Privacy Policy
Last updated: February 2026
1. Data Controller
Appify ("we", "us", "our") is responsible for the processing of your personal data as described in this Privacy Policy.
2. Data We Collect
We collect the following categories of personal data:
- Account data: email address, full name, avatar (if provided via Google OAuth)
- Project data: projects you create, project files, code generated by AI
- Chat data: messages sent to the AI assistant within the builder
- Usage data: number of AI generations, features used, plan subscription details
- Payment data: processed by Stripe (we do not store credit card numbers)
- Technical data: IP address, browser type, device info (collected via essential cookies)
3. How We Use Your Data
- To provide and maintain the Appify service
- To process your subscription and payments
- To generate AI-powered code based on your prompts
- To improve our AI models and service quality
- To send you service-related communications
- To comply with legal obligations
4. Legal Basis for Processing (GDPR)
- Contract performance: processing necessary to provide the Appify service you subscribed to
- Legitimate interest: service improvement, fraud prevention, security
- Consent: marketing emails, analytics cookies (you can withdraw consent at any time)
- Legal obligation: tax records, regulatory compliance
5. Sub-processors
We use the following third-party services to process your data:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | US / EU |
| Stripe | Payment processing | US / EU |
| Anthropic | AI code generation (Claude API) | US |
| Vercel | Hosting and deployment | Global CDN |
6. Your Rights
Under the GDPR, you have the following rights:
- Right of access: request a copy of all your personal data
- Right to rectification: correct inaccurate personal data
- Right to erasure: request deletion of your account and all associated data
- Right to data portability: download your data in a machine-readable format (JSON)
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: withdraw consent for marketing and analytics at any time
You can exercise your data portability and erasure rights directly from your account settings. For other requests, contact us at privacy@appify.dev.
7. Data Retention
We retain your personal data for as long as your account is active. Upon account deletion, all personal data is permanently deleted within 30 days. Payment records are retained for 7 years as required by tax law.
8. Data Security
We implement appropriate technical and organizational measures including encryption in transit (TLS 1.3), encryption at rest, access controls, and regular security audits.
9. International Transfers
Some of our sub-processors are located in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification.
11. Contact
For privacy-related inquiries, contact us at: privacy@appify.dev