Verified Metrics
Back to Home

Privacy Policy

Last updated: January 5, 2025

Protecting your personal data is important to us. This privacy policy informs you about how we collect, process, and protect your data.

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Christopher Geyer

appding.de

Am Schneckenbichel 3, 87616 Marktoberdorf, Germany

christopher.geyer@appding.de

+49 171 311 46 23

2. Data Minimization Principle

We follow the principle of data minimization according to Art. 5(1)(c) GDPR:

  • We only collect data necessary for displaying metrics
  • We do not store user-sensitive data such as customer emails, payment details, or personal customer data
  • From payment platforms, we only retrieve aggregated metrics (customer count, MRR, subscriptions)
  • Raw data from API responses is not stored - only calculated metrics
  • Minimal data footprint: Only what is necessary for our service

What we do NOT store:

  • βœ•Individual customer email addresses
  • βœ•Payment details (credit cards, IBAN)
  • βœ•Personal customer data (names, addresses of your customers)
  • βœ•Individual transaction details
  • βœ•Raw payment platform API responses

3. Data Processing

3.1 Business Profiles

When you register with Verified Metrics, we collect the following data:

  • Business name
  • Website URL
  • Email address
  • Logo (optional)
  • Description (optional)
  • Social media links (optional)

Legal basis: Art. 6(1)(b) GDPR (Contract performance)

Retention period: Until deletion by you

3.2 Session Data

For authentication, we temporarily store:

  • Session ID (HTTP-only cookie)
  • IP address
  • User agent

Legal basis: Art. 6(1)(f) GDPR (Legitimate interest in security)

Retention period: 24 hours

3.3 Metrics Data

From your payment platform, we retrieve the following aggregated data:

  • Total number of customers
  • Number of active subscriptions
  • Monthly Recurring Revenue (MRR)
  • Country distribution (aggregated)
  • Average subscription duration

Legal basis: Art. 6(1)(b) GDPR

Retention period: 5 years (for historical analysis)

3.4 Payment Data

Payments for PRO and WHITELABEL plans are processed via Stripe. We store:

  • Stripe Customer ID
  • Subscription status
  • Plan type

Legal basis: Art. 6(1)(b) GDPR

4. API Keys & Encryption

Your API keys are stored encrypted with AES-256-GCM. Decryption only occurs for fetching metrics. Keys are never stored or transmitted in plain text.

5. Third-Party Services

To provide our service, we use the following third-party providers:

ProviderPurposeLocationPrivacy
SupabaseDatabase hosting (PostgreSQL)USAhttps://supabase.com/privacy
StripePayment processingUSAhttps://stripe.com/privacy
VercelHosting & CDNUSAhttps://vercel.com/legal/privacy-policy

Payment Platforms

For metric retrieval: Stripe, LemonSqueezy, Polar, Paddle, Chargebee, DodoPayment

Data Transfer to the USA

For US providers, data transfer is based on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).

6. Data Security

  • API key encryption with AES-256-GCM
  • HTTP-only, Secure, SameSite=Strict cookies
  • Rate limiting for authentication attempts
  • Regular security updates

7. Cookies and Tracking

We use the following cookies:

Session Cookie

Purpose:Authentication (functional)Duration:24 hoursType:HTTP-only, Secure, SameSite=Strict

Cookie Consent

Purpose:Stores your cookie preferencesDuration:1 yearType:localStorage

Analytics Cookies (consent required)

With your explicit consent, we use the following tools:

  • β€’Vercel Analytics for usage analysis (page views, referrer, country, device type) - data deleted after 24h
  • β€’Vercel Speed Insights for performance monitoring (fully anonymous, no consent required)
  • β€’Google Tag Manager for tag management

Withdrawing Consent

You can withdraw your consent at any time by clicking "Cookie Settings".

Global Privacy Control (GPC)

We respect the Global Privacy Control signal. When GPC is enabled, analytics cookies are automatically disabled.

For California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA).

Categories of Personal Information Collected

  • Identifiers (IP address, device ID)
  • Internet activity (pages visited)
  • Geolocation (country only)

Your CCPA Rights

  • Right to know about collected data
  • Right to delete your data
  • Right to opt-out of sale of personal information
  • Right to non-discrimination

We do not sell your personal information. To opt-out of analytics tracking, use the Cookie Settings.

We honor the Global Privacy Control (GPC) signal.

8. Your Rights

You have the following rights regarding your personal data:

Right of Access

Art. 15 GDPR - You can request information about your stored data.

Right to Rectification

Art. 16 GDPR - You can correct your data yourself in the edit dashboard.

Right to Erasure

Art. 17 GDPR - You can delete your business profile at any time via settings.

Data Portability

Art. 20 GDPR - Contact us via email for a data export.

Right to Object

Art. 21 GDPR - You can object to the processing of your data.

Right to Complain

You have the right to lodge a complaint with the competent data protection supervisory authority.

9. Contact

For questions about data protection, please contact:

Christopher Geyer

christopher.geyer@appding.de