Privacy Policy

1. Introduction

AppSuiteHQ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at appsuitehq.com and its subdomains (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, password when you create an account
• Profile Information: Company name, job title, profile picture, timezone preferences
• Business Data: Client information, project details, time entries, contracts, proposals, and other data you enter into the Service
• Payment Information: Billing address and payment method details (processed securely by Stripe)
• Communications: Information in emails, support tickets, or other communications with us

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages viewed, features used, time spent on the Service
• Log Data: IP address, access times, referring URLs
• Cookies: We use essential cookies for authentication and preferences (see Cookie Policy below)

3. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Develop new features and services
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalize and improve your experience

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

• Contract Performance: Processing necessary to provide our Service to you
• Legitimate Interests: For security, fraud prevention, and service improvement
• Consent: For optional features like marketing communications
• Legal Obligation: When required by law

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in these circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (hosting, payment processing, analytics)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you explicitly authorize us to share your data

5.1 Third-Party Services

We use the following third-party services:

• Supabase: Database and authentication (EU data center available)
• Stripe: Payment processing (PCI DSS compliant)
• Resend: Transactional emails
• Cloudflare: CDN and security
• Plausible Analytics: Privacy-friendly analytics (no cookies)

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. After account deletion:

• Personal data is deleted within 30 days
• Backups are purged within 90 days
• Anonymized analytics data may be retained indefinitely
• Legal compliance records are kept as required by law

7. Your Rights

Under GDPR and other privacy laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Restriction: Limit processing of your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@appsuitehq.com or use the GDPR Compliance tool in your dashboard.

8. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Secure development practices
• Incident response procedures

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

• EU Standard Contractual Clauses
• UK International Data Transfer Agreement
• Data processing agreements with all vendors

10. Cookie Policy

We use cookies and similar technologies:

• Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
• Preference Cookies: Remember your settings (language, theme)
• Analytics Cookies: We use Plausible Analytics which doesn't use cookies

We do not use third-party advertising cookies. You can manage cookie preferences in your browser settings.

11. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will send you an email notification.

13. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: privacy@appsuitehq.com
• Data Protection Officer: dpo@appsuitehq.com
• Address: AppSuiteHQ Ltd, Rue de Lyon, Paris 75012, France.

14. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In France, this is the Commission nationale de l'informatique et des libertés (CNIL).