Privacy Policy

Last updated: April 21, 2026

AppColab LLC, a Colorado limited liability company located in Parker, Colorado ("AppColab", "Company", "We", "Us", or "Our"), respects Your privacy. This Privacy Policy explains how We collect, use, disclose, retain, and safeguard personal information when You visit https://appcolab.com (the "Website") or use Our software products, software-as-a-service applications (including Salesforce AppExchange applications), APIs, and related services (collectively, the "Service").

By accessing or using the Service, You acknowledge that You have read and understood this Privacy Policy. If You do not agree with Our practices, please do not use the Service.

1. Scope and Roles

This Privacy Policy applies to personal information that AppColab processes as a controller (i.e., where AppColab determines the purposes and means of processing), such as information We collect through the Website, marketing activities, and account management.

Where AppColab processes personal information on behalf of a business customer through the Service (for example, data submitted into a Salesforce-based product by a customer's end users), AppColab acts as a processor or service provider for that customer. In such cases, the customer is the controller, and its privacy notice and agreement with AppColab govern the processing. Please direct requests relating to such data to the applicable customer.

2. Definitions

• Personal Data (or "personal information") means information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual.
• Processing means any operation performed on Personal Data, such as collection, use, storage, disclosure, or deletion.
• Service Provider means a third party that processes Personal Data on Our behalf.
• You means the individual accessing or using the Service.

3. Information We Collect

3.1 Information You Provide

• Account and Contact Information such as name, email address, company, job title, phone number, the reason for contacting Us, and the content of Your message, when You fill out the contact form, create an account, request a demo, subscribe, contact support, or sign up for marketing.
• Transaction Information such as subscription details and limited payment information. Payment card details are processed by third-party payment processors; We do not store full card numbers on Our systems.
• Communications You send Us, including emails, support tickets, and survey responses.
• Event Information such as details provided when registering for a webinar or event.

3.2 Information Collected Automatically

When You use the Service, We (and Our Service Providers) may automatically collect:

• Device and Log Data including IP address, device identifiers, device type, operating system, browser type and version, referring URLs, pages viewed, timestamps, and diagnostic data.
• Usage Data including features used, clicks, session duration, and performance metrics.
• Cookies and Similar Technologies as described in Section 5.

3.3 Information From Third Parties

We may receive information from business partners, resellers, single sign-on providers (such as Salesforce or Google), event co-hosts, analytics providers, and publicly available sources, which We may combine with information We already hold about You.

We do not knowingly collect sensitive personal information unless You voluntarily provide it or it is reasonably necessary to provide the Service.

4. How We Use Personal Data

We use Personal Data to:

• provide, operate, maintain, and secure the Service;
• create and manage accounts and authenticate users;
• process transactions, manage subscriptions, and send invoices;
• respond to inquiries and provide customer support;
• send service-related communications, including security, technical, and administrative notices;
• send marketing and promotional communications (where permitted by law) and measure their effectiveness — You can opt out at any time;
• analyze and improve the Service, develop new features, and generate aggregated or de-identified insights;
• detect, investigate, and prevent fraud, abuse, security incidents, and violations of Our agreements;
• comply with legal obligations, respond to lawful requests, and enforce Our rights; and
• facilitate corporate transactions such as mergers, acquisitions, financings, and asset sales.

4.1 Legal Bases (EU/UK/EEA Users)

Where the EU General Data Protection Regulation ("GDPR") or UK GDPR applies, We process Personal Data on the following legal bases:

• Contract — to provide the Service You have requested or take steps at Your request prior to entering into a contract.
• Legitimate Interests — to operate and improve the Service, secure Our systems, understand Our users, and conduct direct marketing, in each case balanced against Your rights and interests.
• Consent — where required (e.g., for certain cookies or marketing). You may withdraw consent at any time.
• Legal Obligation — to comply with applicable law.

5. Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar technologies ("Cookies") to operate the Website and Service, remember Your preferences, analyze usage, and measure marketing performance.

5.1 Categories We Use

• Strictly Necessary — required for core functionality such as page delivery, security, reCAPTCHA anti-abuse protection, and remembering Your consent choice (appc_consent). These cannot be disabled.
• Analytics — help Us understand how the Website is used. We use Google Analytics 4 via Google Tag Manager. Typical cookies include _ga and _ga_<measurement-id> (up to ~2 years).
• Marketing & Attribution — help Us measure which marketing channels drive inquiries. We set a first-party cookie named appc_data (up to 30 days) that stores UTM parameters from the URL (utm_source, utm_medium, utm_campaign, utm_term, utm_content), the external referrer (if any), and the Google Analytics client ID extracted from the _ga cookie. When You submit the contact form, this information is sent to Our servers along with Your inquiry so We can attribute it to the originating campaign.

5.2 Your Choices (Consent Management)

• Visitors in the EU, UK, EEA, and Switzerland: We set a default state of denied for all non-essential Cookies and use Google Consent Mode v2. No analytics or marketing Cookies are written until You click "Accept all" or enable the relevant category in the cookie banner.
• Visitors in other regions (including the United States): Analytics and marketing Cookies are set by default. You may opt out at any time using the cookie banner or the "Cookie Preferences" link in the Website footer. When You opt out, We clear the associated Cookies (including _ga, _ga_*, and appc_data).
• You may also block or delete Cookies through Your browser settings. Blocking strictly necessary Cookies may break parts of the Service.
• We honor the Global Privacy Control ("GPC") signal where legally required.

