appfero

Privacy Policy

Last updated: 13 May 2026 Effective as of: 13 May 2026

This Privacy Policy explains how Appfero processes personal data in connection with Appfero's YouTrack apps, licensing and subscription services, product documentation, checkout pages, and support services.

1. Controller

Controller:
Michał Sztuka (Appfero)
ul. Nadwarciańska 50, 98-324 Toporów, Poland
VAT ID (NIP): PL8322083763
Contact: support@appfero.com

JetBrains and Paddle are independent controllers for their own services. Their processing is governed by their own privacy notices and terms.

2. Short Version

  • Appfero apps primarily run inside your YouTrack environment.
  • Appfero apps do not send your general YouTrack issue database, project database, saved views, votes, reports, or app settings to Appfero.
  • Appfero processes limited account, instance, licensing, subscription, support, and security metadata needed to provide and protect the services.
  • Customer Satisfaction (CSAT) can process a survey rating and optional comment through Appfero so the response can be delivered back into your YouTrack instance.
  • Appfero receives billing and subscription data from Paddle for payment, tax, invoice, refund, subscription, and license-management purposes.
  • Appfero does not sell personal data and does not use cross-context behavioral advertising.

3. Appfero Apps Covered

This Policy applies to Appfero's YouTrack apps, including:

  • Planning Poker Estimation
  • Custom Ticket Views
  • Time in Status
  • Customer Satisfaction (CSAT)
  • Advanced Linked Issues & Traceability
  • any other Appfero YouTrack app or service that links to this Policy

4. Data Processing Roles

For account, licensing, billing, website, security, support, and business records, Appfero generally acts as an independent controller.

For customer-controlled content that Appfero processes only to provide a requested app function or support service, such as CSAT feedback delivery or diagnostics shared by a customer, the customer organization may be the controller and Appfero may act as a processor to the extent required by applicable data protection law. Where a separate data processing agreement is required or agreed, it will apply in addition to this Policy.

5. Data We Process and Why

5.1 Website, Documentation, and Support

When you visit Appfero websites or documentation, hosting providers may process standard technical data such as IP address, user agent, requested URL, referring URL, timestamps, and error logs.

If you contact Appfero, we process the information you provide, such as name, email address, organization, YouTrack instance URL if shared, support-form content, diagnostic details, screenshots, logs, attachments, and correspondence history.

5.2 YouTrack Instance, Licensing, and Service Data

When an Appfero app uses Appfero licensing, subscription, trial, support, release, or security services, Appfero may process limited service metadata, such as:

  • product code and app version;
  • YouTrack instance URL, deployment type, and version;
  • customer or license account identifiers provided by YouTrack, JetBrains, Paddle, or the customer;
  • plan, trial, license, subscription, quantity, renewal, and entitlement information;
  • relevant YouTrack capacity information, such as user, agent, seat, or similar counts where needed for plan eligibility or license enforcement;
  • service request, security, and application log data needed to operate, secure, debug, and audit the service.

Appfero uses this data to provide licenses and trials, manage subscriptions, apply plan limits, prevent abuse and duplicate trial use, maintain security, troubleshoot issues, and understand product adoption at the customer or instance level.

5.3 Payments and Subscriptions

For purchases processed by Paddle, Appfero may receive customer, order, transaction, subscription, product, plan, quantity, price, billing-cycle, tax/VAT, invoice, refund, and purchaser contact information.

Appfero does not receive or store full payment card numbers. Paddle processes payment credentials directly.

5.4 Customer Satisfaction (CSAT) Feedback Data

If you use Customer Satisfaction (CSAT), survey recipients may submit a rating and optional comment through Appfero so the response can be delivered back to the customer's YouTrack instance. Appfero may also process delivery, routing, status, and timestamp metadata needed to provide that feature.

Appfero uses CSAT feedback data to receive the survey response, deliver it into the customer's YouTrack instance, prevent duplicate delivery, troubleshoot delivery issues, protect service integrity, and handle legal claims. Appfero minimizes or deletes CSAT comments from Appfero-hosted systems after delivery where reasonably practical.

6. Data We Do Not Intentionally Collect

During normal app operation, Appfero does not collect:

  • your full YouTrack issue database;
  • full project content;
  • issue descriptions or comments;
  • planning poker votes or session content on Appfero servers;
  • Time in Status reports on Appfero servers;
  • Custom Ticket Views saved-view content on Appfero servers;
  • Linked Issues report contents on Appfero servers;
  • payment card numbers;
  • advertising identifiers.

