Privacy Policy

Posted on 1. January 2020 by Jan Bunk


At webtoapp.design one of our main priorities is the privacy of our visitors, customers and their users. This Privacy Policy document contains types of information that is collected and recorded by webtoapp.design and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies to visitors of our website, apps we create for our customers and users of those apps.

Consent

By using our website and products, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

Website

User Account

We store the following data about each user account:

  • The user's email address
  • Whether the user confirmed their email address
  • A salted hash of the user's password which means we can't see your password - this is a recommended security practice
  • Whether the user wants to receive our newsletter
  • The registration date of the account

We use the email and password to allow you to log in on our website and, if necessary, to contact you via email.

The newsletter preference is stored to avoid sending newsletters to anyone that is not interested in it.

The registration date and email confirmation status are used for security reasons and to detect potential website issues.

If you use our account quick-creation procedure by ordering an app without creating an account beforehand, your account will not have a password until you set one via the email you received or by using the password reset functionality. Additionally, your account will be set to receive our email newsletter until you unsubscribe.

Other

Cookies

We use essential cookies for features such as:

  • User authentication (e.g. login) functionality
  • Website language setting
  • Preventing CSRF attacks with your account
  • Enabling/disabling non-essential cookies

If you allow non-essential cookies, we will also use Google Analytics cookies to gain insight into how you use our website. You can find more information about how and where Google processes your data below.

Apps

For each app we manage, we need to store information about it to provide our service. This can include:

  • The app's name
  • The website the app is for
  • The operating systems the app supports
  • The current order and app publishing status
  • Potentially selected addons (e.g. push notifications) for the app
  • The user account the app belongs to
  • Customized aspects of the app, such as used colors and icons
  • Keys and certificates required to digitally sign and publish the app in app stores
  • Screenshots of the app that the customer can use for the app store listing
  • Screen recordings of the app in use to provide a preview of the app to the customer

Data We Don't Store

Some examples of data we explicitly do not store to protect your and your app user's privacy:

  • We store no personal data about any users of your app. The only data we receive from your app users is in the event of an error in the app. These error reports contain no personal information and are only used to improve our apps.
  • We do not store the contents of push notifications you send to your app users. However, to make push notifications work, the contents need to be shared with Google Firebase and Apple's push notification service 'APN'. We can't retrieve the contents of the push notifications from Firebase or APN.

Contact

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Payments

All payments are handled by our merchant of record Paddle. For the purpose of payment processing, we need to provide them your email address and the product you're purchasing. They are fully GDPR compliant and handle your data responsibly. They also do not provide your payment details such as your credit card number to us.

Paddle Privacy Policy

Log Files

We follow a standard procedure of using log files. These files log requests to our servers and contain the IP address and the requested page. We don't personally identify you with this data. We also use log files to log events that could indicate incorrect functioning of the website. The log files are only used to detect potential attacks or problems on our website.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

We do not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided any kind of information on our website, we strongly encourage you to contact us immediately and we will do our best to promptly remove such information from our records.

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 §1 lit. f. GDPR) we use Google Analytics, a web analysis service of Google LLC ('Google'). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf in order to evaluate the use of our website by the users, to compile reports on the activities within this website and to provide us with further services related to the use of this website and the internet. The processed data can be used to create pseudonymous user profiles of the users. We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on the use of data by Google, setting and objection options, you can find in the privacy policy of Google (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated). The personal data of users will be deleted or anonymised after 14 months.