Scope: How AppReclaim LLC (“AppReclaim”) collects, uses, shares, and protects information in the Service. For enterprise processing on your behalf, the DPA applies.

1. Information We Collect

Account Data (name, email, company, role, SSO claims)
Billing Data (Stripe tokens; no full card numbers)
Integration Data (tenant metadata, license/SKU assignments, usage metrics)
Technical Data (IP, device/browser, logs, cookies)
Support Data (tickets, attachments)

2. How We Use Information

Operate, secure, and improve the Service
AI summaries & recommendations (actions require approval)
Payments/subscriptions via Stripe
Comms about updates/security/support
Legal compliance

3. Legal Bases (GDPR)

Contract
Legitimate interests
Consent (cookies/marketing)
Legal obligation

4. Sharing & Disclosures

Service providers (hosting, analytics, payments) under confidentiality and data‑processing obligations; legal compliance; corporate transactions. No selling of personal data.

5. International Transfers

SCCs or other safeguards where required.

6. Retention

Retained for subscription term; deletion/return on termination or request, subject to legal holds.

7. Your Rights

Access, rectification, deletion, portability, restriction/objection; contact legal@appreclaim.com.

8. Security

Administrative, technical, physical safeguards; encryption in transit; RBAC; monitoring.

9. Children

Not for children under 16; no knowing collection.

10. Changes

We will note effective dates and notify of material changes.

11. Contact

Email legal@appreclaim.com or write 4545 E Warren Ave, Denver, CO.

Appendix: Data Processing Addendum (DPA)

A. Roles & Scope

Customer=Controller; AppReclaim=Processor.

B. Instructions

Processing solely per Customer’s documented instructions and authorized integrations.

C. Security Measures

Access controls and least‑privilege
Encryption in transit
Monitoring/logging
Backups/BCP

D. Sub‑processors

Contractually bound with equivalent protections; list available on request.

E. Data Subject Requests

Assistance for access/correction/deletion/portability.

F. Transfers

SCCs or other valid mechanisms.

G. Incident Notification

Notice without undue delay of personal data breaches impacting Customer Data.

H. Return/Deletion

Delete or return upon termination unless law requires retention.

I. Audits

Annual audit rights on reasonable written request, subject to confidentiality.