Appylo Privacy Policy

Last Updated: 21.11.2024

Appylo, Inc. (hereinafter referred to as "Company," "We," "Us," or "Our") provides a website and multiple mobile applications (collectively referred to as the "Platform") to offer various services (the "Services").

This Privacy Policy ("Policy") describes the Company's practices and policies regarding the use and processing of personal information while providing the Services. It outlines the types of personal information we collect through our website, https://www.appylo.co, and our mobile applications available on the Google Play Store or Apple App Store. It also explains how we use that information, our legal basis for doing so, with whom we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy does not apply to third-party sites, products, or services, even if they link to our Services or Platform, and you should consider the privacy practices of those third parties carefully.

By acknowledging this Policy, you accept the practices described herein (including new versions of this Policy when they go into effect) and our Terms of Use (the "Terms"), which govern this Policy and contain disclaimers of warranties and limitations of liabilities.

DEFINITIONS

Capitalized words not defined in this Privacy Policy are defined in our Terms. It is important to read this Policy alongside the Terms to understand the key concepts provided and explained therein.

The words with the initial letter capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural form.

Business: For the purpose of the CCPA, refers to the Company as the legal entity that collects consumers' personal information and determines the purposes and means of the processing of consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
CCPA: Means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”) (collectively, “California Privacy Laws”).
Company: Refers to Appylo, Inc., a corporation incorporated and validly operating in the State of Delaware, having its registered address at: Appylo, Inc. 8 The Green STE DDover, DE 19901 USA
For the purposes of the GDPR, the Company is the Data Controller.
Consumer: For the purpose of the CCPA, means a natural person who is a California resident. A resident, as defined in the law, includes (i) every individual who is in the USA for other than a temporary or transitory purpose, and (ii) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
Data Controller: For the purposes of the GDPR, means the legal person which determines the purposes and means of the processing of personal data alone or jointly with others.
Data Subject: Means a natural person who can be identified or rendered identifiable through the personal data related to them.
Device: Means any device that is suitable to access the Service such as a computer, a cellphone, or a digital tablet with an internet connection.
Do Not Track (DNT): Is a concept promoted by U.S. regulatory authorities, particularly the U.S. Federal Trade Commission (FTC), for the internet industry to develop and implement a mechanism allowing internet users to control the tracking of their online activities across websites.
GDPR: Means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "EU GDPR"); and (ii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR"); in each case as may be amended or superseded from time to time.
Personal Information/Personal Data: Means any information that relates to an identified or identifiable individual.
- For the purposes of the UK & EU GDPR, personal data means any information relating to you such as a name, an identification number, location data, online identifier, or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.
- For the purposes of the CCPA, personal information means any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.
- For the purposes of this Policy, the term "Personal Information" may be used interchangeably with "Personal Data."
Personal Data Breach: Means a breach of security, whether accidental or intentional, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
Personal Data Protection Legislation: Means any applicable personal data protection legislation at the time and place of data processing activity, including but not limited to the CCPA and GDPR.
Sale of Data: For the purposes of the CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to another business or a third party for monetary or other valuable consideration.
Service Provider: Any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
- For the purpose of the UK GDPR, service providers are considered data processors.
Third Party: Means any other natural or legal person that is not part of the Company.
Third-Party Services: Means any product that third-party service providers submit to users for the proper performance of the Platform.
Third-Party Service Provider: Means any tool, website, or application which a user can benefit from.
UK GDPR: United Kingdom General Data Protection Regulation signed into law on January 1, 2021. The UK GDPR forms part of the data protection regime in the UK, together with the Data Protection Act 2018 (“DPA”). The main provisions of this apply, like the GDPR, from May 25, 2018.
Usage Data: Means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Platform: Means the website and subdomains, and other media including all of their respective features and content belonging to the Company, accessible from https://appylo.co and our mobile applications with the same name and function, accessible from the App Store or Google Play Store.
User: Refers to the individual accessing or using the Platform and Services, or the legal entity on behalf of which such individual is accessing or using the Platform and Services, as applicable.
- For the purpose of the GDPR, you can be referred to as the Data Subject.

