Privacy Policy

Last modified: April 4, 2026

1. Introduction & Overview

AppSalon Pty Ltd (ABN: 42 644 031 327), a company registered in Australia, operates Appoven, an AI discovery engine using evolutionary code generation. This Privacy Policy explains how we collect, use, disclose and otherwise handle your personal information.

We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy applies to all users of Appoven and covers the information we collect through the Appoven website and application.

By accessing and using Appoven, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the service.

2. Information We Collect

2.1 Account Information

When you create an account with Appoven, we collect the following information:

• Full name

• Email address

This information is necessary to establish and maintain your account and provide you with access to Appoven’s services.

2.2 Usage Data

We collect information about how you interact with Appoven, including:

• Features accessed

• Actions performed within the service

• Time and duration of activities

• Interactions with the evolutionary code generation features

This usage data is collected internally to help us understand how the service is used and to improve your experience.

2.3 Content You Provide

Appoven is designed to accept and process content you provide, including:

• Prompts and descriptions

• Application specifications

• Code markdown and documentation

• Evolutions and modifications of code

This content is essential to the operation of Appoven’s AI discovery engine. Please note that we use this content to improve Appoven’s services, including by incorporating it into our pattern library. There is no opt-out for this usage. If you do not consent to this use of your content, you should not use Appoven.

2.4 Payment Information

If you purchase a subscription plan or credit pack, payment information, including credit card details, is collected and processed by Polar.sh (a payment service provider based in Sweden) via Stripe Connect. Appoven does not directly store, collect or process credit card numbers or sensitive payment details. Polar.sh is the Merchant of Record and is responsible for the secure handling of your payment information. For information about how Polar.sh handles your payment data, please refer to their privacy policy.

2.5 Technical Data

When you access Appoven, we collect technical information including:

• IP address

• Browser type and version

• Device information

• Operating system

• Referrer information

This technical data is collected through our CDN provider, Cloudflare, to enhance security and service delivery.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate Appoven and deliver the services you request

• To process payments via Polar.sh and manage your billing account

• To improve Appoven’s services, features and user experience, including by incorporating your content and prompts into our pattern library

• To communicate with you about your account, service updates, and support requests

• To comply with legal obligations and regulatory requirements

• To enforce our Terms of Service and other agreements

• To prevent fraud, abuse and illegal activity

• To use anonymised or attributed project details in case studies, marketing materials, or documentation, but only where you have voluntarily opted in for that specific project

4. AI Processing & Third-Party Data Sharing

Appoven relies on third-party AI providers and service providers to deliver its core functionality. Your data may be shared with these providers as described below.

4.1 AI Providers (Anthropic, Google, OpenAI)

Appoven sends the following information to AI providers to generate and evolve code:

• Your prompts and descriptions

• Application documentation

• Code markdown

• Evolutions of code markdown

Importantly, we do not send your account information, personal details, or billing information to AI providers. The data sent to AI providers is limited to the content necessary to process your requests.

Data transfers to these providers involve transmission to the United States. These transfers are necessary for the core operation of Appoven’s AI discovery engine. Please note that AI providers may retain data for abuse monitoring and safety purposes as described in their respective privacy policies.

4.2 Polar.sh (Sweden) — Payment Processing

Payment information, including your billing address and transaction details, is shared with Polar.sh via Stripe Connect for payment processing. Polar.sh is the Merchant of Record and is responsible for secure payment handling. Your credit card information is not directly stored or processed by Appoven.

4.3 Cloudflare — CDN, Security and Analytics

Your technical data (IP address, browser type, device information) is processed by Cloudflare to provide CDN services and enhance security. We also use Cloudflare Web Analytics to collect anonymous, aggregated website usage data such as page views, referral sources, and general visitor trends. Cloudflare Web Analytics does not use cookies, does not track individual users, and does not collect personal data. Cloudflare operates globally with data processing facilities in multiple jurisdictions.

4.4 Hetzner (Germany) — Server Hosting

Basic metadata and non-sensitive account data is stored on servers operated by Hetzner in Germany, a jurisdiction within the European Union. Hetzner hosts our infrastructure and ensures secure data storage.

