At AppFollow, we care about the security of your data. Obeying European law, we follow the principles of confidentiality and build a service you can trust.
AppFollow gathers data from open sources, and also provides the ability to analyze data from your application store console through integration.
For Google Play we collect data via the official API, App Store doesn't have any official public API.
When working with the API, we use our internal IP addresses from GEO in Europe. Therefore, there are no restrictions on the part of the Google / App Store.
A+ SSL security
We tuned our web servers to get A+ on ssllabs.com
Access to Critical Client Data
We actively use the principle of "Least privilege" and do not allow any user or service (internal or external) to have more authority than needed for its functioning.
We do have an internal security policy that describes actions we take to secure our production, development, and testing environments such as but not limited to:
- Networking security (firewalls, internal and private networks)
- Access security (SSH certificates and key forwarding rules, password policies, internal SSO role mappings)
- Data encryption and anonymization rules (DB backups, service-to-service data secure transition, dev/test environment data anonymization)
- Web Application firewall rules
- Centralized logging and alerting
Third-Party Services AppFollow Uses
We host our servers on Amazon Web Services and Hetzner Cloud. We use Google Cloud Platform as well. The data is stored in Germany and in Finland. The company is organized according to the laws of Finland and uses a GDPR compliance agreement.
We always protect your billing information. We use Stripe to process payments. They follow the most stringent level of certification available in the payments industry.
AppFollow pays close attention to your data security. We want to reassure you that we take security questions very seriously and keep your data safe.
Google Play: Reply to Reviews Permissions
We take security extremely seriously in AppFollow. AppFollow never aims to treat your information in any unprofessional manner nor aims to control your application in any way.
When a user wants to reply to reviews for the Google Play Store app in AppFollow there’s a need to go through the Google Oauth process and Google requires an extended range of rights to "View and Manage your Google Play Developer Account". AppFollow itself just needs to have the right to "Reply to Reviews" that can be selected in Google Play Console.
Frequently Asked Questions
- Have there been security incidents in the past?
No major security incidents have ever happened. We have received a few minor reports in the past, but no harm to our customers and to the service was done.
- Do you have any accredited security-relevant certifications?
No, but we’re investigating the necessity of this.
- Do you have any bug bounty programs?
Yes, we have. It’s a limited bug bounty program.
- Do you make use of independent penetration tests of your service?
Yes, we do such tests regularly. Pentest report is available upon request.
- Do you make use of third-party services?
We host our servers on Amazon Web Services and Hetzner Cloud. We use Google Cloud Platform as well.
The company is organized according to the laws of Finland and uses a GDPR compliance agreement.
AppFollow doesn’t directly work with personal data, all data is collected from public sources unless third-party accounts are connected to AppFollow (e.g. App Store Connect or Google Play Console, then AppFollow uses third-party account details). Please, contact us if you need more details on this matter.