This Privacy Policy (“Policy”) explains how Appsalt.com (“Appsalt,” “we,” “us,” or “our”) collects, uses, discloses, and stores personal information of the users when they enable and use the Appsalt SDK on a third-party application hosting Appsalt SDK (“Host Application”).  You can learn more about installing and using the Appsalt SDK in the Appsalt SDK Terms of Service.

If you have any questions about this Policy or how we collect and process your data, please contact us at [email protected]. 

1. Data we collect 

When you use a Host Application that incorporates the Appsalt SDK, we may collect and process specific categories of your personal data to enable and optimize SDK functionality, ensure service integrity, and enhance your experience. The categories of data we may access include:

• Registration data: Information you provide to access SDK-related features, such as your email address and encrypted password.
• Device information: Technical information about the device on which the Host Application is installed, including your IP address, operating system version, device model, last active timestamp, and static location (city and country).
• Aggregated usage statistics: Data related to your interaction with the Host Application and the SDK, such as application usage analytics, crash reports, and error diagnostics. These may be gathered through integrated analytics platforms (e.g., Google Analytics, Meta Analytics), and are used solely to analyze performance and improve service quality.
• Host application identification: Metadata specifying which Partner or Host Application is utilizing the Appsalt SDK on your device. This allows us to contextualize SDK activity and associate it with the appropriate Host Application.
• Network and connectivity information: Basic information regarding the status of your network connection, such as whether your Wi-Fi is enabled. This is necessary for facilitating SDK operations that depend on network availability.
• Communication and contact data:  If you initiate contact with us via email or through our support channels, we collect details such as your email address, name (if provided), the subject and content of your message, attachments, and our response. This data is processed solely for the purpose of managing and responding to your inquiry effectively.

Protection of children’s data

We do not knowingly collect or process personal data of children under the age of 14, or any age that would require parental or guardian consent under applicable data protection laws. The Appsalt SDK is not intended for, nor directed at, minors. If we become aware that we have inadvertently collected data from a child without proper authorization, we will take immediate steps to delete such information. If you are a parent or legal guardian and believe that your child has provided us with personal information without your consent, please contact us promptly. We will take the necessary actions to stop processing the child’s data and erase any information already collected.

2. Purposes for data collection 

The personal data outlined in Section 1 is processed for the following purposes, in alignment with the functionality of the Appsalt SDK and the services provided through Host Applications: 

• Provision of Appsalt SDK services: to deliver and maintain the core features of the Appsalt SDK, including enabling SDK functionality within Host Applications, facilitating technical integration, and communication with you regarding service availability. 
• Service maintenance, optimization, and security: to ensure the reliability, efficiency, and safety of our services, including monitoring and analyzing usage data to enhance performance; identifying and addressing technical issues (e.g., bugs, crashes); detecting, investigating, and preventing fraud, abuse, and security threats; verifying user email addresses for authentication purposes; safeguarding infrastructure to prevent unauthorized access. 
• Compliance with legal and regulatory obligations: to fulfill our obligations under applicable laws and regulations, including adhering to data access, record-keeping, and tax reporting requirements; enforcing the Appsalt SDK Terms of Service; exercising and defending our legal rights in disputes or regulatory proceedings.
• Marketing and promotional activities: to inform users about services, special offers, including sending marketing communications where permissible. You may opt out of marketing communications at any time. 

3. Legal basis for data processing

We process your personal data under the following legal grounds: 

• Performance of a contract:  We process your personal data when it is necessary for the performance of a contract between you and AppSalt, specifically, the delivery of SDK functionality within a Host Application, including user onboarding, related support services.
• Legitimate interests: We rely on our legitimate interests to process personal data in ways that are essential to the operation and improvement of our services. These include: enhancing user experience and application functionality; maintaining service integrity and platform security; managing user communications and inquiries; promoting our services through non-intrusive marketing.
• Consent: in certain cases, such as sending direct marketing communications, we process your personal data based on your consent. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.  

4. Data retention

We retain your personal data only as long as necessary for the purposes outlined in this Policy. If the data is no longer required for a purpose pursued by us and there are no legal obligations to retain it (e.g., tax retention periods to which we are subject), we delete personal data. We only store personal data to the extent that it is necessary to comply with our legal obligations, particularly statutory retention periods, and for the establishment, exercise, or defense of legal claims. Specific retention periods include:

Service provision-related data:	5 years after the end of contractual or other relationships with you
Communication data:	2 years after resolving your inquiry unless required longer for legal purposes
Usage data:	aggregated data may be retained indefinitely in anonymized form
Compliance data  (refers to the data that is collected for the purpose of compliance with legal and regulatory obligations)	10 years
Website functionality and analytics data	up to 1 year

 

5. Data sharing 

We do not sell your personal data for commercial business purposes. However, we may share your data with data recipients, both within and outside the European Economic Area (EEA), in cases where necessary for the above described purposes and allowed in accordance with applicable laws.

