions), you may have the following rights:

Access & Portability

You can request confirmation about your data and ask for a copy in a portable format.

Correction & Updates

You can correct or update inaccurate account information through account settings or by contacting us.

Deletion & Erasure

You can request deletion of your account and associated data, subject to legal, fraud, and security retention obligations. We may ask you to verify your identity before completing deletion requests.

Objection & Restriction

You can object to or request restriction of certain processing activities, and you can withdraw consent where consent is the legal basis.

Privacy Questions?

If you have questions about this Privacy Policy, international transfers, or data rights requests, contact us:

Email: [email protected]

Support: https://appy.to/support

Response Time: We respond to privacy inquiries within 30 days (or as required by local law)

Privacy Policy | Appy · Appy