ADL
AppDataLayer
Join Waitlist

Privacy Policy

Last updated: March 2026

1. Introduction

Welcome to AppDataLayer ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Our website address is https://appdatalayer.com. For any privacy-related inquiries, please contact us at support@appdatalayer.com.

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes email address.
  • Financial Data includes payment card details. We do not store your payment information directly — all financial data is processed securely by our payment processor, Paddle.com, who acts as the Merchant of Record for all transactions.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, API, and Services, including API call frequency, endpoints accessed, and error rates.
  • Authentication Data includes your hashed password (we never store passwords in plain text). Passwords are securely hashed using industry-standard algorithms via BetterAuth before storage.

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing your API access and subscription services).
  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our services, preventing fraud).
  • Legal Obligation: Where we need to comply with a legal obligation.
  • Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., marketing communications).

4. Payment Processing (Paddle)

We use Paddle.com as our Merchant of Record. When you make a purchase, Paddle collects and processes your payment information, including your name, email address, billing address, and payment card details. This data is processed according to Paddle's own Privacy Policy.

We do not have access to your full payment card details. Paddle shares limited transaction data with us (such as transaction ID, amount, subscription status, and your email) to manage your subscription.

5. Cookies and Analytics

We use cookies and similar tracking technologies to improve your experience on our website. The types of cookies we use include:

  • Essential Cookies: Required for the operation of our website (e.g., session tokens, authentication cookies). These cannot be disabled.
  • Analytics Cookies (Landing Page only): We use Google Analytics on our public marketing website (appdatalayer.com) to understand how visitors interact with our landing pages. Google Analytics may collect data including your IP address, browser type, pages visited, and time spent on pages. Google Analytics is not used within the application dashboard or API.
  • Plausible Analytics (self-hosted): We use Plausible Analytics as a privacy-focused alternative. Plausible does not use cookies and does not collect personal data.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

6. Third-Party Services

We use the following third-party service providers to operate our platform. Each provider may process your data in accordance with their own privacy policies:

  • Paddle.com — Payment processing and billing (Merchant of Record).
  • Hetzner Online GmbH — Primary server infrastructure and database hosting (Germany/Finland). User account data and hashed passwords are stored on Hetzner servers.
  • Amazon Web Services (AWS) — Cloud computing and data processing infrastructure.
  • Cloudflare, Inc. — CDN, DNS, DDoS protection, and web security.
  • Google Analytics — Website traffic analysis.
  • Plausible Analytics (self-hosted) — Privacy-friendly website analytics.

7. International Data Transfers

Our infrastructure is distributed across multiple regions. Your personal data may be transferred to, stored at, and processed in the following locations:

  • European Union (Germany, Finland) — Primary servers and database hosting via Hetzner.
  • United States and other AWS regions — Data processing and analysis via Amazon Web Services.
  • Global (Cloudflare) — CDN and security services operate from edge locations worldwide.

Where we transfer your personal data outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your data.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include:

  • All passwords are hashed using industry-standard algorithms via BetterAuth before storage. We never store plain-text passwords.
  • All data in transit is encrypted using TLS/SSL.
  • API access is authenticated via unique API keys issued per account.
  • Access to personal data is restricted to authorized personnel only.
  • Our infrastructure is protected by Cloudflare's DDoS mitigation and web application firewall.

9. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

API usage logs (such as endpoints accessed, call frequency, and error rates) are retained to improve our product, detect abuse, and maintain service quality. When you delete your account, these logs are anonymized (all personally identifying information is removed) and may be retained indefinitely in anonymized form for product analytics. We do not delete anonymized usage data.

10. Your Legal Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data. You can delete your account and all associated data at any time.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Object: You have the right to object to our processing of your personal data under certain conditions.
  • Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at support@appdatalayer.com. We will respond to your request within 30 days.

11. Account Deletion

You may delete your account at any time through your account settings or by contacting us at support@appdatalayer.com. When you delete your account:

  • Your personal data (name, email, authentication data) will be permanently deleted within 30 days.
  • Your API keys will be immediately revoked.
  • Your subscription will be cancelled through Paddle.
  • Your API usage logs will be anonymized — all personally identifying information is stripped. The anonymized data is retained for product analytics and service improvement.

12. Children's Privacy

Our Services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children under these ages. If we become aware that we have collected personal data from a child under these ages without verification of parental consent, we will take steps to remove that information from our servers immediately.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending a notification to the email address associated with your account. We encourage you to review this Privacy Policy periodically for any changes.

14. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Turkey. Any dispute arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Turkey.

15. Contact Details

If you have any questions about this privacy policy or our privacy practices, please contact us at: support@appdatalayer.com.