Security
Pricing Sign In Book a Demo

Privacy Policy

Privacy Policy

Privacy Policy

We believe trust is earned through transparency, security and responsible handling of customer data.

Last updated: May 15th 2026

Appesco provides business software for contract lifecycle management. In some situations, Appesco acts as a data controller. In other situations, especially where our customers upload or manage personal data inside the Appesco platform, Appesco acts as a data processor on behalf of the customer.

If you have any questions about this Privacy Policy or the way we process personal data, you can contact us at [email protected]

(1) Personal data we collect

We may collect the following categories of personal data.

1.1 Account and contact data

When you create an account, request a demo, contact us, or use our services, we may collect:

  • name;
  • business email address;
  • company name;
  • job title;
  • phone number;
  • billing details;
  • login credentials;
  • communication history with us.

We do not intentionally collect personal data such as gender, date of birth or home address unless this is necessary for a specific service, legal obligation, or information you voluntarily provide.

1.2 Customer content

Customers may upload, store or manage content in the Appesco platform, including contracts, documents, company information, supplier information, employee information, signatures, comments, metadata and other business records.

Where this content contains personal data, the customer is usually the data controller and Appesco acts as the data processor. We process such data only on the customer’s instructions and in accordance with our agreement with the customer, including any applicable Data Processing Agreement.

1.3 Automatically collected data

When you visit our website or use our services, we may automatically collect:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • referring website;
  • date and time of access;
  • language settings;
  • usage logs;
  • security and authentication logs.

We use this information to operate, secure, monitor and improve our website and services.

1.4 Cookies and similar technologies

We use cookies and similar technologies to make our website work, remember preferences, analyze usage and, where applicable, support marketing activities.

Non-essential cookies, such as analytics or marketing cookies, are used only where required consent has been obtained through our cookie banner or cookie settings.

More details are provided in the cookie section below.

1.5 Data from third-party services

We may receive data from third-party services where you choose to connect or use them with Appesco, such as authentication providers, analytics tools, payment providers, support tools or integrated services.

Where we use Google APIs, data obtained through Google OAuth scopes is used only in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

(2) How we use personal data

We use personal data for the following purposes:

  • to provide, operate and maintain our services;
  • to create and manage user accounts;
  • to authenticate users and control access;
  • to provide customer support;
  • to process billing and payments;
  • to communicate about service updates, security notices and administrative matters;
  • to improve our website, products and services;
  • to monitor service performance and troubleshoot issues;
  • to detect, prevent and investigate security incidents, fraud or misuse;
  • to comply with legal, tax, accounting and regulatory obligations;
  • to send marketing communications where permitted by law;
  • to manage customer relationships and commercial enquiries.

Where the GDPR applies, we rely on one or more of the following legal bases:

3.1 Performance of a contract

We process personal data where necessary to provide our services, manage accounts, deliver support, process billing, and perform our contractual obligations.

3.2 Legitimate interests

We process personal data where necessary for our legitimate business interests, including service security, fraud prevention, product improvement, customer relationship management and basic analytics, provided these interests are not overridden by your rights and freedoms.

We rely on consent where required, for example for certain cookies, analytics, marketing communications, or optional integrations.

You may withdraw your consent at any time.

We process personal data where necessary to comply with applicable legal obligations, including tax, accounting, regulatory and legal reporting requirements.

(4) Sharing personal data

We do not sell personal data.

We may share personal data with the following categories of recipients:

4.1 Service providers and subprocessors

We use trusted third-party providers to help us deliver our services, including hosting, infrastructure, analytics, payment processing, customer support, email delivery, monitoring and security.

These providers may process personal data only where necessary to provide their services to us and must protect personal data under appropriate contractual obligations.

We may disclose personal data where required by law, court order, regulatory authority, or where necessary to protect our rights, users, customers, systems, or the security of our services.

4.3 Business transfers

If Appesco is involved in a merger, acquisition, financing, restructuring or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

(5) International data transfers

Where possible, we aim to store and process customer data in the European Economic Area or in jurisdictions that provide an adequate level of data protection.

Where personal data is transferred outside the EEA, we use appropriate safeguards, such as:

  • European Commission adequacy decisions;
  • Standard Contractual Clauses;
  • contractual, technical and organizational safeguards;
  • additional transfer impact assessments where required.

(6) Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

In general:

  • account data is retained while the account remains active;
  • customer content is retained according to the customer’s subscription, account settings and contractual terms;
  • deleted customer content may remain in backups for a limited period before being overwritten;
  • billing and accounting records may be retained for the period required by tax and accounting laws;
  • security logs are retained for a limited period necessary for security, fraud prevention and troubleshooting;
  • marketing data is retained until you unsubscribe or withdraw consent.

When personal data is no longer needed, we delete, anonymize or securely archive it.

(7) Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

These measures may include:

  • encryption in transit;
  • access controls;
  • authentication controls;
  • role-based permissions;
  • logging and monitoring;
  • backups;
  • infrastructure security;
  • internal access restrictions;
  • security reviews and vulnerability management.

No online service can guarantee absolute security. If we become aware of a personal data breach affecting your data, we will notify affected customers or users where required by applicable law.

More information is available on our Security page.

(8) Your GDPR rights

Where the GDPR applies, you may have the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object;
  • right to withdraw consent;
  • right not to be subject to certain automated decisions;
  • right to lodge a complaint with a supervisory authority.

To exercise your rights, contact us at:

[email protected]

We may need to verify your identity before responding. We aim to respond within one month, unless a shorter or longer period applies under applicable law.

