Appycentric Privacy Policy

Version 1.0 — Effective 01 June 2025

1. Who We Are

Appycentric d.o.o. ("Appycentric", "we", "us") is a limited‑liability company incorporated in Serbia (company reg. no. 21948446) with its registered seat at Janka Veslinovica 36, 21000 Novi Sad, Serbia. with a mission to help builders build software at speed and scale. We design and operate the Appycentric platform, which allows customers to wrap their own APIs or data‑processing workloads into fully managed, revenue‑ready SaaS products.

2. Scope of This Policy

This Privacy Policy explains how we collect, use, disclose and protect personal data when you (a) visit appycentric.com or any sub‑domain that links to this Policy, (b) open an Appycentric account, (c) interact with the Appycentric platform or (d) otherwise engage with our services or marketing communications. It applies globally, including to individuals located in the European Economic Area ("EEA"), United Kingdom, Switzerland, United States and any other jurisdiction where we operate.

3. What Data We Collect

3.1 Data You Provide to Us

  • Account identifiers (name, surname, title, company, postal address, email, telephone).
  • Authentication credentials (hashed passwords, API tokens).
  • Billing and payment details (VAT/Tax ID, credit‑card last 4 digits).
  • Support content (tickets, screenshots, debug logs) that you choose to share.
  • Marketing preferences and feedback you submit via surveys or forms.

3.2 Data We Collect Automatically

  • Log files — IP address, user‑agent, time stamps, request/response metadata.
  • Usage telemetry — API endpoints invoked, execution metrics, quota consumption.
  • Device and connection data — browser type, language, referring URL, cookies or similar identifiers.

3.3 Data from Third Parties

  • Payment processors (e.g., Stripe) return transaction status and fraud signals.
  • Marketing partners provide campaign performance stats tied to anonymous IDs.

4. How & Why We Use Your Data

We process personal data only when allowed under applicable privacy laws. Our main purposes are:

  • Contract performance — to create and secure your account, deliver platform functionality, provide support, issue invoices and collect payments.
  • Legitimate interest — to prevent fraud, secure the service, measure product usage, and improve features (following a documented balancing test).
  • Consent — to send marketing newsletters, deploy non‑essential cookies, or post testimonials.
  • Legal obligation — to meet accounting, tax, or regulatory reporting duties.

5. Cookies & Similar Technologies

We use first‑party and limited third‑party cookies to (a) remember login sessions, (b) analyse traffic (aggregated), and (c) personalise documentation. Non‑essential cookies are disabled by default in the EEA/UK unless you opt‑in via our banner.

6. Sharing & Disclosure

We only share personal data with:

  • Service providers acting under a Data‑Processing Agreement (cloud hosting, payment gateways, customer‑support SaaS, analytics vendors).
  • Resellers & integration partners when you explicitly authorise them.
  • Authorities if legally required (e.g., court orders, law‑enforcement requests).
  • Group companies under an intragroup processing agreement.

7. International Transfers

Appycentric’s primary servers are located in the EEA and the United States. If we transfer personal data outside the EEA/UK or another region with data‑transfer restrictions, we rely on:

  • EU‑US Data Privacy Framework certification,
  • Standard Contractual Clauses (2021/914/EU) plus a transfer impact assessment, or
  • Data‑processing addenda approved by the Serbian Commissioner for Information of Public Importance and Personal Data Protection.
  • Data‑processing addenda approved by a commissioner for Information of Public Importance and Personal Data Protection.

8. Data Retention

We retain account data as long as your subscription is active, then archive key records for up to 6 years to comply with tax and anti‑fraud obligations. Logs are anonymised or deleted after 180 days unless security investigation requires longer retention.

9. Security Measures

  • TLS 1.3 encryption in transit and AES‑256 at rest.
  • Multi‑tenant isolation at the network and container layer.
  • ISO 27001‑aligned policies and quarterly external vulnerability scans.
  • 72‑hour breach notification procedure (EU/UK GDPR), and immediate assessment for US state laws (e.g., 30‑day window in California).

10. Your Rights

Depending on where you live, you may have the right to:

  • Access, correct or delete your personal data.
  • Receive a portable copy (data portability).
  • Object to or restrict certain processing.
  • Opt‑out of the sale or targeted advertising of your personal data (US state laws).
  • Withdraw consent at any time (without affecting prior processing).

You can exercise these rights by emailing privacy@appycentric.com. We will respond within 30 days (EU/UK) or the shortest timeframe required by your jurisdiction.

11. EU & UK Representation

For individuals in the EEA, as well as for UK individuals, our appointed representative under GDPR Article 27 is reachable at:

QSP Quality Software Products Limited
77 Strovolou Avenue, Strovolos Center 204
2018 Strovolos, Nicosia, Cyprus 
Email: eurep@appycentric.com
Email: eurep@appycentric.com

12. Contact Us

If you have questions about this Policy or our privacy practices, please contact our Data Protection Officer:

Stasa Cvejic
Appycentric d.o.o.
Janka Veselinovica 36
21000 Novi Sad, Serbia
Email: dpo@appycentric.com
Email: dpo@appycentric.com

13. Changes to This Policy

We will update this Privacy Policy to reflect changes in our practices, regulatory requirements, or for other operational reasons. If changes are material, we will notify account owners via email at least 30 days before the effective date.

© 2025 Appycentric d.o.o. All rights reserved.

© 2025 Appycentric Limited Liability Company. All rights reserved.

Appycentric   |   apps (at) appycentric.com   |   +381 (66) 5852461   |   About   |   Privacy Policy   |   Contact