Scope: How AppReclaim LLC ("AppReclaim") collects, uses, shares, and protects information in the Service. For enterprise processing on your behalf, the DPA applies.
1. Information We Collect
- Account Data: Name, email, company, role, SSO claims, profile preferences
- Billing Data: Stripe tokens; no full card numbers stored
- Integration Data: Tenant metadata, license/SKU assignments, usage metrics from connected platforms (Microsoft 365, Google Workspace, Slack)
- Smart Tracking Data: User counts, license assignments, and usage data from Okta, Zoom, Zendesk, DocuSign, Salesforce, and GitHub via API connections or manual entry
- PSA Integration Data (MSP Partners): Ticket metadata, client organization mappings, and billing information from ConnectWise, Autotask, HaloPSA, Syncro, Kaseya BMS, SuperOps, and Atera
- Branding Data (MSP Partners): Company logos, brand colors, and custom report configurations for white-label features
- Technical Data: IP address, device/browser information, logs, cookies
- Support Data: Support tickets, attachments, and communication history
2. How We Use Information
- Operate, secure, and improve the Service
- AI summaries, recommendations, health scores & optimization insights (actions require explicit approval)
- Payments/subscriptions via Stripe
- Communications about updates, security, and support
- Legal compliance and fraud prevention
3. Legal Bases (GDPR)
- Contract performance
- Legitimate interests (security, service improvement)
- Consent (cookies, marketing communications)
- Legal obligation
4. Sharing & Disclosures
We share personal information only as necessary to provide the Service:
- Service Providers: Under confidentiality and data‑processing obligations
- Legal Compliance: When required by law, court order, or legal process
- Corporate Transactions: In connection with mergers, acquisitions, or asset sales
4A. Sub-Processors
We use the following categories of sub-processors to deliver our services:
| Category | Provider | Purpose |
|---|
| Payment Processing | Stripe | Subscription billing and payment handling |
| Email Delivery | Postmark | Transactional emails and notifications |
| Cloud Infrastructure | Supabase / AWS | Database, authentication, and hosting |
| Error Monitoring | Sentry | Application error tracking and debugging |
| AI Processing | OpenAI / Google | AI-powered insights and recommendations |
A complete sub-processor list is available upon request at legal@appreclaim.com.
4B. MSP Partner Data Sharing
For MSP Partner accounts: Client organization data is accessible to the managing MSP account as designated by the partner relationship. MSP Partners act as controllers for their end-client relationships and are responsible for appropriate data handling agreements with their clients.
4C. No Sale of Personal Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5. International Transfers
Standard Contractual Clauses (SCCs) or other approved safeguards where required for transfers outside EEA/UK.
6. Retention
Data retained for subscription term plus reasonable period for legal/operational needs; deletion/return on termination or request, subject to legal holds and backup retention policies.
7. Your Rights (GDPR)
If you are in the EEA, UK, or Switzerland, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Limit how we use your data
- Objection: Object to certain processing activities
- Withdraw Consent: Where processing is based on consent
Contact legal@appreclaim.com. We respond within 30 days.
7A. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Your Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell about you
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted without additional consent
- Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address, account ID)
- Commercial information (subscription history, transaction records)
- Internet activity (usage logs, feature interactions)
- Professional information (company name, job role)
- Inferences (usage patterns, recommendations)
How to Submit a Request
To exercise your California privacy rights:
- Email: privacy@appreclaim.com
- Subject line: "California Privacy Request"
- Include your name and account email for verification
You may designate an authorized agent to submit requests on your behalf. We will verify your identity and, if applicable, your agent's authority before processing requests. Requests are fulfilled within 45 days (extendable by an additional 45 days with notice).
Do Not Sell or Share My Personal Information
AppReclaim does not sell your personal information and does not share it for cross-context behavioral advertising purposes. Therefore, there is no need to opt out, but you may contact us at any time to confirm this status.
8. Security
Administrative, technical, physical safeguards; encryption in transit (TLS 1.2+); role-based access control (RBAC); monitoring and logging; regular security assessments.
9. Children
Service not intended for children under 16; no knowing collection of children's data. If we learn we have collected personal information from a child under 16, we will delete it promptly.
10. Changes
We will note effective dates and notify of material changes via email or in-app notification. Continued use after changes constitutes acceptance.
11. Contact
For privacy inquiries:
Appendix: Data Processing Addendum (DPA)
A. Roles & Scope
Customer=Controller; AppReclaim=Processor for Customer Data processed on behalf of Customer.
B. Instructions
Processing solely per Customer's documented instructions and authorized integrations.
C. Security Measures
- Access controls and least‑privilege
- Encryption in transit (TLS 1.2+)
- Monitoring, logging, and alerting
- Backups and business continuity planning
D. Sub‑processors
Contractually bound with equivalent protections; list available on request at legal@appreclaim.com.
E. Data Subject Requests
Assistance for access/correction/deletion/portability requests within reasonable timeframes.
F. Transfers
Standard Contractual Clauses or other valid mechanisms for international transfers.
G. Incident Notification
Notice without undue delay (within 72 hours where feasible) of personal data breaches impacting Customer Data.
H. Return/Deletion
Delete or return Customer Data upon termination unless law requires retention.
I. Audits
Annual audit rights on reasonable written request, subject to confidentiality and reasonable notice.
12. Related Documents