Data security in AppFollow
At AppFollow, we care about the security of your data. Obeying European law, we follow the principles of confidentiality and build a service you can trust.
AppFollow gathers data from open sources, and also provides the ability to analyze data from your application store console through integration.
For Google Play we collect data via the official API, App Store hasn't any official public API.
When working with the API, we use our internal IP addresses from GEO in Europe. Therefore, there are no restrictions on the part of the Google / App Store.
A+ SSL security
We tuned our web-servers to get A+ on ssllabs.com
Access to critical client data
We actively use the principle of "Least privilege" and do not allow any user or service (internal or external) to have more authority than needed for its functioning.
We do have internal security policy which describes actions we take to secure our production, development and testing environments such as but not limited to:
- Networking security (firewalls, internal and private networks)
- Access security (SSH certificates and key forwarding rules, password policies, internal SSO role mappings)
- Data encryption and anonymization rules (DB backups, service-to-service data secure transition, dev/test environment data anonymization)
- Web Application firewall rules
- Centralized logging and alerting
Third-party services that we use
We host our servers on Amazon Web Services and Hetzner Cloud. We use Google Cloud Platform as well. The company is organized according to the laws of Finland and uses GDPR compliance agreement.
We protect your billing information
We use Stripe to proceed the payments. They follow the most stringent level of certification available in the payments industry.
AppFollow pays close attention to your data security. We want to reassure you that we take security questions very seriously and keep your data safe.
Here are few of the most popular questions:
- Do you use any bug bounty programs?
No, but we plan to start using them in 2020. At the moment all security audits are performed internally.
- Did you make use of independent penetration tests of your service?
These kind of tests will be introduced together with bugs bounty initiative.
- Have there been security incidents in the past?
No major security incidents have ever happened. We have received a few minor reports in the past, but no harm to our customers and the service was done.
- Do you have any accredited security-relevant certifications?
No, but we’re investigating the necessity of this.
- Do you make use of third-party services?
We host our servers on Amazon Web Services and Hetzner Cloud. We use Google Cloud Platform as well.
The company is organized according to the laws of Finland and uses GDPR compliance agreement.
AppFollow doesn’t directly work with personal data, all data is collected from public sources unless third party accounts are connected to AppFollow (e.g. App Store Connect or Google Play Console, then AppFollow uses third-party account details). Please, contact us if you need more details on this matter.
Permissions requested during Google Play Reply to Reviews integration
We take security extremely seriously in AppFollow. AppFollow never aims to treat your information in any unprofessional manner nor aims to control your application in any way.
When a user wants to reply to reviews for the Google Play Store app in AppFollow there’s a need to go through the Google Oauth process and Google requires providing an extended range of rights to `View and Manage your Google Play Developer Account`. AppFollow itself just needs to have the right to `Reply to Reviews` that can be selected in Google Play Console.
Need more details? Keep in touch with our Customer Support team — just hit the blue chat button or ping us at help@appfollow,io, we’re here.