ToolYourApp LogoBack to App

Privacy Policy

1. An overview of data protection

General information

The following information will provide you with an easy-to-navigate overview of what will happen with your personal data when you visit this website. The term "personal data" comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Privacy Policy, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the "controller")?
The data on this website is processed by the operator of the website, whose contact information is available under section "Information about the responsible party (referred to as the "controller" in the GDPR)" in this Privacy Policy.

How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form. Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?
A portion of the information is generated to guarantee the error-free provision of the website. Other data may be used to analyze your user patterns. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other requests.

What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency. Please do not hesitate to contact us at any time if you have questions about this or any other data protection-related issues.

2. Hosting and Content Delivery Networks (CDN)

External Hosting (Vercel)

This website is hosted by an external service provider (host). The personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a website. The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

We use the following host:
Vercel Inc.
440 N Barranca Ave #4133, Covina, CA 91723, USA

Data Processing Agreement (DPA)

We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Privacy Policy. Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Privacy Policy explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

Information about the responsible party (referred to as the "controller" in the GDPR)

The data processing controller on this website is:
Enrico Zafiris
Helgolaender Str.
38518 Gifhorn
Germany
Phone: +49 176 22278979
Email: toolyourapp@gmx.net

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from "http://" to "https://" and also by the appearance of the lock icon in the browser line.

4. Data collection on this website

Cookieless Analytics (Vercel Web Analytics & PostHog)

To understand how our website is used and to improve the user experience, we use privacy-friendly analytics tools. We do not use tracking cookies that follow you across the internet, nor do we build personal user profiles.

  • Vercel Web Analytics: We collect anonymized, aggregated data about website traffic and page views.
  • PostHog: We use PostHog in its strict "cookieless" mode to analyze user interactions (e.g., button clicks). PostHog processes this data anonymously.

The use of these cookieless analytics tools is based on our legitimate interest in optimizing our website and product offerings pursuant to Art. 6(1)(f) GDPR.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises the type and version of browser used, operating system, referrer URL, hostname of the accessing computer, time of the server inquiry, and IP address. This data is recorded on the basis of Art. 6(1)(f) GDPR.

Registration, User Accounts, and Authentication (Clerk)

To provide secure user authentication and account management, we use the service provider Clerk (Clerk Inc., San Francisco, CA, USA). You have the option to register on our website to use our core features, including uploading App Store data and participating in evaluations.

When you create an account—either directly or via a third-party login like Google—Clerk processes your email address, login credentials, and basic profile information. Additionally, within your account, you may provide information regarding your app to fully utilize our tool. The processing of this account data is necessary for the performance of a contract and to provide you with our services (Art. 6(1)(b) GDPR).

Support Communications

If you reach out to us for technical assistance or general inquiries, your support communications are stored internally strictly to resolve your user issues. We do not use messy email tracking pixels or invasive monitoring in our support replies. Furthermore, we will only contact you regarding your specific support request; we will not contact you for other purposes unless you have explicitly requested it or opted in elsewhere (Art. 6(1)(b) GDPR).

5. Processing of User-Uploaded App Screenshots and Analytics

Purpose of Data Processing

A core feature of ToolYourApp allows you to upload App Store screenshots, input app information, and provide analytics data for evaluation and tool recommendations. We process this user-generated content primarily to provide you with the requested service (Art. 6(1)(b) GDPR).

Anonymous Peer Ratings and Feedback

Our platform features an interactive component where users can evaluate and provide ratings for each other's uploaded App Store screenshots. When you provide a rating or feedback on another user's content, it is displayed to them strictly anonymously. Your email address, name, or account identity will never be exposed to other users through this feature.

Strict Anonymization & Service Optimization

We want to be completely transparent with you: we use the data extracted from uploaded screenshots, as well as the anonymous peer ratings, to continuously improve our recommendation tools, train our algorithms, and optimize the overall product experience. However, to protect your privacy, we guarantee that this data is strictly anonymized and aggregated before any internal use.

