Skip to Main Content
Beta
Book demo
Privacy

Privacy policy

The Bold Apps, LLC respects your privacy and is committed to protecting it through this policy. This page explains what information we may collect when you access or use the Alppaca website, product, and related services, why we collect it, how we use it, and the rights you have over it.

Last updated: May 11, 2026

1. Data controller and contact

The data controller responsible for processing your personal data is The Bold Apps, LLC, a Delaware limited liability company (referred to as "Company", "we", "us", or "our"). For privacy questions, requests, or complaints, and for general support, contact us at support@alppaca.com.

This policy applies to information collected through the Alppaca website, product, and related services operated by The Bold Apps, LLC.

2. When we act as a controller vs. a processor

Alppaca is a web2app funnel builder used by app businesses (our customers) to convert web traffic into paid app subscribers. Our role under data protection law depends on whose data is being processed.

  • Controller for customer data: when you sign up as an Alppaca customer, we are the controller of your account, billing, and support data. This policy describes how we handle that data.
  • Processor for end-user data: when our customers use Alppaca to run funnels for their own end users, the customer is the controller of that end-user data and we act as a processor on the customer's behalf, under the terms of our customer contract and Data Processing Agreement (available on request at support@alppaca.com). End users with privacy requests about a specific app's funnel should contact the app's operator directly.

3. Information we collect

We collect information directly from you, automatically as you use the service, and from limited third parties (such as payment processors) that help us operate Alppaca.

  • Account information: name, email, password hash, organization details, and login identifiers when you sign up or log in.
  • Billing information: billing contact, address, tax identifiers, and payment metadata. Card numbers are handled by our payment processors and never stored on our servers.
  • Usage analytics: pages visited, features used, funnel events, timestamps, and performance metrics needed to operate and improve the product.
  • Support communications: messages, screenshots, and any details you share when you contact us for help.
  • Device and browser information: IP address, browser type and version, operating system, device identifiers, language preference, and referring URL.

4. How we use your information and lawful basis

For users in the EEA and UK, we process personal data only where we have a lawful basis under Article 6 of the EU General Data Protection Regulation (GDPR). The basis depends on the purpose.

  • Performance of a contract (Art. 6(1)(b)): to create and manage your account, deliver the product, process payments, provide customer support, and otherwise perform the services you sign up for.
  • Legitimate interests (Art. 6(1)(f)): to keep the service secure, prevent fraud and abuse, debug issues, measure aggregate product usage, and improve features. We balance these interests against your rights.
  • Consent (Art. 6(1)(a)): for optional marketing communications, optional analytics or tracking cookies (if and when introduced), and any other processing that requires consent. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable laws, including tax, accounting, and lawful requests from competent authorities.

5. Cookies and analytics

The Alppaca marketing site does not currently use third-party analytics, advertising, or tracking cookies. We use only the strictly necessary cookies required to make the site work (for example, session and preference cookies inside the product).

Before we enable any analytics, advertising, or tracking technologies on the marketing site or product, we will update this policy and, where required, ask for your consent through a cookie banner.

6. Sharing, disclosure, and sub-processors

We do not sell, rent, or trade your personal information. We share data only with carefully selected service providers (sub-processors) who help us run Alppaca, and only to the extent needed to deliver the service. A current list of named sub-processors is available on request at support@alppaca.com.

  • Hosting and infrastructure providers used to operate Alppaca and store data.
  • Payment processors used to process subscription payments and handle card data.
  • Email and customer support providers used to send transactional notifications and respond to support requests.
  • Professional advisors (legal, accounting, audit) under appropriate confidentiality obligations.

7. Legal, regulatory, and corporate disclosures

We may disclose personal information to comply with the law, to respond to lawful requests from public authorities, to enforce our terms, or to protect our rights, your safety, or the safety of others.

We may also disclose information in connection with a corporate transaction such as a merger, acquisition, restructuring, financing, or sale of assets of The Bold Apps, LLC. Aggregated or anonymized information that does not identify any individual may be disclosed without restriction.

8. International data transfers

The Bold Apps, LLC is based in the United States, and some of our sub-processors operate outside the European Economic Area (EEA) and the United Kingdom. Where we transfer personal data outside the EEA or UK, we rely on appropriate safeguards under GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK addenda, or other valid transfer mechanisms.

You can request a summary of the safeguards in place by emailing support@alppaca.com.

9. Data retention

We keep personal data only as long as we need it for the purposes described in this policy, or as required by law.

  • Account data: kept for as long as your account is active, then deleted or anonymized within a reasonable post-termination window (typically up to 90 days) unless a longer retention period is required by law.
  • Billing and tax records: retained for the period required by applicable tax, accounting, and audit laws (typically up to 10 years).
  • Server, security, and usage logs: typically retained for up to 12 months, then deleted or anonymized.
  • Support communications: kept for as long as needed to resolve your request and for a reasonable period afterwards for quality and training purposes.

10. Your rights in the EEA and UK

If you are located in the EEA or the UK, you have the following rights regarding your personal data. To exercise any of them, email support@alppaca.com and we will respond within the timeframes required by law.

  • Right of access: confirm whether we process your data and obtain a copy.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): ask us to delete your data, subject to legal exceptions.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to restriction of processing: ask us to limit how we use your data.
  • Right to object: object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
  • Right to lodge a complaint: file a complaint with your local supervisory authority if you believe we have violated data protection law.

11. U.S. state privacy rights

Depending on where you live in the United States, you may have additional rights under state privacy laws, including the Delaware Personal Data Privacy Act (DPDPA), the California Consumer Privacy Act as amended by the CPRA (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and similar laws in other states. The categories of personal information we collect are described in Section 3 above. The purposes for which we use that information are described in Section 4 and the recipients we share it with are described in Sections 6 and 7.

We do not sell your personal information for money, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the CCPA. We do not intentionally collect sensitive personal information as defined under applicable state law, and we do not use personal information for profiling that produces legal or similarly significant effects.

Depending on the law that applies to you, you may have the right to (i) confirm whether we process your personal information and access a copy of it, (ii) correct inaccurate personal information, (iii) delete personal information, (iv) obtain a portable copy of your personal information, and (v) opt out of targeted advertising, sale, or certain profiling activities. To exercise any of these rights, email support@alppaca.com. We will not discriminate against you for exercising your rights. You may use an authorized agent to submit a request on your behalf, subject to verification. If we decline a request, you may appeal by replying to our response; if your appeal is denied, you may contact your state Attorney General.

California "Shine the Light" law: California residents may request information once a year about personal information we have shared with third parties for those third parties' direct marketing purposes. Send your request, including the words "Shine the Light Request" in the subject line, to support@alppaca.com.

12. "Do Not Track" signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is not yet a common industry or legal standard for recognizing or honoring DNT signals, we do not currently respond to them. We will continue to monitor developments and update this section if our practices change.

13. Data security

We implement technical and organizational measures designed to protect personal information against accidental loss and against unauthorized access, use, alteration, and disclosure. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security. In the event of a personal data breach, we will notify affected users and competent regulators where and when required by applicable law.

14. Children

Alppaca is a business-to-business product and is not directed to children. We do not knowingly collect personal information from children under 13 in the United States, or below the applicable digital-consent age (between 13 and 16) in the EEA and UK. If you believe we have collected information from a child, contact support@alppaca.com and we will delete it.

15. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the site before the changes take effect. The "last updated" date at the top of this page shows when the policy was last revised.

16. Contact

To ask questions or make a privacy request, contact support@alppaca.com. For general support, write to support@alppaca.com.