Legal

Privacy Policy

Last updated: April 14, 2026

This Privacy Policy describes how Apps34, a company registered in France ("Apps34", "we", "us", or "our"), processes personal data in connection with the redirs service (the "Service"). Apps34 is the data controller for the personal data described below, within the meaning of the EU General Data Protection Regulation (GDPR).

1. Data we collect

We collect the following categories of personal data:

  • Account data — name, email address, and authentication credentials you provide when creating an account.
  • Billing data — company name, billing address, VAT number, and payment identifiers. Full card details are processed by our payment provider (Stripe) and never stored on our servers.
  • Domain configuration — the domains, redirect rules, and API keys you create.
  • Request logs — for each redirect served, we log the timestamp, source hostname, destination URL, HTTP status, IP address, user agent, referrer, and approximate country (derived from IP via MaxMind GeoLite2). These logs power the analytics you see in the dashboard.
  • Technical data — minimal logs from our infrastructure needed to operate the Service securely (e.g. error traces, system metrics).

2. How we use your data

We process personal data for the following purposes and on the following legal bases (GDPR Art. 6):

  • Providing the Service (Art. 6(1)(b), performance of a contract) — authenticating you, serving redirects, showing analytics, issuing TLS certificates, processing payments.
  • Security and abuse prevention (Art. 6(1)(f), legitimate interests) — detecting malicious use, throttling abusive IPs, investigating incidents.
  • Legal compliance (Art. 6(1)(c)) — responding to lawful requests, maintaining accounting records.
  • Service communications (Art. 6(1)(b) / (f)) — transactional emails about your account, billing, or important changes.

We do not sell personal data and we do not use your request logs for advertising.

3. Cookies and similar technologies

The dashboard uses strictly necessary cookies for authentication and session management. The redirect workers themselves do not set tracking cookies on the end users of the domains you redirect. No third-party advertising cookies are used.

4. Sharing with third parties

We share personal data with a limited set of processors who act on our instructions:

  • Stripe — payment processing.
  • Fly.io — edge compute for serving redirects.
  • Let's Encrypt / ZeroSSL — TLS certificate issuance.
  • MaxMind — offline GeoIP database for country-level analytics.
  • Infrastructure and email delivery providers as needed to operate the Service.

We do not transfer personal data outside the European Economic Area except to providers that offer appropriate safeguards (e.g. Standard Contractual Clauses) where required by law.

5. Retention

  • Account and domain configuration: retained while your account is active.
  • Request logs / analytics: retained for up to 13 months, then aggregated or deleted.
  • Billing records: retained for 10 years as required by French accounting law.
  • Backups: retained for a short rolling window and overwritten in the normal course of operations.

When you close your account, personal data is deleted after a reasonable grace period, except where we are required to keep it by law.

6. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, as well as the right to object to certain processing. To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with a supervisory authority, such as the French CNIL (cnil.fr).

7. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), encryption of TLS private keys at rest (AES-256-GCM), access controls, and network isolation. No system is perfectly secure; we will notify affected users of a data breach in accordance with applicable law.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. The "Last updated" date above always reflects the current version.

10. Contact

Apps34, France.
Privacy questions and GDPR requests: [email protected].