Privacy Policy

Last updated: 16 June 2026

1. Data controller

Intelligent Matrix s.r.o., with registered office in Prague, Czech Republic, is the data controller for personal data processed through AppDock. Contact our Data Protection Officer at dpo@appdock.market.

2. What data we collect

• Account data: name, email, hashed password, company name, role (buyer / seller / freelancer), country.
• Profile and listing data: app description, tech stack, screenshots, revenue figures, asking price, ownership documentation you upload.
• Transaction data: inquiries, messages, offers, escrow records, payment references (we do not store full card numbers — handled by our PCI-DSS compliant payment partners).
• Usage data: IP address, browser, device, pages viewed, referring URL, timestamps, error logs.
• AI conversation data: messages you exchange with the AppDock Assistant.
• Tax reporting data: transaction amounts, TIN, and seller identity information collected under DAC7 Directive (EU) 2021/514.
• Communications: emails and support tickets you send us.

3. How we use your data (purposes & legal bases)

4. Sharing your data

We share personal data only with:

• Counter-parties to a transaction (only the information necessary to conclude the deal — e.g. company name and contact for an inquiry).
• Sub-processors acting under data processing agreements: Supabase (database & auth, EU region); Cloudflare Inc., USA / Cloudflare Ltd., UK (CDN and security; SCCs apply); Stripe Payments Europe Ltd, Ireland (payments, escrow, KYC for sellers; PSD2 licensed); Resend (transactional email); Anthropic PBC, USA (AI inference — claude-sonnet-4-6 — for AppDock Assistant chatbot and listing description generation; SCCs apply; data not used for model training) (Note: the platform uses an OpenAI-compatible API adapter internally for routing — no data is sent to OpenAI; all AI inference is exclusively handled by Anthropic PBC).
• Professional advisers, auditors and regulators where legally required.
• Acquirers in the event of a corporate transaction, subject to confidentiality.

5. International transfers

Some sub-processors are located outside the EEA. In those cases we rely on the European Commission's Standard Contractual Clauses (2021/914) and, where relevant, additional supplementary measures (encryption in transit and at rest).

6. Retention

• Account data: while your account is active, then 12 months after closure.
• Transaction & invoice data: 10 years (Czech accounting law).
• KYC / AML records: 5 years after the end of the business relationship.
• Marketing data: until you unsubscribe.
• Server logs: 90 days.
• AI conversation data: 12 months, then anonymised.

7. Your rights

Under the GDPR you have the rights of access, rectification, erasure, restriction, portability and objection, plus the right to withdraw consent at any time. You also have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, uoou.cz) or your local supervisory authority.

To exercise any right, email dpo@appdock.market. We respond within 30 days.

8. Security

We apply industry-standard technical and organisational measures: TLS in transit, AES-256 at rest, role-based access control with row-level security in the database, hardware MFA for admins, encrypted backups, intrusion monitoring, and a documented incident response plan.

9. Automated decision-making

The AppDock Score and AI valuation ranges are produced by automated models for guidance only. They do not produce legal effects and you may always request a manual review at support@appdock.market.

10. Children

AppDock is not directed to children under 18. We do not knowingly collect data from minors.

11. Changes

We will notify you of material changes by email or in-app at least 14 days before they take effect.