Privacy Policy & Confidentiality Statement (GDPR-Compliant)
1. Introduction
This Privacy Policy explains how Appster Digital ("the Company") collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), applicable UAE laws, and international data-protection standards.
We are committed to protecting the privacy, confidentiality, and security of all personal data processed through our systems, integrations, and services.
By using our developed systems, products, APIs, or integrations, we take consent to the practices described in this policy.
2. Data We Collect
We may collect the following types of information:
A. Personal Data Provided Directly by Users
- Name, email address, phone number
- Business information
- Account details
- Payment information (handled by secure PCI-compliant processors)
B. Automatically Collected Data
- IP address
- Device information
- Browser type
- Cookies and analytics data
C. Data Received Through Integrations
When integrating with third-party platforms (such as SAP, Oracle, Stripe, Zoho, Quickbooks, Firebase, Altegio etc), we process data strictly for operational and technical purposes required for client service delivery.
3. Legal Basis for Processing (GDPR Art. 6)
We process personal data on the following bases:
- Consent — when the user voluntarily provides information
- Contractual necessity — to provide our services
- Legitimate interest — to maintain security and improve platform performance
- Compliance with legal obligations
4. Purpose of Data Processing
We process data for the following purposes:
- Creating and managing user accounts
- Providing technical integration services
- System performance and analytics
- Customer support and communication
- Improving product functionality
- Ensuring platform security
We do not sell or share user data for marketing or commercial gain.
5. Data Storage & Security
We use industry-standard technical and organizational measures to protect personal data, including:
- Encrypted data storage (AES-256)
- Encrypted transmission (HTTPS/SSL)
- Secure data centers
- Role-based access control
- Regular security audits
All integration data, including third party -related API data, is handled with strict confidentiality.
6. Data Retention
We retain personal data only as long as required to:
- Deliver our services
- Fulfill contractual requirements
- Meet legal and regulatory obligations
Users may request deletion of their data at any time.
7. Data Sharing & Third Parties
We may share data only with:
- Authorized service providers
- Technical integration partners strictly for operational purposes
- Government/regulatory authorities when legally required
We do not share personal data with any unauthorized third parties.
8. International Data Transfers
If data is transferred to or stored in another country, we ensure:
- GDPR-compliant safeguards
- Standard Contractual Clauses (SCCs)
- Secure encryption
9. User Rights Under GDPR
Users have the right to:
- Access their data
- Request correction
- Request deletion ("right to be forgotten")
- Restrict processing
- Data portability
- Withdraw consent
- File complaints with supervisory authorities
Requests can be made anytime via email.
10. Cookies & Tracking Technologies
We use cookies for:
- Authentication
- Analytics
- Platform functionality
Users may disable cookies in their browser settings.
11. Non-Disclosure & Confidentiality Statement
We recognize the importance of protecting all confidential information shared with us, including but not limited to:
- Business data
- Customer data
- Integration keys & API credentials
- Operational processes
- Technical documentation
We commit to:
- Maintain absolute confidentiality of all data shared with us
- Not disclose, sell, or misuse any information
- Only use data for the purpose of providing services or integrations
- Secure all data with industry-standard protection
- Restrict access to authorized personnel only
- Cooperate fully with third party API partners and their system privacy and data-protection requirements
This confidentiality obligation remains active even after termination of any contract or integration.