6. How We Share Personal Data

We share Personal Data only as described below:

• Service Providers. With vendors that perform services on Our behalf (e.g., hosting, analytics, email, customer support, payment processing) under contractual obligations to safeguard Personal Data and use it only for the services they provide to Us.
• Third-Party Platforms. With platforms You choose to integrate with the Service (e.g., Salesforce). Data shared with such platforms is governed by their own privacy policies.
• Business Partners and Resellers. Where You purchase through a reseller or engage with a partner offering, We may share relevant information to fulfill the engagement.
• Legal and Safety. When We reasonably believe disclosure is required by law, subpoena, or legal process; to enforce Our agreements; to protect the rights, property, or safety of AppColab, our users, or others; or to respond to an emergency.
• Corporate Transactions. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to standard confidentiality protections.
• With Your Consent or at Your Direction. In other circumstances where You have consented or directed Us to share.

We do not sell Personal Data for money. We do not "share" Personal Data for cross-context behavioral advertising except to the extent You interact with optional marketing Cookies; where applicable law characterizes our data practices as a "sale" or "sharing," You may opt out as described in Section 9.

7. International Data Transfers

AppColab is based in the United States and may process Personal Data in the United States and other countries that may have data-protection laws different from those in Your country. Where We transfer Personal Data out of the EEA, UK, or Switzerland, We rely on lawful transfer mechanisms, such as the European Commission's Standard Contractual Clauses (and UK International Data Transfer Addendum, where applicable), or other legally approved safeguards. You may request a copy of the applicable safeguards by contacting Us at admin@appcolab.com.

8. Data Retention

We retain Personal Data only as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with legal, tax, and accounting obligations, to resolve disputes, and to enforce Our agreements. Retention periods vary based on the type of data, its sensitivity, and applicable legal requirements. When Personal Data is no longer needed, We securely delete, anonymize, or aggregate it.

9. Your Privacy Rights

Depending on where You reside, You may have the following rights, subject to legal exceptions and verification of Your identity:

• Access — obtain confirmation of whether We process Your Personal Data and a copy of it.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of Your Personal Data.
• Portability — receive Your data in a portable format.
• Restriction / Objection — restrict or object to certain processing, including direct marketing.
• Withdraw Consent — where processing is based on consent.
• Opt Out — opt out of targeted advertising, "sales" or "sharing" (as defined by applicable U.S. state privacy laws), or certain profiling.
• Non-Discrimination — not be discriminated against for exercising Your rights.

9.1 U.S. State Privacy Rights (California, Colorado, Virginia, and Others)

If You are a resident of California, Colorado, Virginia, or another U.S. state with a comprehensive privacy law, You may have the rights described above. To exercise Your rights, contact admin@appcolab.com. We will verify Your request using information reasonably necessary to confirm Your identity. You may designate an authorized agent to act on Your behalf, subject to proof of authorization. If We deny Your request, You may appeal by replying to Our decision; if Your appeal is denied, You may contact Your state attorney general.

California residents have additional rights under the California Consumer Privacy Act, as amended by the CPRA, including rights relating to sensitive personal information. We do not knowingly sell or share the personal information of consumers under 16 years of age.

9.2 EU/UK/EEA Rights

If You are located in the EEA, UK, or Switzerland, You have the rights described above under the GDPR or UK GDPR. You also have the right to lodge a complaint with Your local data protection authority (for UK residents, the Information Commissioner's Office).

To exercise any right, email admin@appcolab.com. We will respond within the time required by applicable law.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the internet or electronic storage is completely secure, and We cannot guarantee absolute security. You are responsible for keeping Your account credentials confidential and promptly notifying Us of any suspected unauthorized access.

11. Children's Privacy

The Service is not directed to children under the age of 16, and We do not knowingly collect Personal Data from children under 16. If We learn that We have collected Personal Data from a child under 16 without appropriate consent, We will delete it. Parents or guardians who believe a child has provided Us with Personal Data may contact Us at admin@appcolab.com.

12. Third-Party Links and Services

The Service may contain links to, or interoperate with, third-party websites, platforms, or services (including Salesforce). This Privacy Policy does not apply to such third parties. We encourage You to review the privacy notices of any third party before providing them with Personal Data.

13. Automated Decision-Making

We do not use Personal Data to make decisions that produce legal or similarly significant effects about You solely through automated means without human involvement.

14. Do Not Track

Some browsers transmit "do not track" signals. Because no common industry standard exists for how to interpret these signals, We do not currently respond to them, but We honor legally required opt-out signals such as Global Privacy Control where applicable.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If We make material changes, We will provide reasonable notice (for example, by posting a notice on the Website or the Service, or by email). The "Last updated" date at the top reflects the most recent changes. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

16. Contact Us

For questions, requests, or concerns about this Privacy Policy or Our privacy practices, please contact:

AppColab LLC
Parker, CO, USA
Email: admin@appcolab.com