Privacy Policy
Last updated: March 2026
Introduction
Welcome to Appcoholic.com ("we", "us", "our"). We are committed to protecting your privacy. This privacy policy explains what data we collect, how we use it, and what choices you have. It applies to our website appcoholic.com, our platform at platform.appcoholic.com, and our mobile apps.
1. Data We Collect
1.1 Account Data
When you sign up for the Appcoholic Platform via Google OAuth, we receive and store your name, email address, and profile picture from your Google account. We use this to authenticate you and manage your account.
1.2 Google Play Data
When you connect your Google Play Console, we access your app reviews and reply to them on your behalf. We store review data (author name, review text, rating, reply text) in our database to provide the review management service.
1.3 Analytics Data
We use Google Analytics 4 (GA4) with Advanced Consent Mode v2 to understand how visitors use our website and platform. The GA4 tracking script loads on every page, but no analytics or advertising data is collected until you give consent via the cookie banner. When you accept cookies, we collect:
- Pages visited and time spent
- Device type, browser, operating system, and screen resolution
- Approximate geographic location (country/city level, not precise)
- Referral source (how you found us)
- Interaction events (clicks, scrolls, form submissions)
Google Analytics uses cookies and similar technologies. Google may also combine this data with data from other Google services. For details, see Google's Privacy Policy.
1.4 AI-Generated Content
We use OpenAI to generate suggested replies to your app reviews. Your review text is sent to OpenAI's API to generate a response. We do not send your personal data (name, email, account information) to OpenAI — only the review content. OpenAI processes this data under their Privacy Policy and does not use API inputs for training.
1.5 Data We Do Not Collect
We do not collect financial or payment information, Social Security numbers, government IDs, precise geolocation, biometric data, or health information.
2. Legal Basis for Processing (GDPR, Art. 6)
We process your personal data based on the following legal grounds:
- Contract performance (Art. 6(1)(b)) — Account creation, Google Play review sync, AI reply generation. These are necessary to provide you the service you signed up for.
- Consent (Art. 6(1)(a)) — Analytics cookies, advertising cookies, Google Ads conversion tracking. You give consent via the cookie banner and can withdraw it at any time.
- Legitimate interest (Art. 6(1)(f)) — Security measures, fraud prevention, and service improvement. Our legitimate interest is to keep the service secure and functional.
3. How We Use Your Data
- To provide and improve the Appcoholic Platform
- To authenticate you and manage your account
- To sync and display your Google Play reviews
- To generate AI-powered reply suggestions
- To analyze website usage and improve our service (only with your consent)
- To measure advertising effectiveness via Google Ads conversion tracking (only with your consent)
- To communicate with you about service updates or respond to your inquiries
We do not sell, rent, or trade your personal data to third parties. We do not share your data with data brokers or for purposes unrelated to providing our service.
4. Cookies & Consent
We implement Google Consent Mode v2 (Advanced mode). By default, all tracking is disabled until you interact with the cookie banner.
4.1 When You Accept Cookies
The following consent signals are granted:
- analytics_storage — allows Google Analytics to store cookies for usage measurement
- ad_storage — allows Google Ads to store cookies for conversion tracking
- ad_user_data — allows sending user data to Google for advertising measurement
- ad_personalization — allows personalized advertising
4.2 When You Decline Cookies
All four consent signals remain "denied". No analytics or advertising cookies are stored. No data is sent to Google Analytics or Google Ads. The website remains fully functional.
4.3 Changing Your Choice
You can change your cookie preference at any time by clearing your browser cookies and revisiting the site. The cookie banner will appear again. You can also disable cookies in your browser settings.
