Logo

PRIVACY POLICY

Last Updated: October 6, 2025

Thank you for choosing SCRL. We're Appostrophe AB ("we," "us," or "our"), and we're committed to protecting your personal information and your right to privacy. If you have questions or concerns about this policy or our practices, please contact us at [email protected].

Company Details:

  • Name: Appostrophe AB
  • Organization Number: 559065-5048
  • Address: Stadsgården 6, 116 45 Stockholm, Sweden
  • Email: [email protected]

Data Protection Officer (DPO):

Appostrophe AB is not required to appoint a Data Protection Officer under Article 37 of the GDPR, as our core activities do not involve large-scale monitoring of individuals or processing of sensitive data. For all privacy-related inquiries, please contact us at [email protected].

When you use our mobile applications (iOS and Android) and web application, you trust us with your personal information. We take your privacy seriously. This privacy policy explains what information we collect, how we use it, and what rights you have.

This policy applies to all information collected through our Services. Please read it carefully. If you don't agree with this policy, please discontinue use of SCRL.

This policy complies with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. WHAT INFORMATION DO WE COLLECT?

In Short: We collect information you provide to us, information collected automatically when you use SCRL, and information from third parties.

Information You Provide

Account Information:

  • Email address
  • One-time password (OTP) codes sent via email
  • Display name (optional)

Your Content:

  • Images and photos you upload
  • Carousels and templates you create
  • AI prompts you enter
  • Templates you share publicly

Communications:

  • Support messages and feedback
  • Survey responses

Payment Information:

  • Processed by Apple App Store, Google Play, or Paddle
  • We receive subscription status and transaction details
  • We don't see your full payment card details

Information Collected Automatically

In Short: Some information (such as IP address and device characteristics) is collected automatically when you use SCRL.

We automatically collect certain information when you use SCRL:

Device Information:

  • Device type, model, and manufacturer
  • Operating system and version
  • Device identifiers
  • IP address
  • Language preferences

Usage Information:

  • Features you use
  • Time spent in the app
  • Actions you take
  • Crash reports and error logs

Location Information:

  • General location (country, region) from IP address
  • We don't collect precise GPS location

Platform-Specific Information:

  • iOS: Apple ID (subscriptions), IDFA (with ATT consent), push tokens
  • Android: Google Advertising ID (with consent), push tokens
  • Web: Browser type, cookies

Advertising Data: When you interact with our ads or install SCRL from an ad:

  • Click IDs and campaign identifiers
  • Conversion events (install, trial, subscription)
  • Attribution data
  • Device identifiers (IDFA/GAID with consent)

2. HOW DO WE USE YOUR INFORMATION?

In Short: We use your information to provide the Service, improve it, keep it secure, communicate with you, and measure our advertising (with your consent where required).

We use your personal information for the following purposes based on these legal bases under GDPR:

To Provide and Manage the Service (Legal Basis: Contract - Article 6(1)(b))

  • Create and manage your account
  • Enable carousel creation and editing
  • Process your subscription
  • Provide customer support
  • Deliver app features

Data used: Email, content, device info, usage data, payment status
Retention: 3 years from last use

To Improve the Service (Legal Basis: Legitimate Interest - Article 6(1)(f))

  • Understand how people use SCRL
  • Fix bugs and technical issues
  • Develop new features
  • Analyze usage trends
  • Optimize performance

Data used: Usage data, device info, crash reports (anonymized where possible)
Retention: 3 years, then deleted or anonymized
Your rights: You can object to this processing

To Keep the Service Safe (Legal Basis: Legitimate Interest - Article 6(1)(f))

  • Detect and prevent fraud
  • Protect against security threats
  • Enforce our Terms of Service

Data used: Device info, IP addresses, usage patterns
Retention: Up to 5 years for security records

With Your Consent (Legal Basis: Consent - Article 6(1)(a))

We only do these with your explicit consent:

Marketing Communications:

  • Send you emails about new features and offers
  • You can unsubscribe anytime

Personalized Advertising:

  • Show you relevant ads
  • Measure ad effectiveness
  • You can opt out in Settings

Advertising Campaign Measurement:

  • Measure which ads lead to app installs and trials
  • Share conversion data with ad platforms (TikTok, Meta, Google, Apple Search Ads)
  • Optimize our advertising spend
  • You can opt out via iOS ATT or Android/Web settings

AI Feature Improvement:

  • Use your prompts to improve AI (opt-in only)
  • Completely optional

Retention: Until you withdraw consent or 2 years after last interaction
You can withdraw consent anytime in Settings or by contacting us

AI Prompts

When you use AI features, we log your prompts for analytics and improvements. Prompts are associated with a non-identifiable installation ID. Your prompts are NOT used to train our AI unless you explicitly opt in.

Retention: 3 years for analytics

To Comply with Laws (Legal Basis: Legal Obligation - Article 6(1)(c))

  • Tax and accounting requirements
  • Respond to legal requests
  • Comply with court orders

Data used: Whatever is required by law
Retention: As required (typically 7 years for financial records)

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We only share information with your consent, to comply with laws, to provide you with services, or to protect our rights.

We don't sell your personal information. We share data only when necessary:

Service Providers

We share data with trusted third parties who process it on our behalf:

  • Cloud hosting (AWS, Google Cloud)
  • Analytics (Firebase Analytics)
  • Payment processing (Apple, Google, Paddle)
  • Customer support tools
  • AI services (process images temporarily, not retained)

All service providers are contractually obligated to protect your data and comply with GDPR.