HOW WE COLLECT DATA

We collect personal information concerning you from various sources to provide the Services and manage the Platform. We also obtain information from you and from third parties as detailed below.

Please note that if you decline to provide any required information requested by the Company, you may not be able to take full advantage of the Services and their features.

a) Platform Users and the Services

We collect information from and about you and your transactions and other interactions with us. This includes, but is not limited to, when you:

Visit our Platform.
Use the Services.
Leave comments or feedback about our Services.
Reach out to us through customer support.
Contact us through the Platform, email, or any other channels provided by the Company.

b) Third-Party Integrations (Service Providers)

We utilize third-party service providers to offer certain Services on our behalf when personal data is necessary for them to perform their duties. These service providers are prohibited from using personal information for any other purpose and are contractually obligated to comply with all applicable laws and requirements.

Third-party service providers are bound by their own use and privacy policies, and the Company cannot be held responsible for their actions that violate any rights arising from personal data protection legislation.

We strongly advise you to read the terms and conditions and privacy policies of any third-party service providers or websites you visit.

c) Third-Party Analytics and Advertisements

We may use third-party analytics tools to understand how our Services are used and to improve their functionality. Any data shared with these providers is anonymized or aggregated to protect user privacy. We do not share identifiable personal data with third parties for advertising purposes.This helps us or those third parties serve more targeted advertising to you across our media channels. These third parties may use technologies such as cookies, web beacons, pixel tags, log files, flash cookies, or other technologies to collect and store information. They may also combine information they collect from your interaction with the Platform with information they collect from other sources, which is subject to the third party’s control and privacy practices.

d) Cookies and Automatic Collection Methods

We may also collect information about your online activities on the Platform and your devices over time and across third-party websites, devices, apps, and other online features and services.

This collection includes automatically collected information and generally does not include personal information unless you provide it through our Platform or choose to share it with us by other means. Methods we use include:

Cookies: Small data files stored on your device or in connection with your internet browser.
Web Beacons or Tags: Small images embedded into websites or emails that send information about your device when you visit our Platform or open an email we send to you.
Platform Log Files: Created automatically in connection with your access to and use of our Platform.

To learn more about the cookies that may be served through our Platform and how users can control our use of cookies and third-party analytics, please see our Cookie Policy section.

TYPES OF DATA COLLECTED
a) Personal Data We Collect from Users

While using our Services, we may ask you to provide certain personally identifiable information, which can be used to enable your transactions, manage registrations, contact you, or identify you. This information may include, but is not limited to:

Identifiers and Contact Information: First name, last name, email address, phone number, username, biological sex at birth, birthday, account password, country of residency.
Communications and Interactions: Email messages, text messages, phone calls exchanged with you, customer support communications, reviews, comments, feedback, ratings, and other usage data.
Device Information: IP address, internet provider, operating system and browser used, type of device (e.g., laptop or smartphone), device cookie settings, and other device details.

You may also opt-in to submitting information through other methods, including:

Participating in an offer, program, or promotion.
Through our social media accounts or online forums.
In connection with a real or potential business relationship with us.
In response to our marketing or other email communications.
By providing us with your business card or contact information.

b) Information We Collect Automatically on Our Platform and Services

Our Platform uses cookies and other technologies to function effectively. These technologies record information about your usage of our Platform, including:

Browser and Device Data: IP address, device type, internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, brand, model, technical specifications, and operating system information.
Preference Information: Your marketing and communication preferences, account settings, indicated preferences, types of services/offers that interest you, areas of our Services you have visited, and ways you interact with our Services.
Usage Data: Time spent on the Platform, pages visited, links clicked, bounce rate, scroll percentage, language preferences, views, Platform usage time, communication preferences, interactions with in-platform notifications/offers/campaigns, habits, favorites, likes, behaviors, preferences, search activities, segments, cookie records, ad identifiers, device ID, and referring pages.

While using our Services, and with your prior permission, we may collect photos, files, and other information from your device's contacts, camera, voice recording/photo library, and files to provide features of our Platform. This information may be uploaded to the Company's servers and/or a service provider's server or simply stored on your device. For example, when you use features that require access to your device's camera, we will request your permission. You can enable or disable access to this information at any time through your device settings.

