Privacy Policy

At Setapp Ltd. (“Setapp”, “Company”, “we,” “us,” and “our”), we care about the privacy of your data and are committed to protecting it. This Privacy Policy (the “Policy”) explains what information we collect about you and why, what we do with that information, and how we handle that information. We also explain what choices you have with respect to the information.

This Privacy Policy applies to:

• Setapp, a subscription-based service, including the associated Setapp desktop applications (collectively, the “Services”)
• Setapp.com and other Setapp websites (collectively, the “Sites”)
• Any software or applications made available on the Sites and as a part of Services ("Developer Content") from a third-party app developer or distributor ("App Developer") provided, however, that there may be additional privacy statements applicable to Developer Content that govern the App Developer’s use of your personal data. You should review such additional privacy statements before using any Developer Content
• Other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Setapp.

If you do not agree with the terms set out in this Policy, do not access or use the Services, Sites or any other aspect of Setapp’s business.

This Policy applies to the Company’s employees, contractors, and officers.

The Company has a contract with all Data Processors that it uses in compliance with Article 28 & Article 29 of the GDPR and ensures that all Data Processors are compliant with the applicable data protection legislation.

The Policy does not apply to third-party services. Where third-party services are used, and the third party is not a Data Processor, no Relevant Data (as defined below) is shared with them, or the Relevant Data has been anonymised. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

In addition, a separate agreement governs delivery, access and use of the Services (the “Terms of service”),

This Policy applies to Relevant Data received and processed only.

Capitalised terms used in this Policy and not otherwise defined shall have the meanings provided below:

Relevant Data – Personal Data and Special Categories of Data and as defined in the applicable data protection legislation.

Personal Data – any information relating to an identified or identifiable natural person.

Special Categories of Data – Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation.

Payments information provided by you via the Sites will be stored and processed by third-party payment service providers as designated by us from time to time. We will collect certain information on the Sites required for such third-party payment services providers to process payments, including credit/debit card numbers, security numbers and other related payment information. All such information is subject to the privacy policy of such third-party payment service provider as applicable.

Setapp also collects, generates and/or receives Other Information:

Usage Information
Certain data about the devices you use to connect with Setapp and your use of the Sites, Services, and/or Developer Content are automatically logged in our systems, including:

• Location information. This is the geographic area where you use your computer and mobile devices (as indicated by an Internet Protocol [IP] address or similar identifier) when interacting with our Site and/or Services.
• Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect data when you access or use our Sites, Services and/or Developer Content and record it in log files. This log data may include the IP address, browser type and settings, the date and time of use, information about browser configuration, language preferences, and cookie data.
• Services and Sites Specific Data. This is information about the Setapp Sites, Services and/or Developer Content you use and how you use them. We may also obtain data from our third-party partners and service providers to analyse how users use our Sites, Services, and/or Developer Content. For example, we will know how many users access a specific page on the Site and which links they clicked on. We use this aggregated information to better understand and optimise the Site.
• Device information. These are data from your computer or mobile device, such as the type of hardware and software you are using (for example, your operating system and browser type), as well as unique device identifiers for devices that are using Setapp Sites, Services and/or Developer Content.

Cookies
Setapp uses cookies and similar technologies in our Sites and Services that help us collect Other Information. The Sites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Sites and Services and across other websites and online services. For more details about how we use these technologies, please see our Cookie Policy.

Third-Party Data
Setapp may receive data about Sites visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.

Additional Information Provided to Setapp
We receive Other Information submitted to our Sites by you or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Setapp.

Setapp does not knowingly collect personal information from children under the age of 13. If we determine we have collected personal information from a child younger than 13 years of age, we will take reasonable measures to remove that information from our systems. If you are under the age of 13, please do not submit any personal information through the Site and/or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and help enforce this Policy by instructing their children never to provide personal information through the Sites, Services and/or Developer Content without their permission.

We use, process, and store your information as necessary to perform our contract with you and for our legitimate business interests, in operating our Services, Sites, and business, including:

• to help us administer our Sites, Services, and/or Developer Content, authenticate users for security purposes, provide personalised user features and access, process transactions, conduct research, develop new features, and improve the features, algorithms, and usability of our Sites, Services and/or Developer Content;
• as required by applicable law, legal process or regulation;
• to calculate aggregate statistics on the number of unique devices using our Site and/or Services;
• to send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and/or Developer Content, our Services and/or Developer Content offerings, and important Services and/or Developer Content-related notices, such as security and fraud notices. These communications are considered part of the Setapp product, and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Setapp. We will only send you marketing information if you give your respective consent to us;
• for billing, account management and other administrative matters. Setapp may need to contact you for invoicing, account management and similar reasons, and we use account data to administer accounts and keep track of billing and payments;
• to investigate and help prevent security issues, fraud and abuse.

If information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Setapp may use it for any business purpose.