This means we extract raw metrics and feedback but strip away any identifying information. We will never link your uploaded screenshots, analytics data, or peer ratings to your personal data (such as your name, email address, or developer account). Once the data is fully anonymized so that it can no longer be linked to a specific person or account, it is no longer considered personal data under the GDPR.

The processing of this data for the purpose of improving our services is based on our legitimate business interest (Art. 6(1)(f) GDPR) in advancing our technology and fostering a valuable community feature, with the strict safeguard of anonymization protecting your fundamental rights and freedoms.

6. Artificial Intelligence & Third-Party Tools

Use of Artificial Intelligence (OpenAI API)

To analyze your uploaded App Store Connect screenshots and provide app growth suggestions, we utilize the API of OpenAI (OpenAI Ireland Ltd., Dublin, Ireland). When you initiate an analysis, your screenshot is transmitted securely to OpenAI’s servers. According to OpenAI's Enterprise and API privacy policies, the data submitted via the API is not used to train their artificial intelligence models. The processing of this data is based on the fulfillment of a contract/pre-contractual measures (Art. 6(1)(b) GDPR).

For more information, please refer to the OpenAI Privacy Policy:
https://openai.com/policies/privacy-policy

Affiliate Programs

We participate in affiliate marketing programs. If you click on one of these affiliate links and make a purchase on the partner's website, we may receive a commission. When you click on an affiliate link, you leave our website. The third-party provider may then place cookies on your device to track the origin of the referral. We do not process this tracking data ourselves. The provision of affiliate links is based on our legitimate interest in monetizing our free service (Art. 6(1)(f) GDPR).

7. Newsletter

Newsletter Data & Provider (beehiiv)

If you would like to subscribe to the newsletter offered on this website, we require an email address from you. The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time by clicking the "unsubscribe" link.

Newsletter Provider: beehiiv

Our newsletters are sent using the provider "beehiiv," a platform operated by beehiiv Inc., 228 Park Ave S, PMB 27022, New York, NY 10003, USA. The email addresses of our newsletter recipients are stored on beehiiv’s servers in the USA. We have concluded a Data Processing Agreement (DPA) with beehiiv. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission and the EU-US Data Privacy Framework.

For more information, please see the beehiiv privacy policy:
https://www.beehiiv.com/privacy

8. Plugins and Tools

Google Fonts (Local Hosting)

This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google Fonts are locally installed. A connection to Google’s servers does not occur in this process.

For more information on Google Fonts, please follow this link:
https://developers.google.com/fonts/faq and consult Google’s Privacy Policy under: https://policies.google.com/privacy

Cloudflare Turnstile

We use Cloudflare Turnstile ("Turnstile") on this website. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Turnstile is used to verify whether the data entered on this website has been entered by a human or by an automated program (bot). To do this, Turnstile analyzes the behavior of the website visitor based on various characteristics. This data is transmitted to Cloudflare.

The storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings against abusive automated spying and SPAM.

Data processing is based on Standard Contractual Clauses, which you can find here:
https://www.cloudflare.com/cloudflare-customer-scc/

For more information on Cloudflare Turnstile, please refer to the privacy policy at:
https://www.cloudflare.com/cloudflare-customer-dpa/

Upstash Redis (Security & Rate Limiting)

To protect our website and API infrastructure from abusive traffic, spam, and excessive usage, we utilize Upstash Redis, a serverless database service provided by Upstash, Inc. We use this service strictly to implement request rate limiting.

When you submit an analysis request on our website, your IP address is temporarily processed and stored in an Upstash Redis database (hosted securely in Frankfurt, Germany) to count the number of requests made within a 24-hour window. This data is automatically deleted once the time window expires. Your IP address is never used to build personal user profiles or to track you across the internet.

The processing of this temporary data is based on our legitimate interest in maintaining the security, stability, and economic viability of our online services, as well as protecting against automated abuse pursuant to Art. 6(1)(f) GDPR.

Source base text: e-recht24.de