apptoto privacy policy

Appoto Updated Privacy Policy and GDPR

If you are a European Union (EU) resident, or even if you are not, you are probably aware that enforcement of the General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018.  In preparation for that, we’ve made some changes to our agreements and product to comply as a data “Processor” and also as a “Controller” of personal data.

Apptoto’s Role as a Processor

Under the GDPR, Apptoto users are likely considered “Controllers” of the personal data collected by users and sent to Apptoto.  If you are considered a Controller in this circumstance, then we are a “Processor” of yours. To help us be compliant as a Processor we have done the following:

  • We created a Data Processing Agreement (DPA) that reflects the requirements of the GDPR and allows for GDPR-compliant data transfer and storage outside the EU.  Email if you would like a copy.
  • We updated our Privacy Policy to include additional specifics and be more clear about how we use and process your data.
  • We audited existing security policies and developed additional security policies to help ensure that the data you send us is safe and secure.

New features include:

  • A “Data Retention Period” setting on the “Settings” > “Advanced & Privacy” tab.   With this setting, you can select the period of time we will store certain data.  Data older than the period you select will be deleted or anonymized.
  • We can assist you in responding to data subject requests.  If you receive a request from a client to export orremove/delete their data, please let us know.


Apptoto as a Controller

Under the GDPR, Apptoto is also considered a “Controller” since we accept personal data from our users and effectively control how we process that data.  To be clear, the only processing we do (or ask 3rd parties to do) is directly related to either the services we offer or in an effort to grow our business (through standard online advertising).  Again, we’ve updated our Privacy Policy to include additional specifics and be more clear about how we process your data.

Some of the 3rd parties that we use allow for identifiable tracking inside of our web application.  This means that we can see who clicked on what buttons in the application once you have signed up for an account.  We use this data to make decisions about the product roadmap and to provide you with a high level of support. In many cases, we have figured out support issues by reviewing this data.   However, you can now opt-out of identifiable tracking on the “Settings” > “Advanced & Privacy” tab in Apptoto.   As part of our GDPR compliance effort, EU residents must now opt-in to identifiable tracking.

Lastly, we’ve cleaned up our email marketing lists.  Before, we were not doing a good job of explicitly asking new users (trials and subscribers) to subscribe to our newsletter and marketing communications.  If you are a current subscriber and are not in the EU, then we have opted you into the email newsletter by default. Otherwise, you will need to subscribe here to continue receiving our newsletter and marketing communications.

Please email if you have any questions regarding the GDPR.