We only disclose Personal Data to third parties when:

• It is necessary to deliver you our Services and we use service providers who assist us in meeting these needs, including hosting, delivering, and improving our Services. We also use service providers for specific services and functions, including email communication, customer support services. These service providers may only access, process, or store Personal Data pursuant to our instructions, under appropriate safeguards and to perform their duties to us.
• We have your explicit consent to share your Personal Data if required. For example, you can log in to our App Developers’ websites with your Setapp account. App Developers will receive your personal data only when you have consented to sharing your personal data with them, i.e., authorise them to access your data at Setapp.
• We believe it is necessary to investigate potential violations of the Terms of service, to enforce those Terms of service, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats against persons, property, or the systems on which we operate our Sites, Services and/or Developer Content.
• We determine that the access, preservation, or disclosure of your Personal Data is required by law to protect the rights, property, or personal safety of Setapp and users of our Site and/or Services, or to respond to lawful requests by public authorities, including national security or law enforcement requests.
• We need to do so in connection with a merger, acquisition, bankruptcy, reorganisation, sale of some or all of our assets or stock, public offering of securities, or steps in consideration of such activities (e.g., due diligence). In these cases, some or all of your Personal Data may be shared with or transferred to another entity, subject to this Policy.
• We also may disclose non-Personal Data publicly and to third parties – for example, in public reports about word usage, to partners under agreement with us, or as part of progress reports that we may provide to users.

Setapp does not share your Personal Data with third parties for the purpose of enabling them to deliver their advertisements to you.

Setapp does not sell or rent your Personal Data.

Our Site may contain links to and from the websites that belong to third parties. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy statements or policies and that we do not accept any responsibility or liability for these statements or policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.

Our Sites may also use or offer Services or services from third parties (including Developer Content). Information collected by third parties, which may include such things as location data or contact details, is governed by the applicable privacy policies provided. We encourage you to read the privacy policies of all such third parties and App Developers.

We may transfer your Personal Data to a country outside of the European Economic Area (EEA). In order to be consistent with the GDPR requirements and protect your data in the most secure way, we provide the following safeguards if we transfer Personal Data originating from the EEA to other countries:

Information submitted to Setapp may also be transferred to, processed, and stored in the United States, and/or Ukraine. When you use the Services on your computing device, the user content you save will be stored locally on that device and synced with our servers. If you post or transfer any information to or through our Site and/or Services, you agree to such information, including Personal Data and user content, being hosted and accessed in the United States and/or Ukraine.

You can remove your Personal Data from Setapp at any time by emailing us with the respective request: [email protected]. However, we may keep some of your Personal Data for as long as reasonably necessary for our legitimate business interests, including fraud detection and prevention and to comply with our legal obligations, including tax, legal reporting, and auditing obligations.

When you give us personal information, we take steps to ensure that it’s treated securely.

Non-sensitive details (your email address etc.) are normally sent over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.

Once we receive your data, we protect it on our servers using a combination of technical, physical, and logical security safeguards. The security of the data stored locally in any of our Services installed on your computing device requires that you make use of the security features of your device. We recommend that you take the appropriate steps to secure all computing devices that you use in connection with our Site and Services.

The Company takes the security of your data very seriously and works to protect your data from loss, misuse and unauthorised access or disclosure.

All staff and officers who handle Relevant Data are aware of this Policy and have been given training in how to correctly collect, process, store and delete data. The Company holds a log of when staff training was undertaken and updates it on an annual basis.

All breaches will be reported to the relevant supervisory authority within 72 hours, unless the data was anonymised or encrypted or if it has a particularly high risk.

Breaches of this Policy by staff, contractors, officers of the Company will be dealt with under the Company’s grievance and disciplinary policy and may lead to a disciplinary sanction.

If Setapp learns of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on the Site. Depending on where you live, you may have a legal right to receive such notices in writing.

Setapp uses, processes, and stores Personal Data, as necessary to perform our contract with you and based on our legitimate interests in order to provide the Services. We rely on your consent to process Personal Data to send promotional emails and to place cookies on your devices. In some cases, Setapp may process Personal Data pursuant to legal obligation or to protect your vital interests or those of another person.

You have certain rights in respect to your Personal Data, including the right to access, correct, or delete Personal Data we process through your use of the Sites and/or Services. In particular, you can:

• Have your Personal Data corrected or deleted. You may ask us to correct information you think is inaccurate or completely delete all information that we hold about you by emailing: [email protected].
• Access your Personal Data report by submitting a request at [email protected]. This report will include Personal Data we have about you, provided to you in a structured, commonly used, and portable format.
• Object to us processing your Personal Data. It is your right to lodge an objection to the processing of your Personal Data by emailing: [email protected] if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
• You can ask us to stop using your Personal Data, including when we use your Personal Data to send you marketing emails. We only send marketing communications to you with your prior consent, and you may withdraw your consent at any time by clicking the “unsubscribe” link found within Setapp emails and changing your contact preferences. Please note you will continue to receive transactional messages related to our Services, even if you unsubscribe from marketing emails.
• Complain to a regulator. If you think that we haven’t complied with data protection laws, you have a right to lodge a complaint with your local supervisory authority.

To communicate with our Data Protection Officer, please email [email protected].

We may need to update this Policy to keep pace with changes in our Sites, Services, Developer Content, our business, and laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. We will notify you of any material changes that impact your rights under this Policy by email (to your most recently provided email address) or post any other revisions to this Policy, along with their effective date, in an easy-to-find area of the Site. Hence, we recommend that you periodically check back here to stay informed of any changes. Please note that your continued use of Setapp after any change means that you agree with and consent to be bound by the new Policy. If you disagree with any changes in this Policy and do not wish your information to be subject to it, you will need to stop using the Site, Services, and Developer Content.

You may contact us with any questions relating to this Policy by e-mailing: [email protected].