Appruuv

Privacy Policy

Last updated: March 2026

1. Introduction

Appruuv ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our content approval platform. We are a UK-based data controller and process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, password)
  • Client information (names, email addresses, company names)
  • Content you upload (images, videos, captions)
  • Communications and feedback
  • Payment information (processed securely by Stripe)

2.2 Information Collected Automatically

  • Device and browser information
  • IP address and location data
  • Cookies and similar technologies (essential cookies only — see Section 9)

3. How We Use Your Information

  • To provide and maintain our service
  • To process your transactions and send related information
  • To send you notifications about approvals and account activity
  • To respond to your comments, questions, and requests
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

4. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

  • Contract (Article 6(1)(b)): Processing your account data, payment information, and client data is necessary to perform our contract with you — i.e., providing the Appruuv service.
  • Legitimate Interest (Article 6(1)(f)): Sending you transactional notifications (e.g., approval status updates), maintaining platform security, rate limiting, and fraud prevention (including trial abuse prevention via hashed email retention).
  • Legal Obligation (Article 6(1)(c)): Retaining certain records as required by applicable tax and financial regulations.
  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as accepting our Privacy Policy and Terms of Service at sign-up. You may withdraw consent at any time by contacting us or deleting your account.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Third-party companies that help us operate our service:
    • Supabase — database, authentication, and file storage
    • Stripe — payment processing
    • Resend — email delivery
    • Cloudflare — security, CDN, and CAPTCHA protection
    • Upstash — rate limiting
    • Mux — video processing and optimised streaming
    • Vercel — application hosting and server-side infrastructure
  • Your Clients: When you send content for approval, clients can view the content and associated notes via a unique approval link
  • Legal Requirements: When required by law or to protect our rights

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Our data retention policies are as follows:

  • Account Data: Your profile, client information, posts, and metadata remain in the system for as long as your account exists, regardless of subscription status.
  • Media Files: Images and videos are automatically deleted 45 days after upload for all subscription tiers (Starter, Pro, and Premium) to optimise storage. Post metadata is retained with a flag indicating media has been deleted.
  • Subscription Lapses: If your subscription becomes inactive due to payment failure or cancellation, your account data and recent media files remain in the system, allowing you to restore access by reactivating your subscription.
  • Account Deletion: You can permanently delete your account at any time from your settings. This action requires password confirmation and immediately deletes all associated data including profile, clients, posts, media files, and usage statistics. Account deletion cannot be undone.
  • Fraud Prevention Records: To prevent abuse of our 7-day free trial, we retain a cryptographic hash (SHA-256) of your email address after account deletion. This hashed record cannot be reversed to reveal your email address and is retained solely for fraud prevention under UK GDPR Article 6(1)(f) legitimate interest. This prevents users from repeatedly deleting accounts to claim multiple trials. If you have concerns about this retention, please contact us at privacy@appruuv.com.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Row Level Security (RLS) on all database tables to prevent unauthorised access
  • Encryption in transit (HTTPS/TLS) and at rest for all data
  • Rate limiting to prevent abuse and brute-force attacks
  • CAPTCHA protection (Cloudflare Turnstile) on public forms and approval responses
  • Input sanitisation to prevent XSS and injection attacks
  • Secure password hashing and authentication via Supabase Auth
  • EXIF metadata stripping from uploaded images to protect location privacy
  • Regular security audits and updates

However, no method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Your Rights (UK GDPR)

If you are in the United Kingdom, you have the following rights under the UK GDPR:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data in a machine-readable format (available via the "Export My Data" feature in your account settings)
  • Objection: Object to processing of your data
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at privacy@appruuv.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk or by phone on 0303 123 1113.

9. Cookies

We use only essential cookies that are strictly necessary for the operation of our service. These include session cookies for authentication and a cookie consent preference cookie. We do not use any optional, analytics, or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may affect the functionality of our service.

10. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:
Email: privacy@appruuv.com

← Back to Home