Overview
At AppFollow, we care about the security of your data. Obeying European law, we follow the principles of confidentiality and build a service you can trust. We have an iSO 27001 certificate ensuring our security standards guarantee your data protection.
AppFollow gathers data from open sources, and also provides the ability to analyze data from your application store console through integration.
For Google Play we collect data via the official API, App Store doesn't have any official public API.
When working with API, we use our internal IP addresses from GEO in Europe. Therefore, there are no restrictions on the part of the Google / App Store.
ISO 27001 certification
AppFollow received ISO 27001 certification in May 2024, marking a major milestone in our commitment to top-notch data security and confidentiality.
ISO 27001 is the global standard for information security management, ensuring best practices for data protection.
This certification demonstrates our dedication to safeguarding your data and helps streamline security and compliance processes. In case your team require any SOC2 audit confirmation, please navigate to your AppFollow account and open the Compliance documents page.
A+ SSL security
We tuned our web servers to get A+ on ssllabs.com.
Access to Critical Client Data
We actively use the principle of "Least privilege" and do not allow any user or service (internal or external) to have more authority than needed for its functioning.
We do have an internal security policy that describes actions we take to secure our production, development, and testing environments such as but not limited to:
- Networking security (firewalls, internal and private networks)
- Access security (SSH certificates and key forwarding rules, password policies, internal SSO role mappings)
- Data encryption and anonymization rules (DB backups, service-to-service data secure transition, dev/test environment data anonymization)
- Web Application firewall rules
- Centralized logging and alerting
Third-Party Services AppFollow Uses
We host our servers on Amazon Web Services and Hetzner Cloud. We use Google Cloud Platform as well. The data is stored in Germany and in Finland. The company is organized according to the laws of Finland and uses a GDPR compliance agreement.
Billing Information
We always protect your billing information. We use Stripe to process payments. They follow the most stringent level of certification available in the payments industry.
AppFollow pays close attention to your data security. We want to reassure you that we take security questions very seriously and keep your data safe.
Google Play: Reply to Reviews Permissions
We take security extremely seriously in AppFollow. AppFollow never aims to treat your information in any unprofessional manner nor aims to control your application in any way.
When a user wants to reply to reviews of a Google Play Store app from AppFollow, it's necessary to go through the integration process with Google Play which requires an extended range of rights to "View and Manage your Google Play Developer Account". AppFollow only requires the "Reply to Reviews" permission that can be selected in your Google Play Console.
Frequently Asked Questions
- Have there been security incidents in the past?
No major security incidents have ever happened. We have received a few minor reports in the past, but no harm to our customers and to the service was done.
- Do you have any accredited security-relevant certifications?
No, but we’re investigating the necessity of this.
- Do you have any bug bounty programs?
Yes, we have. It’s a limited bug bounty program.
- Do you make use of independent penetration tests of your service?
Yes, we do such tests regularly. Pentest report is available upon request.
- Do you make use of third-party services?
We host our servers on Amazon Web Services and Hetzner Cloud. We use Google Cloud Platform as well.
- Why do you need an admin role for official API integration for AppStore?
We need it to reply to reviews, admin is the only role that allows it (apart form owner), as there is no customer support role in App Store API KEY we are forced to ask for admin role, but we only use it to see reviews and reply to them. If the App Store will add customer support role we'll right away change to it.
The company is organized according to the laws of Finland and uses a GDPR compliance agreement.
AppFollow doesn’t directly work with personal data, all data is collected from public sources unless third-party accounts are connected to AppFollow (e.g. App Store Connect or Google Play Console, then AppFollow uses third-party account details). Please, contact us if you need more details on this matter. For more information, check out our Privacy policy and User Agreement.