Privacy Policy

App Store Metadata API

Privacy Policy

The following privacy policy ("Datenschutzerklärung") applies as of February 11, 2025.

"App Store Metadata API" is a (cloud-)service of kula app GmbH (short kula), FN 584452 p, Taubstummengasse 11, in 1040 Vienna, Austria, with a web client and application interface endpoint (hereinafter referred to as "ASM API") available at https://app-store-metadata-api.kula.app. The purpose of the ASM API is to provide a stable and reliable interface to public metadata about apps in the Apple App Store.

Before detailing our comprehensive privacy policy, here is a legally non-binding summary at your convenience:

We process personal data only on the basis of legal grounds pursuant to Art. 6(1) GDPR and solely to the extent necessary to provide our Service and enhance user experience.
Your data is primarily stored in AWS data centers within the European Union, ensuring compliance with GDPR requirements.
Certain service providers may process data in the United States under the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR.
We employ third-party processors including Sentry for error monitoring, Cloudflare for security, and Stripe for payment processing, all bound by data processing agreements.
We do not sell or commercialize your personal data to third parties.
You may exercise your data subject rights under Art. 15-21 GDPR at any time.

1.
LEGAL BASIS FOR DATA PROCESSING
1. 1.1.
  We process your personal data based on:
  1. a)
    Contract performance (Art. 6(1)(b) GDPR) for service provision
  2. b)
    Legal obligations (Art. 6(1)(c) GDPR) for compliance requirements
  3. c)
    Legitimate interests (Art. 6(1)(f) GDPR) for service improvement and security
  4. d)
    Consent (Art. 6(1)(a) GDPR) where specifically requested
2.
CATEGORIES OF PERSONAL DATA PROCESSED
1. 2.1.
  Account Information
  1. a)
    Email address (required for authentication and communication)
  2. b)
    Password (stored using industry-standard encryption)
  3. c)
    API keys and associated usage metrics
2. 2.2.
  Technical and Usage Data
  1. a)
    API request logs and usage patterns
  2. b)
    Error reports and performance metrics via Sentry
  3. c)
    IP addresses and access timestamps
  4. d)
    Browser and device information for security purposes
  5. e)
    Cookies and similar technologies as detailed in our Cookie Policy
3. 2.3.
  Payment Information
  Payment processing is handled by Stripe. We do not store payment instrument details but retain transaction records for accounting purposes.
4. 2.4.
  Communications and Support
  1. a)
    Emails and customer support inquiries
  2. b)
    Logs of service interactions
3.
PURPOSES OF DATA PROCESSING
1. 3.1.
  We process your data to:
  1. a)
    Provide and maintain our API service pursuant to our contractual obligations
  2. b)
    Monitor and optimize service performance and reliability
  3. c)
    Distribute essential service updates and legally required notifications
  4. d)
    Process payments and manage subscription lifecycle
  5. e)
    Implement technical and organizational security measures
  6. f)
    Comply with legal and regulatory obligations
  7. g)
    Establish, exercise, or defend legal claims
4.
DATA STORAGE AND SECURITY MEASURES
1. 4.1.
  AWS Infrastructure
  Your primary data is stored in AWS data centers located in the European Union, ensuring compliance with EU data protection regulations.
2. 4.2.
  International Data Transfers
  Where our service providers process data outside the EU, such transfers are safeguarded by SCCs and other compliance mechanisms.
3. 4.3.
  Technical and Organizational Measures
  1. a)
    State-of-the-art encryption for data in transit and at rest
  2. b)
    Regular security audits and vulnerability assessments
  3. c)
    Role-based access controls and multi-factor authentication
  4. d)
    Continuous security monitoring and intrusion detection
  5. e)
    DDoS protection and Web Application Firewall via Cloudflare
  6. f)
    Regular staff training on data protection and security
5.
DATA PROCESSORS AND THIRD-PARTY SERVICES
1. 5.1.
  Sentry
  We utilize Sentry for error tracking and performance monitoring under a data processing agreement. Transfers to the US are protected by SCCs.
2. 5.2.
  Cloudflare
  We use Cloudflare for security and content delivery. Traffic data is processed under EU data protection requirements.
3. 5.3.
  Stripe
  Payment processing is conducted by Stripe, adhering to EU data protection standards.
6.
YOUR RIGHTS AS A DATA SUBJECT
1. 6.1.
  Under GDPR, you have the right to:
  1. a)
    Access your personal data (Art. 15 GDPR)
  2. b)
    Rectification of inaccurate data (Art. 16 GDPR)
  3. c)
    Erasure of your data ("right to be forgotten") (Art. 17 GDPR)
  4. d)
    Restriction of processing (Art. 18 GDPR)
  5. e)
    Data portability (Art. 20 GDPR)
  6. f)
    Object to processing (Art. 21 GDPR)
  7. g)
    Withdraw consent at any time (Art. 7(3) GDPR)
  8. h)
    Lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde)
7.
DATA RETENTION PERIODS
We retain personal data only for as long as necessary. Account data is retained while active and for 3 years thereafter. API logs are stored for 12 months, and payment records for 7 years.
8.
LEGAL DISCLOSURES AND LAW ENFORCEMENT REQUESTS
We may disclose personal data as required by Austrian, EU, and international law or law enforcement agencies.
9.
CHILDREN'S DATA
Our services are not intended for children under 16. If we process such data, we will delete it.
10.
AMENDMENTS TO THIS POLICY
We may update this privacy policy as needed. Significant changes will be communicated to users via email or website notice.

For inquiries regarding this privacy policy or to exercise your data subject rights, please contact our data protection coordinator at legal@kula.app.

Product

Overview Features Why this API?Pricing FAQ Documentation

Company

About Contact

Support