This Data Processing Agreement ("DPA") is incorporated into and forms part of the Appmeasurely Terms of Service. It applies to the processing of personal data under GDPR and other applicable data protection laws.
1. Definitions
- Controller: The customer who determines the purposes and means of processing personal data.
- Processor: Appmeasurely, which processes personal data on behalf of the Controller.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on personal data.
- Sub-processor: Any third party engaged by Appmeasurely to process personal data.
2. Scope & Purpose
Appmeasurely processes personal data solely for the purpose of providing mobile measurement, attribution, and analytics services as described in the Terms of Service. Processing is carried out only on documented instructions from the Controller.
3. Data We Process
| Data Type | Purpose | Retention |
|---|---|---|
| Device identifiers (IDFA, GAID) | Attribution & fraud detection | Per plan (30–365 days) |
| IP addresses | Geo-location & fraud detection | 90 days |
| In-app event data | Analytics & reporting | Per plan |
| Install timestamps | Attribution | Per plan |
| User agent strings | Device detection | 90 days |
4. Security Measures
Appmeasurely implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security testing. See our Security page for details.
5. Sub-processors
We use the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | AWS (Singapore / US) |
| Netlify | Frontend hosting | Global CDN |
| Stripe | Payment processing | US / EU |
6. Data Subject Rights
We will assist you in responding to data subject requests (access, deletion, portability, etc.) to the extent technically feasible. We will notify you of any data subject requests we receive directly.
7. Data Breach Notification
In the event of a personal data breach, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, to the extent possible.
8. Data Transfers
Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission or other legally recognised transfer mechanisms.
9. Termination & Data Deletion
Upon termination of the agreement, we will delete or return all personal data within 30 days, unless legally required to retain it longer.
DPA Requests
Enterprise customers may request a signed DPA by contacting:
legal@appmeasurely.com