4.4 Cookies We Use
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| appcoholic-cookie-consent | Appcoholic | Stores your cookie consent choice | 1 year |
| _ga, _ga_* | Analytics (only with consent) | 2 years | |
| _gcl_* | Ads conversion tracking (only with consent) | 90 days | |
| x-experiment | Appcoholic | A/B testing variant assignment | 30 days |
5. Third-Party Services & Data Sharing
We share data with the following third parties solely to provide and improve our service:
| Service | Data Shared | Purpose | Location |
|---|---|---|---|
| Google Analytics 4 | Usage data (with consent) | Website analytics | US (Google LLC) |
| Google Ads | Conversion events (with consent) | Advertising measurement | US (Google LLC) |
| Google OAuth | Name, email, profile picture | Authentication | US (Google LLC) |
| Google Play API | Review data, OAuth tokens | Review sync & reply | US (Google LLC) |
| OpenAI API | Review text only (no personal data) | AI reply generation | US (OpenAI LLC) |
| Amazon Web Services | All platform data | Hosting & database | EU (Frankfurt) |
6. International Data Transfers
Your account and review data is stored in the EU (AWS Frankfurt, eu-central-1). However, some third-party services (Google, OpenAI) are based in the United States. Data transfers to the US are protected by:
- The EU-U.S. Data Privacy Framework (for Google LLC and other certified companies)
- Standard Contractual Clauses (SCCs) as adopted by the European Commission
We only transfer data to the US when necessary to provide the service and ensure appropriate safeguards are in place.
7. Data Storage & Security
We implement appropriate technical and organizational measures to protect your data:
- All data in transit is encrypted via HTTPS/TLS
- Database access is restricted by strong passwords and network security
- Authentication tokens (JWT) expire after 7 days
- Google Play OAuth tokens are stored encrypted in our database
- We do not store passwords — authentication is handled by Google OAuth
8. Your Rights — European Union (GDPR)
If you are located in the EU/EEA/UK, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access (Art. 15) — obtain a copy of your personal data
- Right to rectification (Art. 16) — correct inaccurate data
- Right to erasure (Art. 17) — request deletion of your data
- Right to restriction (Art. 18) — restrict processing of your data
- Right to data portability (Art. 20) — receive your data in a machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7) — withdraw consent at any time without affecting the lawfulness of prior processing
To exercise any of these rights, email us at support@appcoholic.com. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In Germany, this is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (HBDI).
9. Your Rights — United States
9.1 California (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:
- Right to know — what personal information we collect, use, and disclose
- Right to delete — request deletion of your personal information
- Right to opt out of sale/sharing — we do not sell or share your personal information as defined by the CCPA/CPRA
- Right to non-discrimination — we will not discriminate against you for exercising your rights
- Right to correct — request correction of inaccurate personal information
- Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA
To exercise these rights, email support@appcoholic.com. We will verify your identity and respond within 45 days.
9.2 Other US States
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with privacy laws have similar rights to access, delete, and opt out of data processing. Contact us at support@appcoholic.com to exercise your rights.
9.3 Do Not Sell or Share
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Google Analytics data collection requires your explicit opt-in consent via our cookie banner.
10. Data Retention
We retain your data for the following periods:
- Account data — retained while your account is active. Deleted within 30 days after account deletion.
- Review data — retained while your account is active.
- Google Play OAuth tokens — retained while connected. Deleted when you disconnect or delete your account.
- Analytics data — retained by Google for up to 14 months (our GA4 retention setting). We do not control this data after it is sent to Google.
- Cookie consent preference — stored locally in your browser for 1 year.
11. Children's Privacy
Our services are not directed at children under the age of 16 (EU) or 13 (US). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@appcoholic.com and we will delete it promptly.
12. Do Not Track (DNT)
Some browsers send a "Do Not Track" signal. We honor DNT signals by not loading analytics or advertising scripts when cookies are declined. Our Consent Mode v2 implementation ensures no tracking occurs without your explicit consent, regardless of DNT settings.
13. Data Controller
The data controller responsible for your personal data is:
Dr. Wahed Hemati
Radilostraße 35
60489 Frankfurt am Main
Germany
Email: support@appcoholic.com
14. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.