Privacy and GDPR
Appice is a data processor: customers are the data controller and decide what personal data flows through Appice and why. Our job is to process that data securely, only on the customer's instruction, and to give end-users the rights GDPR and India's DPDP Act 2023 require.
Roles under GDPR
| Party | GDPR role | What they decide |
|---|---|---|
| Appice customer (the bank, telco, etc.) | Controller | What personal data is collected, why, and how long it's kept |
| Appice | Processor | Processes data on the controller's documented instruction (Art. 28) |
| Sub-processors (cloud, email, SMS providers) | Sub-processors | Process on Appice's instruction; listed publicly on the sub-processors page |
What personal data Appice processes
The customer determines what flows in, but in practice it's typically:
- Identifiers. Customer-provided IDs (account ID, customer ID), email, phone, device tokens. Email and phone are encrypted at rest with per-tenant keys.
- Behavioural events. App and web events the customer chooses to send (page views, screen views, custom events). Event payloads are customer-defined.
- Device and context. Device model, OS version, app version, IP address (truncated for analytics), locale, timezone.
- Computed attributes. Segments, scores, predicted next-best-actions derived from behavioural events.
- HashID. Appice's anonymous cross-property identifier — SHA-256 of customer-provided ID + per-tenant salt. Cannot be reversed to the original ID without the salt.
What we never process
- Cardholder data, CVV, full account numbers — Appice is not a payments processor and does not accept this data.
- Government-issued ID numbers (Aadhaar, SSN, passport) — out of scope.
- Biometric data — Appice does not collect or process biometric identifiers.
- Health information — only processed for healthcare customers under a signed BAA, with PHI segregated.
Data subject rights
Under GDPR, India DPDP, and equivalent regimes, end-users have the right to access, correct, delete, restrict processing, object to processing, and port their data. Appice provides APIs the customer (the controller) uses to fulfil these requests:
| Right | Endpoint | SLA |
|---|---|---|
| Right to access (Art. 15) | GET /v1/users/{id}/export | Returns JSON within 24 hours |
| Right to erasure (Art. 17) | DELETE /v1/users/{id} | Hard-deleted within 30 days; backup expiry within 35 days |
| Right to rectification (Art. 16) | PATCH /v1/users/{id} | Real-time |
| Right to restrict (Art. 18) | POST /v1/users/{id}/suppress | Suppression flag honoured by all downstream channels |
| Right to portability (Art. 20) | GET /v1/users/{id}/export?format=ndjson | Machine-readable export |
Detailed reference: dev.appice.ai/api/reference.html. End-users contacting Appice directly are routed to the controller (the customer).
Retention
| Data type | Default retention | Customer override |
|---|---|---|
| Behavioural events (raw) | 13 months | 1 month – 36 months |
| Aggregated analytics | 36 months | Same |
| Profile attributes | While account is active + 90 days post-termination | Hard 30-day deletion on termination available |
| Audit logs | 12 months | Up to 7 years for regulated industries |
| Backups | 35 days rolling | — |
Retention is configured per-workspace in the admin console.
International transfers
Customer data is stored in the region the customer selects (India, GCC, or EU) and does not leave that region for primary processing or backups. See Data Residency for the full map.
Where transfers between regions are necessary (for example, customer support), they happen under EU Standard Contractual Clauses (SCCs 2021/914). Sub-processor transfers are listed on the sub-processors page.
Consent and lawful basis
Lawful basis is set by the controller (the customer). Appice supports three primary models:
- Consent. Customer collects opt-in via their own consent management platform; Appice respects the consent state through the SDK's
setConsent()API. - Legitimate interest. For analytics on existing customer relationships; the controller documents the balancing test.
- Contract necessity. For service delivery (e.g., transactional notifications).
DPA
A Data Processing Addendum (DPA) is available to all customers and includes Standard Contractual Clauses where required. Download the standard DPA template at appice.ai/dpa.html or request a counter-signed copy from your account team.
Privacy questions? Email our DPO at dpo@appice.ai. For end-user requests, we route to the customer who controls the data.