Privacy Policy


At webtoapp.design one of our main priorities is the privacy of our visitors, customers and their users. This Privacy Policy document contains types of information that is collected and recorded by webtoapp.design and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies to visitors of our website, apps we create for our customers and users of those apps.

Consent

By using our website and products, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

By default, all data we collect and work with is stored on our servers located in Germany.

To upload your app to the Apple App Store, we need to temporarily transfer your app's source code to our servers in the USA. Then we build the app on those servers and upload it to Apple. Afterwards the source code is deleted from those servers and only remains in Germany. The source code does not contain any of your personal information (e.g. your email). It only contains the same information as the app, for example the app icon, app name and the colors used in the app.

Website

User Account

We store the following data about each user account:

  • The user's email address
  • Whether the user confirmed their email address
  • A salted hash of the user's password which means we can't see your password - this is a recommended security practice
  • The registration date of the account

We use the email and password to allow you to log in on our website and, if necessary, to contact you via email.

The registration date and email confirmation status are used for security reasons and to detect potential website issues.

If you use our account quick-creation procedure by ordering an app without manually creating an account beforehand, your account will not have a password until you set one via the email you received or by using the password reset functionality.

Cookies

We use essential cookies for features such as:

  • User authentication (e.g. login) functionality
  • Website language setting
  • Preventing CSRF attacks with your account

If you allow non-essential cookies, we will also use Google Analytics cookies to gain insight into how you use our website. You can find more information about how and where Google processes your data below.

Emails

Some of our automated emails collect anonymous statistics on whether or not they were opened. This information is used to avoid sending irrelevant emails and improve our email contents. To opt out, please contact us.

Apps

For each app we manage, we need to store information about it to provide our service. It's impossible to provide a completely detailed and exhaustive list here, but the most important parts are:

  • General information like the app's name and the website the app is for
  • Features the app supports, like the selected operating systems (Android and/or iOS) and addons (e.g. push notifications)
  • The current order and app publishing status
  • Customized aspects of the app, such as used colors and icons
  • The code of the app
  • Keys and certificates required to digitally sign and publish the app in app stores
  • Crash reports to improve the app. Your user's can opt out of crash reporting in the app's settings. No personal information is collected
  • Screenshots of the app that you can use for the app store listing
  • Screen recordings of webtoapp.design team members using the app to show you a preview of the app. We upload these to Youtube so you can view them easily. The video is unlisted though, so only people you share the link to the video with can watch it.

Unless expressly stated otherwise, all of this data is solely used to provide our best possible service to you.

Data We Don't Store

Some examples of data we explicitly do not store to protect your and your app user's privacy:

  • We store no personal data about any users of your app.
  • We do not store the contents of push notifications you send to your app users. However, to make push notifications work, the contents need to be shared with Google Firebase and Apple's push notification service 'APN'. We can't retrieve the contents of the push notifications from Firebase or APN.

Contact

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Payments

All payments are handled by our merchant of record Paddle. For the purpose of payment processing, we need to provide them your email address and the product you're purchasing. They are fully GDPR compliant and handle your data responsibly. They also do not provide your payment details such as your credit card number to us.

Paddle Privacy Policy

Log Files

We follow a standard procedure of using log files. These files log requests to our servers and contain the IP address and the requested page. We don't personally identify you with this data. We also use log files to log events that could indicate incorrect functioning of the website. The log files are only used to detect potential attacks or problems on our website.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

  • Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
  • Request that a business delete any personal data about the consumer that a business has collected.
  • Request that a business that sells a consumer's personal data, not sell the consumer's personal data. We do not sell your personal data, you do not need to specifically request it.

If you make a request, we have up to one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

Under the GDPR, among other rights, our users have the right to:

  • Request copies of your personal data.
  • Request that we correct any information you believe is inaccurate.
  • Request that we complete the information you believe is incomplete
  • Request that we erase your personal data, under certain conditions.
  • Request that we restrict the processing of your personal data, under certain conditions.
  • Request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Object to our processing of your personal data, under certain conditions.

If you make a request, we have up to one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children's Information

Our service does not specifically appeal to children and we do not offer our service to children. We do not knowingly collect any information from children under the age of 13. If you think that your child provided any kind of information on our website, we encourage you to contact us and we will remove such information from our records.

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 §1 lit. f. GDPR) we use Google Analytics, a web analysis service of Google LLC ('Google').

We only use Google Analytics if you agree to our use of all cookies. If you only accept the required cookies, we do not use Google Analytics to analyse your behaviour on our website.

Google uses cookies. The information generated with the help of the cookie about your use of the website is usually transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law: PrivacyShield

Google will use this information on our behalf in order to evaluate the use of our website by the users, to compile reports on the activities within this website and to provide us with further services related to the use of this website and the internet. The processed data can be used to create pseudonymous user profiles of the users.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser accordingly. Users can also prevent the collection of data generated with the help of the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: Opt-out Plugin

Further information on the use of data by Google, setting and objection options, can be found in Google's Privacy Policy

The personal data of users will be deleted or anonymised after 14 months.