We may also collect information about your online activities on the Platform and connected devices over time and across third-party sites, devices, apps, and other online features and services. We use web log analysis software (e.g., Google Analytics) on our Platform to help us analyze your use and diagnose technical issues.

Please note that the Google Play Store and Apple App Store have their own privacy policies and practices, which we encourage you to read before downloading our mobile applications.

USE OF PERSONAL DATA
a) Our Services

We use the information we collect to conduct our business and provide you with the best possible products, Services, and online experiences. We rely on several legal grounds to ensure that our use of your personal data is compliant with applicable law. We use personal data to facilitate business relationships with our users, comply with legal obligations, pursue our legitimate business interests, and, if necessary, based on your prior explicit consent.

Pre-contractual, Contractual, and Post-contractual Business Relationships

We use personal information to enter business relationships with prospective users and to perform contractual obligations under contracts we have with our users. Examples include:

Providing Services:
- Deliver information or services or process transactions you have requested or agreed to receive.
- Enable you to participate in various Service features.
Processing Account Registration: Verify your information is active and valid.
Verifying, Responding, or Communicating with You:
- When you register with the Platform.
- Make a request or inquiry through any dedicated channel, including FAQs.
- Ask for customer support through any dedicated channel, including interactive customer support chat.
- Share a comment, feedback, review, or concern regarding the Services.
Fulfilling Customer Requests: We may use third-party service providers to handle customer support channels. Please note that any personal data you share during communication through support channels is subject to this Policy. Customer support personnel do not require any personal data other than your credentials and contact information. Please do not share additional information unless requested. Support channels may forward you to an authorized expert to solve your problem.
Maintaining Our Legal Relationship: Communicate with you and fulfill our obligations arising from contracts between you and the Company.

Legal and Regulatory Compliance

We use personal data to verify the identity of our users to comply with applicable laws. These obligations are imposed by law, industry standards, and our financial partners, and may require us to report compliance to third parties and submit to third-party verification audits. Examples include:

Accounting, auditing, and billing activities.
Responding to court orders, lawsuits, subpoenas, and government requests.
Addressing legal and regulatory compliance.

Legitimate Business Interests

We rely on our legitimate business interests to process certain personal data concerning users. We have identified the following business purposes as legitimate, balancing our interests against the rights of individuals:

Mitigating financial loss, claims, liabilities, or other harm to users and the Company.
Ensuring security and integrity of our Platform and business, protecting against and preventing fraud, unauthorized transactions, claims, and liabilities, and managing risk exposure.
Responding to inquiries, sending service notices, and providing customer support.
Promoting, analyzing, modifying, and improving our products, systems, tools, and Services, and developing new Services to increase functionality and user-friendliness.
Managing, operating, and improving the performance of our Platform and Services by understanding their effectiveness and optimizing our digital assets.
Conducting aggregate analysis and developing business intelligence to operate, protect, make informed decisions, and report on business performance.
Sharing personal data with third-party service providers and business partners who help us operate and improve our business.
Ensuring network, application, and information security throughout the Platform and our Services.

If we need to use your personal data in any other way, we will notify you at the time of collection and, if required by relevant legislation, obtain your consent.

b) Marketing and Events-related Communications

We may send you email marketing communications about the Company and its Services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided we do so in accordance with applicable consent requirements. When we collect your business and contact details through trade shows or other events, we may use the information to follow up with you, send information you have requested, and, with your permission, include you in our marketing campaigns. These events may be online or in-person.

HOW WE SHARE PERSONAL DATA

The Company may share your personal data to:

Satisfy any applicable law, regulation, legal process, or governmental request.
Enforce this Policy and our Terms and Conditions, including investigating potential violations.
Detect, prevent, or address fraud, security, or technical issues.
Respond to your requests.
Protect our rights, property, or safety, users, and the public.
Fulfill our obligations arising from contracts with our users.

We share personal data with a limited number of our service providers. These providers offer services on our behalf, such as website hosting, data analysis, information technology, customer service, email delivery, and auditing. They may need access to personal data to perform their services. We authorize them to use or disclose personal data only as necessary to perform services on our behalf or comply with legal requirements. They are contractually obligated to protect the security and confidentiality of personal data they process on our behalf.

