General Data Protection Regulation

Developers who fall under the GDPR compliance requirements can use our Service.

Personal Data of your End Users

For the purposes of the GDPR (General Data Protection Regulation), Iaptic SAS, distributor of the website, is considered a Data Processor. As such You as the Data Controller of your own application’s data are responsible for disclosing any personal user information you disclose to us in your own privacy policy.

Purposes of the processing

  • Determine the eligibility of the End User to an In-App Product.
  • Provide You with information about your End Users’ purchases, such as the date, time and status of transactions, and aggregate statistical data.
  • Ensure the proper functioning of the Service.

Data location

The data is stored and processed from data centers in the European Union (EU). As of April 21th, 2021, all of our servers are located in Germany and Finland.

Categories of data We process

We process the receipt validation requests made from Your application, and subsequent data provided by Apple, Google or Microsoft about those receipts.

Data include (but might not limited to):

  • Information about the initial download of the Your application by the End User.
  • List and state of the last transactions performed by the End User in Your application.
  • Information about the End User’s Device.
  • Logs of requests made to our Service.

As the Data Controller, it’s Your decision to provide or not the above information to Our Service.

Third Party Service Providers

We may use third-party Service Providers to provide or improve our Service.

  • Fovea for operating the service.
  • Apple for accessing In-App Payments information (for iOS and macOS) – Their Privacy Policy can be viewed at
  • Google for accessing In-App Payments information (for Android) – Their Privacy Policy can be viewed at
  • CloudFlare for protecting the communications from Your End Users and Your servers to Our servers – Their Privacy Policy can be viewed at
  • Sentry for ensuring the proper functioning of Our Service – Their Privacy Policy can be viewed at
  • Hetzner for hosting – Their Privacy Policy can be view at


Only authorized system administrators and support agents can access the data (in forms of Logs or Database access), in order to respond to your requests or to ensure the proper functioning of the Service. No other third parties have access to the data.

Data is only accessible from an encrypted private virtual network and protected with industry standard encryption.


Data is guaranteed to be duplicated in at least 2 data centers located in different countries. Database servers are backed up everyday, backups are kept for 7 days.


All data linked with your account is deleted when you close Your Account or at Your request. Requests can be sent to [email protected].

Your Personal Data

Please visit our Privacy Policy for details.

Purposes of the processing

  • Protect your data with an email address, password and API keys.
  • Ensure the proper functioning of the Service, by providing programmatic Us with access to Apple, Google and Microsoft's receipt validation APIs on Your behalf.

Interpretation and Definitions


The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.


  • Data controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing of personal data.
  • Account means a unique account created for You to access our Service.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Iaptic, SAS. 127 rue La Boétie, 75008 Paris, FRANCE.
  • Service means the purchase entitlement service named Iaptic, provided by the Company.
  • Country refers to: France
  • Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Account owner’s company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
  • Data Processor means an entity that processes personal data on behalf of the Data Controller, for the purposes of the GDPR, the Company is the Data Processor.
  • Personal Data is any information that relates to an identified or identifiable individual, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).