Advertising Platforms

We work with advertising platforms to measure campaign effectiveness:

  • TikTok Ads
  • Meta/Facebook Ads
  • Google Ads
  • Apple Search Ads

What we share: Conversion events (install, trial, subscription), click IDs, device identifiers (with your consent), approximate location

Purpose: Understand which advertising campaigns are effective

When You Share Publicly

Template Sharing:

  • When you share a template publicly, anyone with the link can view it
  • It may appear in SCRL's template library
  • You can delete it anytime
  • You're responsible for ensuring you have rights to share content

Legal Requirements

We may share your data to:

  • Comply with laws or court orders
  • Respond to government requests
  • Protect our rights or safety
  • Prevent fraud

Business Transfers

If Appostrophe is acquired or merged, your data may be transferred to the new owner. We'll notify you before this happens.

International Transfers

Some service providers are outside the EU. We use Standard Contractual Clauses (SCCs) approved by the EU to ensure adequate protection.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use cookies and similar technologies to make SCRL work and understand how you use it.

Types of Tracking Technologies

Essential (No Consent Needed):

  • Keep you logged in
  • Remember settings
  • Provide security
  • Enable basic features

Analytics:

  • Understand app usage
  • Measure performance
  • Identify bugs
  • Used with consent or legitimate interest

Advertising (Consent Required):

  • Show relevant ads
  • Measure ad effectiveness
  • Track conversions
  • Only active if you consent

Tracking Technologies We Use

| Service | Purpose | Privacy Policy | | ------------------------ | ------------------- | ------------------------------------------------------- | | Firebase Analytics | Usage analytics | Link | | Firebase Crashlytics | Crash reporting | Link | | TikTok Ads | Ad measurement | Link | | Meta Pixel | Ad measurement | Link | | Google Ads | Ad measurement | Link | | Apple Search Ads | Ad measurement | Link |

Managing Tracking

iOS:

  • Settings > Privacy & Security > Tracking
  • Or manage per-app

Android:

  • Settings > Privacy > Ads
  • Toggle "Opt out of Ads Personalization"

Web:

  • Use our cookie banner
  • Or adjust browser settings

In-App:

  • Settings > Privacy to manage preferences

5. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information only as long as necessary, then delete or anonymize it.

| Data Type | Retention Period | | ---------------------- | ---------------------------------- | | Account data | 3 years after last use | | Content you create | Until you delete it + 30 days | | Backups | Up to 90 days | | Usage analytics | 3 years | | Marketing data | Until opt-out + 2 years | | Payment records | 7 years (legal requirement) | | Support tickets | 3 years | | Public templates | Until you delete them |

When retention periods expire, data is permanently deleted or anonymized.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We protect your information through technical and organizational security measures.

We implement appropriate security measures:

Technical:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication
  • Regular security testing
  • Firewalls and monitoring

Organizational:

  • Access controls
  • Employee training
  • Confidentiality agreements
  • Incident response procedures

However, no system is 100% secure. You should:

  • Use a strong password
  • Keep your device updated
  • Use secure connections
  • Report suspicious activity

7. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We don't knowingly collect data from anyone under 16 years of age.

SCRL is not intended for children under 16. We don't knowingly collect data from children. If we learn we've collected data from someone under 16, we'll delete it promptly.

If you're under 16, don't use SCRL. Parents: if you believe your child has provided us with data, contact us at [email protected].

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In regions like the EU, you have rights that give you greater access to and control over your personal information.

Under GDPR, you have the following rights:

Right to Access: Get a copy of your data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Restriction: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to certain types of processing
Right to Withdraw Consent: Take back consent anytime
Right to Complain: File a complaint with a supervisory authority

How to Exercise Your Rights

Email us: [email protected]
Include: Your name, email, which right you want to exercise
Response time: Within 1 month
It's free unless your request is excessive

To Access or Delete Your Data

To Complain

Swedish Authority:

You can also contact the authority in your EU country.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

We don't currently respond to Do-Not-Track (DNT) browser signals. No uniform standard for DNT has been finalized. If a standard is adopted that we must follow, we'll inform you in an updated policy.

10. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, California residents have specific rights under CCPA.

If you're a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what data is collected
  • Right to know if data is sold or disclosed
  • Right to opt-out of sale (we don't sell data)
  • Right to deletion
  • Right to non-discrimination

To exercise CCPA rights: Email [email protected] with "California Privacy Rights"

11. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we'll update this policy as necessary to stay compliant with laws.

We may update this policy from time to time. Changes will be indicated by an updated "Last Updated" date.

For material changes, we'll notify you by:

  • Email
  • In-app notification
  • Prominent notice

Your continued use of SCRL after changes means you accept the updated policy. We encourage you to review this policy periodically.

12. CONSENT TO SHARE CONSUMPTION DATA WITH APPLE

By using our iOS app and making in-app purchases, you consent to our sharing data about your usage and consumption with Apple to help resolve refund requests. This includes details about how you've accessed and interacted with purchased content. We share this data only as necessary and in compliance with Apple's policies.

13. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this policy, you may contact us:

Email: [email protected]

Postal Address:
Appostrophe AB
Attn: Privacy / Data Protection
Stadsgården 6
116 45 Stockholm
Sweden

Response Time: Within 5 business days for general inquiries, 1 month for data rights requests

Thank you for trusting SCRL with your data.

Document Version: 2.0
Effective Date: October 6, 2025
Complies with: GDPR, Swedish Data Protection Act, ePrivacy Directive