4.5 Klaviyo (United States) — Email Marketing

We use Klaviyo to send marketing emails, product updates, and promotional communications. If you subscribe to our mailing list or create an account, your name and email address may be shared with Klaviyo for this purpose. Klaviyo processes this data in the United States. You can unsubscribe from marketing emails at any time using the unsubscribe link in any email.

4.6 RunPod (United States) — GPU Compute

Appoven uses RunPod to provide GPU compute resources for AI processing tasks. Your prompts and code content may be processed on RunPod infrastructure located in the United States as part of Appoven’s code generation and evolution pipeline. No personal account information is shared with RunPod.

5. International Data Transfers

Appoven operates from Australia and transfers your information to service providers in various jurisdictions to provide and improve the service. The primary international data transfers are:

• United States: AI providers (Anthropic, Google, OpenAI) process your prompts, code and content; RunPod provides GPU compute resources; Klaviyo processes email marketing data

• Germany: Hetzner hosts our metadata and basic account information

• Sweden: Polar.sh processes payment and financial information via Stripe Connect

• Global: Cloudflare operates CDN and security services across multiple jurisdictions

We take steps to ensure appropriate safeguards are in place for all international data transfers, including contractual arrangements with our service providers and, where applicable, reliance on adequacy decisions and standard contractual clauses.

6. Data Retention

We retain your information for the following periods:

Account data (name, email, company, address, phone): Retained indefinitely until you request deletion. Following account deletion, we will erase this data within a reasonable timeframe, except where required to be retained for legal or tax purposes.

Content data (prompts, code, descriptions): Retained while your account is active. Upon account deletion, you may request erasure of this data. Please note that anonymised or aggregated versions of this data may be retained indefinitely as part of our pattern library.

Pattern library: Retained indefinitely in anonymised or aggregated form to improve Appoven’s services. This data cannot be used to re-identify you.

Payment records: Retained for seven (7) years in accordance with Australian tax law and financial record-keeping requirements.

Project outputs: 72 hours after project completion.

Usage logs and technical data: Retained for up to 12 months to ensure service quality and security.

7. Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access your personal information held by Appoven

• Request correction of inaccurate or outdated information

• Request erasure of your personal information, subject to certain exceptions (such as legal obligations and anonymised data used in the pattern library)

• Withdraw your consent for the use of your content in our evolutionary process. Note: Withdrawing this consent means you will no longer be able to use Appoven, as content usage is fundamental to the service’s operation.

• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Privacy Act

To exercise any of these rights, please contact us at privacy@appoven.io with your request. We will respond to access and correction requests within 30 days where practicable.

8. Data Security

We implement comprehensive security measures to protect your personal information from unauthorised access, modification, and disclosure:

• Encryption at rest: All stored data is encrypted using AES-256 encryption

• Encrypted backups: Database and system backups are encrypted using AES-256 encryption

• Encryption in transit: All data transmitted between your device and Appoven is encrypted using TLS via Cloudflare

• Access control: Access to sensitive data is restricted to authorised personnel only

Whilst we maintain appropriate security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.

9. Children’s Privacy

Appoven is designed for users who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected information from a person under 18, we will take steps to delete such information promptly and terminate the person’s account. If you are aware of a minor using Appoven, please contact us at privacy@appoven.io.

10. Cookies & Tracking

Appoven uses cookies and similar tracking technologies only as necessary for the operation of the service.

Essential cookies: We use essential cookies for session management, user authentication and security. These cookies are necessary for the service to function properly.

Cloudflare Web Analytics: We use Cloudflare Web Analytics to understand general website usage patterns such as page views and referral sources. This service is privacy-preserving — it does not use cookies, does not track individual users, and does not collect personal data. No additional consent is required for this analytics service.

Internal tracking: We collect internally generated analytics about how you use Appoven to improve service performance and user experience.

You can disable cookies in your browser settings, though this may affect the functionality of Appoven. For more information about cookies and how to manage them, please visit www.allaboutcookies.org.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology and legal requirements. We will notify you of any material changes by updating the “Last updated” date at the top of this policy. If the changes are significant, we will provide you with notice via email or through prominent notification on the Appoven website or application.

Your continued use of Appoven after changes have been published constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@appoven.io

ABN: 42 644 031 327

13. Complaints

If you believe that Appoven has breached the Privacy Act 1988 (Cth) or the Australian Privacy Principles, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Contact details for the OAIC:

Website: www.oaic.gov.au

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au