Last updated: 3 September 2025 - Privacy policy

1. Introduction

Welcome to Appfleece, s.r.o. ("Company", "we", "our", "us")! As you have just clicked our Privacy Policy, please pause, grab a cup of coffee and carefully read the following pages. It will take you approximately 20 minutes.

Our Privacy Policy governs your visit to appfleece.com, appfleece.cz, and any related subdomains, use of our consulting services, and use of our applications, and explains how we collect, safeguard and disclose information that results from your use of our Service.

We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Services.

Our Terms of Service ("Terms") govern all use of our Service and together with the Privacy Policy constitutes your agreement with us ("agreement").

Company Details: Appfleece, s.r.o. is a company registered with the Regional Court in Hradec Králové, file number C 54909, incorporated on 26 June 2025. Company number: 234 22 971. Registered office: Jana Palacha 363, Zelené Předměstí, 530 02 Pardubice, Czech Republic.

Data Controller: For the purposes of data protection law, Appfleece s.r.o. is the data controller responsible for your personal information.

Data Protection Officer: For all GDPR matters and data protection inquiries, contact Jan Nemec, Co-founder, at jan@appfleece.com.

2. Definitions

SERVICE means the appfleece.com and appfleece.cz websites operated by Appfleece and any other connected applications such as those available on subdomains of our websites.

PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

COOKIES are small files stored on your device (computer or mobile device).

DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

DATA SUBJECT is any living individual who is the subject of Personal Data.

THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

4. Types of Data Collected

Website Visitors

• Contact Information: Name, email address, phone number, company details when you submit inquiries through our contact form
• Usage Data: Browser type, operating system, IP address, device identifiers, pages visited, referral sources, timestamps (collected via Google Analytics with your consent)
• Cookies: Essential cookies for site functionality, analytics cookies with consent, and preference cookies

Shopify App Users

• Installation Data: Store URL, installation timestamp, app configuration settings, OAuth access tokens (secured and encrypted)
• Store Information: Basic store details necessary for app functionality, including store name, owner email, and relevant store settings
• Operational Data: Order information, customer details, product data, and other store content as required for specific app features you enable
• Usage Analytics: Anonymized usage patterns, feature interactions, and performance data via PostHog to improve app functionality and user experience
• Session Data: Session replays and user interaction data in our apps to identify usability issues and enhance services

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link.

5. Shopify App Data Access

Our Shopify applications access only the minimum data required for their core functionality. When you install our apps, Shopify requests your approval for specific permissions that enable the app to work properly.

App Categories and Data Access

• E-commerce Enhancement Apps: Apps that improve store functionality, payment processing, and customer experience. These may access order information, customer data, store configuration, and market settings as needed for their features.
• Analytics and Optimization Apps: Apps that provide insights and performance improvements. These may access store data, product information, and usage patterns to deliver analytics and recommendations.
• Automation Apps: Apps that streamline store operations. These may access and modify orders, fulfillments, customer records, and store settings to automate workflows you configure.

General Data Access Principles

• Order Information: To process payments, manage deliveries, and provide order-related features
• Store Configuration: To apply appropriate rules and customize app behavior for your specific setup
• Customer Information: Only when necessary for app features you explicitly enable
• Product Data: For customization, analytics, and feature delivery purposes
• Market and Locale Data: To provide location-appropriate functionality and content

Data Minimization Commitment

We respect your privacy 100%. That's why we never transfer, log, or read any personal information about your customers unless it's strictly necessary for the app's functionality. We only access the data that Shopify grants per the approved permissions and process it solely to provide, secure, and improve the app experience.

Time-Based Access Restrictions

Where possible, we limit data access to recent information (typically the last 60 days) to minimize exposure to historical data while maintaining app functionality.

6. Legal Bases for Processing

• Contract: to provide the site/app and requested features.
• Legitimate interests: to secure, maintain, and improve services.
• Consent: analytics/advertising cookies and optional communications.
• Legal obligations: accounting, tax, and compliance.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website and apps. We employ a consent management system that allows you to control which types of cookies are used.

Cookie Categories

• Strictly Necessary Cookies: Essential for website functionality, security, and your privacy preferences. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website through Google Analytics. Only activated with your consent using Google Consent Mode v2.
• Functional Cookies: Remember your preferences and settings to provide enhanced features.
• Advertising/Marketing Cookies: Used in our apps for personalized features and support chat (Crisp). Not used on our marketing website.

Cookie Management

You can manage your cookie preferences through our consent manager, accessible via the cookie icon on our website. Your choices are respected across all our services and you can change them at any time.

Third-Party Cookies

We may allow selected third-party services to place cookies for analytics and functionality purposes. These are governed by the respective privacy policies of those services.

8. Service Providers (Sub-processors)

We work with carefully selected service providers who process personal data on our behalf under strict contractual obligations to ensure data protection:

Data Processing Agreements

All our service providers are bound by data processing agreements that ensure they:

• Process personal data only on our documented instructions
• Implement appropriate security measures
• Maintain confidentiality of personal data
• Assist with data subject rights requests
• Delete or return data upon termination of services

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• App Data: All app configuration, usage data, and related information is automatically deleted within 48 hours of app uninstallation
• Account and Billing Records: Retained for the duration of the contract and then as required by law for accounting and tax purposes
• Legal Claims: May be retained longer if required for legal proceedings (up to 15 years under Czech law)
• Website Analytics: Data collected by consent-based cookies is retained per provider defaults (typically 14-26 months for Google Analytics)
• Contact Form Data: Retained for 3 years from last contact for customer service purposes

Upon request, we can delete your personal data earlier, subject to legal obligations.

10. International Transfers

We may process data in and outside the EEA using providers with appropriate safeguards (e.g., Standard Contractual Clauses). We ensure equivalent protection where required.

11. Security Measures

We implement comprehensive security measures to protect your personal data:

• Encryption: Data in transit protected with TLS 1.3; data at rest encrypted with AES-256
• Access Controls: Role-based access with multi-factor authentication for team members
• Infrastructure Security: Regular security audits, penetration testing, and vulnerability assessments
• Data Minimization: Collection and processing limited to necessary data only
• Incident Response: Documented procedures for security incidents with notification protocols
• Staff Training: Regular data protection training for all team members handling personal data

While no method is 100% secure, we continually improve our safeguards and follow industry best practices to protect your information.

12. Your Privacy Rights

Under applicable data protection laws (including GDPR, CCPA), you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Request limitation of processing under certain circumstances
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right Not to Be Discriminated Against: No adverse treatment for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@appfleece.com. We will respond typically within 24 hours (and no later than 30 days as required by law) and may request verification of your identity.

Complaints

If you feel we have violated data protection laws and wish to file a complaint, please contact us using the contact details above and describe what happened. We would be happy to discuss everything with you promptly and try to resolve the situation between us to your satisfaction. If you would still prefer to do so, you have the right to contact the relevant data protection authority.

Contact Us

Data Protection Matters: For all data protection inquiries, privacy rights requests, and questions about this policy, contact us at hello@appfleece.com.

General Support: For technical support and general questions about our services, also contact hello@appfleece.com.

All users can request to access or delete their personal data regardless of state-specific privacy laws (like GDPR and CCPA) by contacting us. We typically respond within 24 hours.