We may disclose information in aggregate form to third parties relating to user behavior in connection with actual or prospective business relationships, such as advertisers and content distributors.

We may share personal information with third parties we work with for our purposes. In general, we do not share personal information about you with third parties for their marketing or advertising purposes. For information about your choices regarding online advertising practices, please see the "Exercising Your GDPR Privacy Rights" and "Exercising Your California Privacy Rights" sections below.

Third parties are prohibited from using personal information for any other purpose and are contractually obligated to comply with all applicable laws and requirements.

We will encourage our service providers to adopt and post transparent privacy policies. However, their use of your personal information is governed by their privacy policies and is not subject to our control. You acknowledge that we are not responsible for violations caused by our service providers.

We share personal data with third-party service providers only when necessary to provide or improve our Services to you. These providers are prohibited from using personal data for any other purposes and are contractually obligated to comply with all applicable laws. We do not sell or transfer personal data to third parties for marketing or advertising purposes unless you have provided explicit consent.

Business Transfers

In the event we enter into or intend to enter into a transaction that alters our business structure—such as a reorganization, merger, acquisition, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets, or stock—we may share personal data with third parties to facilitate and complete the transaction. This may include the sale or transfer of our mobile applications or other assets to another party. In such cases, we will ensure that the recipient agrees to protect the privacy of your personal data in a manner consistent with this Privacy Policy.

EUROPEAN UNION AND UNITED KINGDOM PRIVACY INFORMATION ("GDPR PRIVACY")

Your Rights and Choices Under the EU GDPR & UK GDPR

Appylo, Inc. respects the confidentiality of your personal data and ensures you can exercise your rights.

Under this Policy, and by law if you are within the UK or EU, you have the right to:

Right of Access: Obtain confirmation from us as to whether or not personal data concerning you is processed and, where that is the case, access such personal data.
Right to Rectification: Request rectification of inaccurate personal data and provide additional personal data to complete incomplete personal data.
Right to Erasure ("Right to be Forgotten"): In certain cases, request the erasure of your personal data.
Right to Restriction of Processing: Request restriction of processing for a certain period and/or in certain situations.
Right to Data Portability: Receive your personal data from us in a structured format and transmit such data to another controller.
Right to Object: In certain cases, object to the processing of your personal data, including profiling. Object to further processing of your personal data collected for direct marketing purposes.
Right Not to Be Subject to Automated Decision-Making: Not be subject to a decision based solely on automated processing.
Right to File a Complaint: File complaints with the applicable data protection authority regarding our processing of your personal data.
Right to Compensation for Damages: Claim damages from us for any breach of applicable legislation on the processing of your personal data.

Exercising Your UK & EU GDPR Data Protection Rights

You have the right to complain to a data protection authority about our collection and use of your personal data. If you are a resident of the United Kingdom, you may contact the Information Commissioner's Office (ICO). If you are a resident of the European Economic Area (EEA), please contact your local data protection authority. However, we would appreciate the opportunity to address your concerns before you approach a data protection authority.

You may exercise your rights of access, rectification, cancellation, and opposition by contacting us at hello@appylo.co. Please note that we may ask you to verify your identity before responding to such requests. We will endeavor to respond as soon as possible.

CCPA PRIVACY

Your Rights and Choices Under the CCPA

Under this Privacy Policy, and by law if you are a resident of California, you have the following rights:

Right to Notice: Be properly notified of which categories of personal data are being collected and the purposes for which it is being used.
Right to Access / Right to Request: Request and obtain information regarding the disclosure of your personal data collected in the past 12 months to third parties for direct marketing purposes.
Right to Say No to the Sale of Personal Data: Ask the Company not to sell your personal data to third parties.
Right to Know About Your Personal Data: Request and obtain information regarding:
- Categories of personal data collected.
- Sources from which personal data was collected.
- Business or commercial purpose for collecting or selling personal data.
- Categories of third parties with whom we share personal data.
- Specific pieces of personal data we collected about you.
Right to Delete Personal Data: Request the deletion of your personal data collected in the past 12 months.
Right Not to Be Discriminated Against: Not be discriminated against for exercising any of your consumer rights, including:
- Denying goods or services.
- Charging different prices or rates, including discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services.
- Suggesting you will receive a different price or rate or different level or quality of goods or services.

