How we handle your personal data
Last updated: June 4, 2026
This Privacy Policy describes how AppLinker (SIRET: 99365366600012), publisher of Boilerplate-Stack, collects, uses, stores, and protects your personal data. By using our website or purchasing a license, you accept the practices described in this policy. We are committed to complying with the General Data Protection Regulation (GDPR).
The data controller for your personal data is AppLinker, 78 Avenue des Champs-Élysées, Bureau 326, 75008 Paris, France. For any questions regarding data protection: [email protected]
We collect the following data: (a) Identification data: name, surname, email address, GitHub username; (b) Payment data: processed directly by Stripe, we do not store your credit card data; (c) License data: license type, purchase date, associated projects; (d) Technical data: IP address, browser type, operating system, pages visited; (e) Communication data: messages sent via contact form or Discord.
Your data is used to: (a) Process your order and deliver your license; (b) Grant you access to the private GitHub repository; (c) Send you updates and important information about your license; (d) Provide technical support via Discord; (e) Improve our services and website; (f) Comply with our legal and tax obligations.
The processing of your data is based on: (a) Contract performance: necessary to deliver your license and provide associated services; (b) Your consent: for marketing communications and newsletter; (c) Our legitimate interests: service improvement, security, fraud prevention; (d) Legal obligations: retention of invoices and accounting data.
We retain your data for the following periods: (a) Account and license data: throughout your license duration + 3 years; (b) Billing data: 10 years (French legal requirement); (c) Browsing data: 13 months maximum; (d) Cookies: according to their type (see Cookies section); (e) Support messages: 3 years after last exchange.
Your data may be shared with: (a) Stripe Inc. (USA): payment processing, PCI-DSS certified; (b) Supabase Inc. (Singapore): database hosting; (c) Mailjet (France): transactional email delivery; (d) GitHub Inc. (USA): source code access management; (e) Google Analytics (USA): web traffic analysis. These providers are subject to strict contractual data protection obligations.
Some data is transferred to countries outside the EU (USA, Singapore). These transfers are governed by: European Commission Standard Contractual Clauses, the Data Privacy Framework for transfers to the USA, and appropriate supplementary security measures.
Under GDPR, you have the following rights: (a) Right of access: obtain a copy of your data; (b) Right to rectification: correct inaccurate data; (c) Right to erasure: request deletion of your data; (d) Right to restriction: restrict processing; (e) Right to portability: receive your data in a structured format; (f) Right to object: object to processing for legitimate reasons. To exercise these rights, contact us at [email protected]. We will respond within 30 days. You may also file a complaint with your local data protection authority.
Our site uses cookies: (a) Essential cookies: necessary for site operation (session, language preferences); (b) Analytics cookies: Google Analytics to understand site usage (IP anonymization enabled); (c) Marketing cookies: only with your consent, for ad personalization. You can manage your preferences via the cookie banner or your browser settings.
We implement technical and organizational measures to protect your data: TLS/SSL encryption for all communications, secure storage with encryption at rest, restricted access to personal data, system monitoring and intrusion detection, regular backups, staff training on data protection.
When each boilerplate instance is deployed, a notification is sent to our server via the /api/notify endpoint. The data collected includes: (a) a unique project identifier; (b) the deployment domain name; (c) the boilerplate version; (d) the event type (installation or deployment); (e) the server IP address. This data is used exclusively for internal statistical purposes to track boilerplate adoption, improve our product, and detect unauthorized usage. It is not shared with any third parties. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in understanding the usage of our software. You can disable this telemetry by removing the call to the /api/notify endpoint in your deployed instance.
Our services are intended for professionals and are not directed at minors under 16 years of age. We do not knowingly collect personal data from minors.
This policy may be updated. In case of substantial changes, we will notify you by email. The last update date is shown at the top of this page.
For any questions regarding this Privacy Policy or to exercise your rights: Email: [email protected] | Address: AppLinker, 78 Avenue des Champs-Élysées, Bureau 326, 75008 Paris, France | Supervisory authority: CNIL (www.cnil.fr) or your local data protection authority.