Privacy Policy

Last updated: March 5, 2026

1. Introduction

Appfunnel ("we", "us", "our") is a company registered in Denmark. This Privacy Policy explains how we collect, use, store, and share personal data when you use the Appfunnel platform at appfunnel.net and any funnels published through our service (collectively, the "Service").

By using the Service you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Data Controller

Appfunnel is the data controller for data we collect about our account holders (funnel creators). When our customers publish funnels that collect data from their end users, our customers are the data controller for that end-user data and Appfunnel acts as a data processor on their behalf.

Contact: simon@appfunnel.net

3. Data We Collect

3.1 Account Data

When you create an account we collect your first name, last name, and email address. If you sign in with Google or Apple we receive basic profile information from those providers.

3.2 Project & Funnel Data

Content you create in the Service, including funnel pages, components, variables, routes, images, videos, and other uploaded files.

3.3 Payment Data

We do not store full credit card numbers. Payments for the Appfunnel platform are processed by Stripe. We store Stripe customer IDs and subscription status. When you connect a payment provider (Stripe or Paddle) to your project, API keys are stored encrypted at rest.

3.4 Analytics & Session Data (End-User Funnels)

When someone visits a funnel published through Appfunnel, we automatically collect:

  • IP address, browser type, operating system, device type, screen resolution, language, and timezone
  • Country, region, and city (derived from IP)
  • Referrer URL and UTM parameters
  • Page views, click events, and time spent on pages
  • Ad attribution data: Meta (_fbp, _fbc cookies), TikTok (_ttp cookie, ttclid), Google Ads (gclid, wbraid, gbraid)

3.5 End-User Customer Data

When an end user makes a purchase or provides their email through a funnel, we store their email address, payment provider customer ID, subscription status, payment history, and any custom variables collected during the session.

3.6 Cookies

Published funnels use a session cookie (named fs_{slug}, 30-day expiry) to maintain session state. Ad attribution cookies (_fbp, _fbc, _ttp) may be read if present from the respective ad platforms.

4. How We Use Your Data

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Provide analytics and conversion tracking to funnel creators
  • Send transactional emails (account verification, password resets, team invitations)
  • Detect and prevent fraud or abuse
  • Improve the Service

5. Third-Party Services

We share data with the following categories of third-party providers as necessary to operate the Service:

  • Payment processors: Stripe and Paddle — for processing payments and managing subscriptions
  • Email delivery: Resend — for sending transactional emails
  • Hosting & infrastructure: Vercel (application hosting), Cloudflare R2 (file storage), Supabase (database)
  • Analytics: Microsoft Clarity — for understanding product usage on our marketing site

Funnel creators may optionally enable integrations that send end-user data to additional third-party services, including Google Analytics, PostHog, Mixpanel, Customer.io, Meta Ads, TikTok, Google Tag Manager, custom webhooks, and others. These integrations are configured by the funnel creator and are governed by their own privacy policies.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

End-user analytics and session data is retained for as long as the associated project exists.

7. Data Transfers

Appfunnel is based in Denmark (EU). Some of our third-party providers operate outside the EU/EEA. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Danish Data Protection Agency (Datatilsynet)

To exercise any of these rights, contact us at simon@appfunnel.net.

9. Security

We use industry-standard measures to protect your data, including encryption of API keys at rest, HTTPS for all connections, and secure authentication with hashed passwords. However, no method of transmission or storage is 100% secure.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

12. Contact

Appfunnel
Denmark
simon@appfunnel.net