Exercising Your CCPA Data Protection Rights

To exercise any of your rights under the CCPA, and if you are a California resident, you can email us at hello@appylo.co.

We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Do Not Sell My Personal Information

We do not sell personal information. However, the service providers we partner with may use technology that could be considered a "sale" under the CCPA.

If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.

Platform

You can opt out of receiving personalized ads served by our service providers by following our instructions presented on the Service:

From our "Cookie Consent" notice banner.
From our "CCPA Opt-out" notice banner.
From our "Do Not Sell My Personal Information" notice banner.

The opt-out will place a cookie on your computer unique to the browser you use. If you change browsers or delete cookies, you will need to opt out again.

Please note that any opt-out is specific to the browser you use. You may need to opt out on every browser you use.

Mobile Devices

Your mobile device may allow you to opt out of the use of information about the apps you use to serve ads targeted to your interests:

"Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices.
"Limit Ad Tracking" on iOS devices.

You can also stop the collection of location information from your mobile device by changing your device preferences.

"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third-party websites track your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California residents under 18 who are registered users of online sites, services, or applications can request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if you are a California resident, you can contact us using the contact information provided and include the email address associated with your account.

Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online, and the law may not permit or require removal in certain circumstances.

SECURITY AND RETENTION

We make reasonable efforts to provide you with an appropriate level of security relative to the risk associated with the processing of your personal data. We take organizational, technical, and administrative measures designed to protect your personal data against unauthorized access, destruction, loss, alteration, or misuse. Your personal data may only be accessed by a limited number of personnel who need access to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you believe your interaction with us is no longer secure (e.g., you think your account is compromised), please contact us immediately.

We retain your personal data as long as we are providing Services to you. We retain personal data after we cease providing Services to comply with legal and regulatory obligations, tax, accounting, and financial reporting obligations, contractual commitments to our financial and business partners, and where data retention is mandated by supported payment methods. We do so in accordance with any limitation periods and records retention obligations imposed by applicable law.

We also take measures to delete your personal information or keep it in a form that does not permit identifying you when it is no longer necessary for processing purposes unless required by law to keep it longer. When determining the retention period, we consider criteria such as the type of Services requested or provided, the nature and length of our relationship with you, possible re-enrollment with our products or Services, the impact on the Services we provide if we delete some information, mandatory retention periods provided by law, and the statute of limitations.

INTERNATIONAL DATA TRANSFERS

We are a global business. Personal data may be stored and processed in any country where we have operations or engage service providers. We may transfer personal data we maintain about you to recipients in countries other than the country in which the personal data was originally collected. Those countries may have different data protection rules. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your personal data remains protected as described in this Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those countries may be entitled to access your personal data.

USE BY MINORS

The Services are not directed to individuals under the age of eighteen (18) for California residents and sixteen (16) for United Kingdom citizens, and they should not provide personal data through the Services. If you believe a minor has provided us with personal information, please contact us.

UPDATES TO THIS POLICY AND NOTIFICATIONS

We may change this Policy from time to time to reflect new services, changes in our personal data practices, or relevant laws. The "Last Updated" date at the bottom of this Policy indicates when it was last revised. Any changes are effective when we post the revised Policy on the Platform. We may provide disclosures and alerts regarding the Policy or personal data collected by posting them on our Platform and, if you are a user, by contacting you through the email address you provided.

LINKS TO OTHER WEBSITES

The Services may provide the ability to connect to other sites. These sites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, use, or the privacy practices of its operator.

JURISDICTION

Appylo, Inc. focuses on multinational compliance regulations, including the United Kingdom General Data Protection Regulation ("UK GDPR"), the European Union's General Data Protection Regulation ("GDPR"), and United States Privacy Laws, to ensure privacy is a priority. You have the right to request further information on our personal data processing activities based on your country's laws.