Privacy Policy

1.1 For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Company is the data controller responsible for your personal data processed in connection with the Platform. 1.2 If you have any questions about this Privacy Policy or our data processing practices, please contact us at: AFFPRO LTD 4 Montpelier Street, Suite 118 London, England SW7 1EE United Kingdom Email: contact@affpro.app 1.3 Following an assessment of our processing activities, we have determined that appointment of a Data Protection Officer (DPO) is not mandatory under Article 37 UK GDPR. However, any inquiries regarding data protection should be directed to the contact details above.

We may collect, use, store, and transfer the following categories of personal data about you: 2.1 Account and Profile Data. When you register for an account, we collect your full name, email address, Telegram handle (for communication purposes), company name, VAT number (if provided), and your login credentials (username and encrypted password). This data is collected via registration forms on the Platform to establish your identity as a registered user. 2.2 Transaction and Financial Data. We collect details about your Subscription plan, billing history, payment amounts, dates, and the last four digits of the payment method used. We do not store full payment card details, as these are processed by our third-party payment processors. 2.3 Technical and Usage Data. We automatically collect information about your device and how you interact with the Platform. This includes IP address, browser type and version, time zone setting, operating system, platform identifiers, clickstream data, and logs of your activities within the Platform (e.g., creation of Flows, PWA configurations). 2.4 Communication Data. If you contact us for support (via contact@affpro.app) or respond to our communications, we will collect the content of those communications, your email address, and any metadata associated with the correspondence. 2.5 User Content Data. In the course of providing the Platform, you may upload, configure, or transmit data that may contain personal data. This includes, but is not limited to, metadata for PWAs (such as app descriptions and developer names), user comments (including auto-generated comments), and configuration settings. You are the data controller for this User Content. We act as a data processor with respect to such personal data. A Data Processing Agreement (DPA) governing such processing is available upon request at contact@affpro.app.

We process your personal data only when we have a lawful basis to do so under the UK GDPR. The legal bases are as follows: 3.1 Processing is necessary for the performance of our contract with you (i.e., to provide the Platform as described in these Terms of Use). This applies to Account creation, subscription management, billing, core Platform functionality, and the processing of User Content as instructed by you. (UK GDPR Article 6(1)(b)). 3.2 Processing is necessary for our legitimate business interests, provided such interests are not overridden by your data protection rights. Our legitimate interests include: (a) Preventing fraud, abuse, and unauthorized access to the Platform; (b) Maintaining the security and integrity of our IT systems; (c) Improving, developing, and optimizing the Platform (as set out in Section 4.6); (d) Enforcing our legal rights and defending against claims. (UK GDPR Article 6(1)(f)). 3.3 Processing is necessary for compliance with a legal obligation to which we are subject, such as maintaining financial records for tax authorities or responding to lawful requests from public authorities. (UK GDPR Article 6(1)(c)). 3.4 In limited circumstances (such as for optional marketing communications), we will rely on your explicit consent. You have the right to withdraw such consent at any time. (UK GDPR Article 6(1)(a)).

We use your personal data for the following purposes: 4.1 To provide, operate, and maintain the Platform, including managing your Account, processing payments, configuring PWAs, and delivering support services. 4.2 To manage billing, subscriptions, and the Account Balance system, including generating invoices, processing payments, and enforcing payment obligations. 4.3 To communicate with you, including sending administrative emails (e.g., confirmation of registration, updates to this Policy, security alerts, and responses to support requests) and using your Telegram handle for communication where applicable. 4.4 To ensure security and prevent abuse, including monitoring for violations of our Terms of Use (specifically the Prohibited Conduct provisions), detecting fraud, and protecting the Platform from unauthorized access or malicious activity. 4.5 To comply with legal and regulatory obligations, including responding to lawful requests from courts, law enforcement, or regulatory authorities such as the Information Commissioner's Office (ICO). 4.6 To improve and develop our services (legitimate interests under Article 6(1)(f)), including analyzing usage trends and technical performance. Any such analysis is conducted on an anonymized or pseudonymized basis where possible.

We may share your personal data with the following categories of third parties: 5.1 We engage third-party companies to perform services on our behalf. These include: (a) Payment processors (e.g., Stripe) to handle billing transactions. (b) Cloud infrastructure providers (e.g., DigitalOcean, AWS) to host and secure the Platform. (c) Analytics providers to help us monitor and improve Platform performance. 5.2 The Platform allows integration with third-party services such as Cloudflare (for DNS) and advertising platforms (for pixels). If you configure such integrations, certain data (including IP addresses and user interaction data) may be shared with those third parties. You are responsible for reviewing their privacy policies. We act as a conduit for this data at your direction. 5.3 We do not sell or rent your personal data to third parties. Your Account Data, including your email address, name, and Telegram handle, is used exclusively within the Platform and is not shared with external parties, except as required for the technical operation of the service (e.g., hosting) or as mandated by law. 5.4 In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

