Skip to main content

Privacy Policy

Last updated: March 22, 2026

1. Introduction

Appfiliate ("we", "our", "us") operates the appfiliate.io website and the Appfiliate platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. By using Appfiliate, you consent to the practices described in this policy.

2. Information We Collect

We collect information in the following ways:

Information you provide directly:

  • Account Information: Name, email address, and password when you create an account. If you sign in with Google, we receive your name and email from Google.
  • App Data: App name, store URLs, and API credentials we generate for you.
  • Payment Information: Payments are processed by Stripe. We do not store credit card numbers. We store your Stripe customer ID and subscription status.

Information collected automatically:

  • Attribution Data: When end users click tracking links and install apps, we collect IP addresses, user agents, device models, operating system versions, and timestamps for the purpose of install attribution. We do not collect advertising identifiers (IDFA) or require App Tracking Transparency (ATT) prompts.
  • Usage Data: Pages visited, browser type, referring URLs, and interaction data when you use our website and dashboard.
  • Technical Data: Browser type, operating system, screen resolution, and language preferences.

Information from third parties: If you connect a subscription platform (e.g. RevenueCat, Stripe), we receive purchase and subscription event data through webhooks for the purpose of revenue attribution.

3. How We Use Your Information

  • To provide, operate, and maintain the Appfiliate platform
  • To attribute app installs to tracking links
  • To display analytics and reports in your dashboard
  • To process payments and manage subscriptions
  • To send transactional emails (invitations, account notifications)
  • To respond to your inquiries and support requests
  • To improve our services, fix issues, and develop new features
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following service providers who process data on our behalf:

  • Firebase / Google Cloud (US): Database hosting, authentication, and cloud functions
  • Stripe (US): Payment processing and subscription management
  • Vercel (US): Website and dashboard hosting
  • Resend (US): Transactional email delivery

We may also disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. International Data Transfers

Appfiliate is operated from New Zealand. Your data may be transferred to and processed in the United States through our service providers (Firebase, Stripe, Vercel, Resend). By using Appfiliate, you consent to the transfer of your data to these jurisdictions. We ensure our service providers maintain appropriate data protection standards.

6. Data Retention

We retain your account data for as long as your account is active. Attribution data (clicks, installs) is retained for the duration of your subscription. If you delete your account, we will delete your personal data within 30 days. Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and service improvement purposes.

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), secure authentication, access controls, and regular security reviews. API keys are generated uniquely per app and can be regenerated at any time. While we take reasonable precautions, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled.
  • Functional cookies: Remember your preferences (e.g. demo mode, dashboard settings).

We do not use advertising, retargeting, or third-party tracking cookies. Our attribution system does not use cookies — it relies on contextual matching and platform referrer APIs.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request a machine-readable export of your data
  • Restriction: Request that we limit processing of your data
  • Objection: Object to processing of your data for certain purposes
  • Withdraw consent: Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at support@appfiliate.io. We will respond within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the "sale" of personal information — we do not sell personal information
  • The right to non-discrimination for exercising your privacy rights

To make a request, contact us at support@appfiliate.io.

11. Marketing Communications

We may send you product updates and announcements by email. You can opt out of marketing emails at any time by clicking the unsubscribe link in any email, or by contacting us. Opting out does not affect transactional emails (e.g. billing receipts, security notifications).

12. Children's Privacy

Appfiliate is not directed at individuals under 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

13. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by email at least 30 days before the changes take effect. Non-material changes take effect upon posting. The "Last updated" date at the top reflects the most recent revision. Continued use of Appfiliate after changes constitutes acceptance.

14. Contact

If you have questions about this privacy policy or how we handle your data, contact us at support@appfiliate.io.