GDPR Compliance

AppReviewBot is committed to protecting your personal data and respecting your privacy rights under the European Union's General Data Protection Regulation (GDPR). This page outlines our compliance measures, your rights, and how we handle personal data in accordance with GDPR requirements.

Data Controller Information

The Sealey Company LLC, operating as AppReviewBot, is the data controller responsible for your personal data. We are incorporated and based in the United States at:

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Legitimate Interests (Article 6(1)(f)): To provide app review monitoring services, improve our platform, and ensure service security
• Consent (Article 6(1)(a)): When you explicitly consent to marketing communications or optional data collection
• Contract Performance (Article 6(1)(b)): To fulfill our contractual obligations in providing our services to you
• Legal Compliance (Article 6(1)(c)): To comply with applicable laws and regulations

Categories of Personal Data We Process

In providing our app review monitoring and notification services, we may process the following categories of personal data:

Identity and Contact Data

• Name, email address, and professional title
• Company affiliation and business contact information
• Account credentials and authentication information

Service Usage Data

• App store review data and monitoring preferences
• Integration settings for communication platforms (Slack, Teams, Discord, etc.)
• Service interaction logs and usage analytics
• Support communications and feedback

Technical Data

• IP addresses, browser information, and device identifiers
• Cookies and similar tracking technologies
• System logs and security monitoring data

Financial Data

• Billing information and payment history (processed securely through Stripe)
• Subscription details and usage metrics for billing purposes

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to your personal data and information about how we process it.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

Right to Erasure (Article 17)

You have the right to request the deletion of your personal data under certain circumstances, including when the data is no longer necessary for the original purpose.

Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests, including for direct marketing purposes.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw your consent at any time.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

• Email: privacy[at]appreviewbot.com with "GDPR Request" in the subject line
• Contact form: Visit our contact page and specify "GDPR Request" in your message
• Mail: Send written requests to our postal address listed above

We will respond to your request within one month of receipt. In complex cases, we may extend this period by up to two additional months, and we will inform you of any such extension.

International Data Transfers

AppReviewBot operates from the United States, and your personal data may be transferred to, processed, and stored in the United States and other countries where our service providers operate. When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Additional technical and organizational measures to ensure data protection

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal obligations:

• Account Data: Retained while your account is active and for up to 2 years after account closure for legal and business purposes
• Service Data: Review monitoring data is retained for the duration of your subscription and up to 1 year thereafter
• Communication Records: Support communications are retained for up to 3 years for quality assurance and legal compliance
• Financial Data: Billing records are retained for up to 7 years to comply with tax and accounting requirements

Security Measures

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Safeguards

• Encryption of data in transit using TLS 1.3 and at rest using AES-256
• Multi-factor authentication and role-based access controls
• Regular security monitoring, vulnerability assessments, and penetration testing
• Secure backup and disaster recovery procedures

Organizational Safeguards

• Regular privacy and security training for all personnel
• Data processing agreements with all third-party processors
• Privacy impact assessments for high-risk processing activities
• Incident response procedures and breach notification protocols

Third-Party Processors and Subprocessors

We work with carefully selected third-party service providers to deliver our services. All processors are bound by GDPR-compliant data processing agreements:

• Cloud Infrastructure: Amazon Web Services (AWS) for secure data hosting and processing
• Payment Processing: Stripe for secure payment processing and billing
• Analytics: Privacy-focused analytics providers for service improvement
• Communication Platforms: Integration partners including Slack, Microsoft Teams, Discord, and others
• Support Services: Customer support and communication tools

A complete and up-to-date list of our subprocessors is available in our Data Processing Agreement.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Communicate the breach to affected data subjects without undue delay if the breach poses a high risk
• Provide clear information about the nature of the breach, likely consequences, and measures taken
• Document all breaches and our response measures for regulatory review

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. While we encourage you to contact us first, you may contact your local data protection authority or the Irish Data Protection Commission if you are in the EU.

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Updates to This Policy

We may update this GDPR compliance page to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

• Posting a notice on our website and in our application
• Sending email notifications to registered users
• Providing in-app notifications for significant changes

Changes will take effect 30 days after notification unless immediate compliance is required by law.

Contact Information

For questions about GDPR compliance, to exercise your rights, or to raise privacy concerns, please contact our Data Protection Officer:

We are committed to protecting your privacy and ensuring GDPR compliance across all our services. If you have any questions about our data protection practices, please don't hesitate to contact us.

This GDPR compliance page is effective as of July 15, 2025.