Some app features read or display YouTrack issue data locally inside your YouTrack environment through YouTrack APIs. That does not mean the data is sent to Appfero.

Planning Poker may send aggregate subscription-usage counts to Appfero, but not the underlying vote values, issue identifiers, session names, or backlog content.

If you contact support, you choose what diagnostic information, screenshots, logs, or other content to share with Appfero.

7. Legal Bases

For GDPR and UK GDPR purposes, Appfero relies on the following legal bases:

  • Contract performance: providing apps, licensing, subscriptions, trials, support, checkout-related service access, and requested features.
  • Legitimate interests: service security, abuse prevention, fraud prevention, debugging, product reliability, product analytics, business communications, and improving the Services.
  • Legal obligation: tax, accounting, compliance, consumer-law, and regulatory obligations.
  • Consent: where required for optional communications, non-essential cookies, or processing that legally requires consent.

8. Sharing and Subprocessors

Appfero shares data only as needed to provide, secure, support, and improve the Services, comply with law, or protect rights. Current categories of recipients and subprocessors include:

  • Payments and merchant of record: Paddle.com Market Limited.
  • Distribution platform: JetBrains Marketplace and JetBrains services, where you use marketplace distribution or JetBrains-managed services.
  • Hosting and edge delivery: Vercel.
  • Database hosting: Neon Postgres.
  • Application logging and monitoring: Better Stack / Logtail.
  • Email hosting and support communications: Zoho Mail or equivalent email provider.
  • Legal, accounting, tax, security, and professional advisers: where necessary.
  • Authorities or courts: where required by law or lawful request.

Appfero does not sell or rent personal data.

9. International Transfers

Appfero is based in Poland. Some subprocessors may process data outside the EEA or the UK. Where required, Appfero relies on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, data processing agreements, and supplementary measures.

10. Retention

Appfero keeps personal data only for as long as needed for the purposes described in this Policy, unless a longer period is required or permitted by law.

Typical retention periods:

  • Tax, accounting, order, invoice, and payment records: for the legally required accounting and tax retention period, generally 5 tax years counted from the end of the calendar year in which the obligation arose under Polish law.
  • Customer, license, trial, subscription, and entitlement records: for the life of the customer relationship and a reasonable period afterward for audit, fraud prevention, abuse prevention, support, security, and legal claims.
  • Security and application records: for the period needed to maintain service integrity, investigate abuse, troubleshoot issues, and preserve auditability.
  • CSAT feedback comments: until delivery to the customer's YouTrack instance is completed or no longer reasonably needed for delivery, troubleshooting, support, or legal claims.
  • CSAT rating and delivery metadata: for the period needed for delivery status, deduplication, troubleshooting, aggregate reporting, and legal claims.
  • Support correspondence: normally up to 24 months after the last interaction, unless needed longer for legal claims, security, accounting, or ongoing customer relationship management.
  • Application logs: normally short-term operational retention, unless logs are needed longer for security, abuse investigation, debugging, or legal claims.

11. Security and Cookies

Appfero uses technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege access, secret management, security logging, and provider security controls.

No method of transmission or storage is completely secure. You are responsible for your YouTrack permissions, user management, app configuration, endpoint exposure, network controls, and internal data handling.

Appfero does not use advertising cookies or marketing trackers on the Appfero legal pages by default. Strictly necessary cookies or storage may be used for security, routing, checkout, or essential site functionality.

12. Your Rights

Subject to applicable law, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • delete data;
  • restrict processing;
  • object to processing based on legitimate interests;
  • receive data portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

To exercise rights, email support@appfero.com. Appfero may need to verify your identity and may direct you to Paddle, JetBrains, or your organization where they control the relevant data.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).

13. California and Similar US Privacy Rights

Where applicable, Appfero does not sell personal data and does not share personal data for cross-context behavioral advertising. Appfero does not knowingly use sensitive personal information to infer characteristics for advertising purposes.

If US state privacy rights apply to you, you may request access, correction, deletion, or information about applicable data categories by emailing support@appfero.com.

14. Changes to This Policy

Appfero may update this Policy from time to time. Material changes will be posted with a new effective date and, where reasonably practical, notice to administrative or billing contacts.

15. Contact

Privacy and support contact: support@appfero.com
Mailing address: Michał Sztuka (Appfero), ul. Nadwarciańska 50, 98-324 Toporów, Poland