Recipients/  categories of recipients	Location of the recipient	Legal basis for transferring data outside the EEA
Hetzner Online GmbH (data storage providers)	EU	–
Google Ireland Ltd (web and application usage analytics providers)	EU	–
Google LLC (web and application usage analytics providers)	US	Standard Contractual Clauses by the European Commission
Our business partners, clients with whom we may share your location and IP data in order to enable them to access and collect data from public internet resources (e.g., various websites) (such data sharing is necessary for the performance of the contract between you and Appsalt).	Worldwide	In cases where we transfer data outside the EEA, we rely on, Standard Contractual Clauses by the European Commission
State, governmental, law enforcement institutions, courts, and regulatory authorities (when we are obliged to disclose information by law; when we exercise our legal rights to defend our interests in legal processes to which Appsalt is a party).	Worldwide	In cases where we transfer data outside the EEA, we rely on the condition that the transfer is necessary for the establishment, exercise, or defense of legal claims.

6. Statutory data protection rights

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the rights listed below.

Right	When is this right applicable?
Right of access, right to know about the personal information collected, disclosed	When you seek to obtain confirmation as to whether we collect or otherwise process personal data concerning you, and, where that is the case, access to the personal data and the information about the data processing. Once we receive and verify your request, we will disclose to you the categories of data we collected about you, the categories of sources for the data we collected about you, our business or commercial purposes for collecting that personal information, the categories of third parties with whom we share that data, the specific pieces of data we collected about you and other information that we are obliged to provide under the applicable laws.
Right to rectification	When you seek to obtain from us the rectification of inaccurate personal data concerning you.
Right to erasure (‘right to be forgotten”)	– When personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; – when you withdraw consent on which the processing is based and there is no other legal ground for the processing; – when you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes; – where the personal data have been unlawfully processed; – where the personal data have to be erased for compliance with a legal obligation; – where the personal data have been collected in relation to the offer of information society services directly to a child and subject to a consent.
Right to restriction of processing	– Where the accuracy of the personal data is contested by you; – where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; – where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; – where you have objected to processing.
Right to data portability	Where you seek to receive the data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.
Right to object	Where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, as explained in Section 3 of this Policy, or where you object to the collection of your personal data for direct marketing purposes.
Right to withdraw consent	Where the processing is based on consent, as explained in Section 3 of this Policy, and you seek to withdraw it at any time.
Right to lodge a complaint	Where you want to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.
Right not to receive discriminatory treatment while exercising rights	When you exercise your rights enshrined in applicable laws, you also have the right to non-discrimination. For example, because you exercised your rights under applicable laws, you will not be denied any services, charged with a different price, provided a different quality of goods and services etc.

7. No automated individual decision-making, including profiling

We do not make decisions based solely on automated processing, including profiling, which would produce legal effects concerning you. However, for security purposes, we use algorithms to decide whether there are any abnormalities in our user base. In case the algorithms show such abnormalities, the related activities are submitted for a human review and may result in suspension or (in the most extreme cases) termination of our services.

8. Cookies or similar tracking technologies

We use cookies to collect information from the device you use to access our services. Cookies are small text files containing an identifier that is sent by a web server to your web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. We use cookies and similar technologies to enhance user experience, analyze traffic, and provide functionality. 

For a detailed list of the cookies we use, their purposes, and duration, please see the AppSalt SDK cookie list below. 

Cookie Category	Cookie name	Cookie purpose	Cookie expiry
Necessary	bscookie	This cookie is used to identify the visitor through an application. This allows the visitor to login to a website through their LinkedIn application for example.	1 year
	li_gc	Stores the user’s cookie consent state for the current domain.	180 days
	ZD-suid	Unique id that identifies the user’s session.	Persistent
Statistics	_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
	_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day
	_gat	Used by Google Analytics to throttle request rate.	1 day
	_clck	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	1 year
	_clsk	Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator.	1 day
	_cltk	Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator.	Session
	_ga_#	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years
	AnalyticsSyncHistory	Used in connection with data synchronization with third-party analysis service.	30 days
	c.gif	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	Session
	CLID	Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner.	1 year
	collect	Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels.	Session
	ln_or	Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator.	1 day
	ZD-buid	A unique id that identifies the user on recurring visits.	Session

Essential cookies are enabled by default because they are a prerequisite for our website to function. However, we respect your preferences concerning non-essential cookies, and you can easily manage and disable cookies on our website. You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies, you may be unable to access certain areas or features. You can control the use of functionality cookies, targeting cookies, or advertising cookies by adjusting your browser settings. 

9. Updates to this Policy
We reserve the right to amend this Policy unilaterally from time to time. Any changes will become effective immediately upon publication. Please check our website regularly to stay informed of the latest version of this Policy. If we make significant changes to this Policy, we will take reasonable steps to notify you in advance. Notifications may include emails (where possible), pop-up messages on our website or applications, or other appropriate methods based on specific circumstances.

This version was last reviewed and is effective as of September 18, 2025.