6.1 We are based in the United Kingdom. Your personal data is stored on servers operated by DigitalOcean, located within the European Economic Area (EEA). 6.2 Data Storage and Infrastructure. (a) All primary data, including account details, profile information, and transaction records, is stored in a secure database hosted on DigitalOcean infrastructure. (b) Design assets, including Progressive Web App (PWA) configurations and related visual elements, are stored using Cloudflare’s services, which may involve caching at edge locations globally to ensure performance. 6.3 To provide the Platform, we may transfer data to countries outside the UK and the EEA, including the United States, where certain third-party service providers (such as Cloudflare) are located. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, in accordance with UK data protection law. This includes: (a) Transferring data to countries that have been deemed to provide an adequate level of protection by the UK government; or (b) Using specific contracts approved by the UK Information Commissioner's Office (ICO), which may include: (i) International Data Transfer Agreements (IDTAs); or (ii) the UK Addendum to the EU Standard Contractual Clauses, where applicable. 6.4 You may request a copy of these safeguards by contacting us at contact@affpro.app.

7.1 We have implemented appropriate technical and organizational security measures designed to protect your personal data from accidental loss, unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit (via TLS) and at rest, access controls, and regular security monitoring. Access to your personal data is strictly limited to authorized team members who require it for operational, development, or support purposes. 7.2 Notwithstanding the foregoing, you acknowledge that the security of information transmitted via the internet cannot be guaranteed. You are responsible for keeping your login credentials confidential. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform.

8.1 We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. 8.2 We retain your Account and associated personal data for the duration of your active Account. Upon termination of your Account, we will delete or anonymize your Account data within thirty (30) days, except where retention is required under Section 8.3 or applicable law, or where data is stored in backup systems, in which case deletion will occur in the ordinary course of backup rotation. 8.3 We retain financial records (invoices, payment history) for a period of seven (7) years following the end of the tax year to which they relate, to comply with HMRC and Companies House requirements. 8.4 We retain aggregated and anonymized usage data for analytical purposes indefinitely. Pseudonymized logs may be retained for up to twelve (12) months for security and fraud prevention purposes.

Depending on your location and under the UK GDPR, you have the following rights regarding your personal data: 9.1 Right to Access. You have the right to request a copy of the personal data we hold about you (a "subject access request"). 9.2 Right to Rectification. You have the right to request that we correct any incomplete or inaccurate personal data we hold about you. 9.3 Right to Erasure (Right to be Forgotten). You have the right to request that we delete your personal data, subject to certain exceptions (e.g., where we are required to retain data for legal compliance). 9.4 Right to Restrict Processing. You have the right to request that we suspend the processing of your personal data in certain circumstances, such as if you contest its accuracy. 9.5 Right to Data Portability. You have the right to request the transfer of your personal data to another controller in a structured, commonly used, machine-readable format. 9.6 Right to Object. You have the right to object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for processing. 9.7 Rights Related to Automated Decision-Making. We do not make solely automated decisions that produce legal or similarly significant effects concerning you within the meaning of Article 22 UK GDPR. 9.8 To exercise any of these rights, please contact us at contact@affpro.app. You will not have to pay a fee to access your personal data (or exercise any of the other rights). We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. 9.9 You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us first.

10.1 The Platform is a business-to-business ("B2B") service. Accordingly, where we process personal data of individuals acting in the course of their employment, trade, business, or profession (e.g., your employees or agents), the provisions of this Policy apply. This Policy specifically applies to the processing of data of registered users of the Platform. 10.2 If you are a Business User, you acknowledge that you are responsible for ensuring that any personal data you upload or transmit via the Platform (including in the construction of PWAs) is processed in compliance with applicable data protection laws, including obtaining any necessary consents from end users. You indemnify us for any liability arising from your failure to do so.

11.1 We use cookies and similar tracking technologies to operate and secure the Platform, analyze usage, and for technical functionality. We do not use non-essential marketing cookies without your consent. 11.2 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Platform may become inaccessible or not function properly. 11.3 For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookie Policy available on the Platform.

12.1 The Platform integrates with third-party services to provide functionality, including but not limited to Cloudflare, third-party payment processors, and advertising platforms (collectively, "Third-Party Services"). 12.2 This Privacy Policy does not apply to such Third-Party Services. We are not responsible for the privacy practices or content of these third parties. You should review the privacy policies of any Third-Party Service you connect to or use in conjunction with the Platform.

13.1 The Platform is a B2B service and is not intended for use by individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal data from anyone under the age of 18. 13.2 If you become aware that a child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information.

14.1 We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. If we make material changes, we will provide reasonable prior notice by posting the updated Policy on the Platform with a revised "Last updated" date and/or by sending a notification to the email address associated with your Account. 14.2 You are responsible for reviewing this Policy periodically. Your continued use of the Platform following the effective date of any changes constitutes your acceptance of the modified Policy. If you do not agree to the modified Policy, you must stop using the Platform and terminate your Account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at: AFFPRO LTD 4 Montpelier Street, Suite 118 London, England SW7 1EE United Kingdom Email: contact@affpro.app