If your personal data is processed by Appesco on behalf of one of our customers, we may need to forward your request to that customer or ask you to contact the customer directly.

(9) Marketing communications

We may send marketing emails about Appesco products, updates or relevant content where permitted by law.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us.

You will still receive important service, billing, security or administrative messages where necessary.

(10) Cookies

We use cookies and similar technologies on our website.

Cookies may include:

  • necessary cookies, required for website functionality and security;
  • preference cookies, used to remember settings;
  • analytics cookies, used to understand website usage;
  • marketing cookies, used to measure or personalize advertising and embedded content.

Non-essential cookies are only used where required consent has been obtained.

You can manage your cookie preferences through our cookie banner or browser settings.

(11) Children

Our services are intended for business users and are not directed to children under 16 years old.

We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will delete it.

(12) Controller and processor roles

For personal data collected through our website, account registration, billing, support, marketing and customer relationship activities, Appesco generally acts as the data controller.

For personal data uploaded, stored or processed by customers inside the Appesco platform, the customer generally acts as the data controller and Appesco acts as the data processor.

Where Appesco acts as processor, we process personal data only according to the customer’s documented instructions and our Data Processing Agreement.

(13) Data Processing Agreement

For business customers that use Appesco to process personal data, especially customer, employee, supplier or contract-related data, Appesco provides a Data Processing Agreement.

The DPA explains:

  • the subject matter and duration of processing;
  • the nature and purpose of processing;
  • categories of personal data;
  • categories of data subjects;
  • security measures;
  • subprocessors;
  • international transfers;
  • breach notification;
  • deletion or return of data;
  • assistance with data subject requests.

Customers can request a personalized DPA by contacting:

[email protected]

(14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we make material changes, we will update the “Last updated” date and, where appropriate, notify users by email or through the service.

Continued use of our website or services after changes become effective means the updated Privacy Policy applies.

(15) Contact

For privacy questions, data protection requests or concerns, contact us at:

[email protected]

Appesco B.V.
Voorburg, 2275 AL, The Netherlands
KvK/CoC: 82619468
VAT: NL862541499B01

Necessary (1)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name

Provider

Purpose

Maximum Storage Duration

Type

CookieConsent

Cookiebot

Stores the user's cookie consent state for the current domain

1 year

HTTP Cookie

Preferences (2)

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Name

Provider

Purpose

Maximum Storage Duration

Type

chakra-ui-color-mode

appesco.com

Necessary for the functionality of the website's chat-box function.

Persistent

HTML Local Storage

twk_idm_key

Tawk.to

Allows the website to recoqnise the visitor, in order to optimize the chat-box functionality.

Session

HTTP Cookie

Statistics (3)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name

Provider

Purpose

Maximum Storage Duration

Type

_ga

Google

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

2 years

HTTP Cookie

_ga_#

Google

Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.

2 years

HTTP Cookie

TawkConnectionTime

Tawk.to

Allows the website to recoqnise the visitor, in order to optimize the chat-box functionality.

Session

HTTP Cookie

Marketing (19)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name

Provider

Purpose

Maximum Storage Duration

Type

#-#

YouTube

Used to track user’s interaction with embedded content.

Session

HTML Local Storage

__Secure-ROLLOUT_TOKEN

YouTube

Pending

180 days

HTTP Cookie

__Secure-YEC

YouTube

Stores the user's video player preferences using embedded YouTube video

Session

HTTP Cookie

iU5q-!O9@$

YouTube

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Session

HTML Local Storage

LAST_RESULT_ENTRY_KEY

YouTube

Used to track user’s interaction with embedded content.

Session

HTTP Cookie

LogsDatabaseV2:V#||LogsRequestsStore

YouTube

Used to track user’s interaction with embedded content.

Persistent

IndexedDB

NID

Google

Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.

6 months

HTTP Cookie

remote_sid

YouTube

Necessary for the implementation and functionality of YouTube video-content on the website.

Session

HTTP Cookie

TESTCOOKIESENABLED

YouTube

Used to track user’s interaction with embedded content.

1 day

HTTP Cookie

VISITOR_INFO1_LIVE

YouTube

Tries to estimate the users' bandwidth on pages with integrated YouTube videos.

180 days

HTTP Cookie

YSC

YouTube

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Session

HTTP Cookie

YtIdbMeta#databases

YouTube

Used to track user’s interaction with embedded content.

Persistent

IndexedDB

yt-remote-cast-available

YouTube

Stores the user's video player preferences using embedded YouTube video

Session

HTML Local Storage

yt-remote-cast-installed

YouTube

Stores the user's video player preferences using embedded YouTube video

Session

HTML Local Storage

yt-remote-connected-devices

YouTube

Stores the user's video player preferences using embedded YouTube video

Persistent

HTML Local Storage

yt-remote-device-id

YouTube

Stores the user's video player preferences using embedded YouTube video

Persistent

HTML Local Storage

yt-remote-fast-check-period

YouTube

Stores the user's video player preferences using embedded YouTube video

Session

HTML Local Storage

yt-remote-session-app

YouTube

Stores the user's video player preferences using embedded YouTube video

Session

HTML Local Storage

yt-remote-session-name

YouTube

Stores the user's video player preferences using embedded YouTube video

Session

HTML Local Storage

Unclassified (1)

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

Name

Provider

Purpose

Maximum Storage Duration

Type

redirectTo

appesco.com

Pending

Session

HTTP Cookie

Thank you!

We will keep in touch soon :)