Privacy Policy

Overview

JR NETMEDIA ("we" or "us") has created this Privacy Policy to explain how your personal information is collected, used, and shared when you visit Appcrazy (referred to as the "Site"). We value your privacy and want you to understand the measures we take to protect it. This policy is intended to be transparent and easy to read, while also complying with the data protection laws of Andorra and international standards like the GDPR. By using our Site, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Site.

Who We Are & Contact Details

Controller: The entity responsible for processing your data on this Site is JR NETMEDIA. In simple terms, JR NETMEDIA is the organization that decides what information is collected on the Site and how it is used. If you need to get in touch with us about privacy matters, you can reach us at:

Email: [email protected]
Mailing Address: Carrer dels Avellaners, Ed. Griu, Pis 5 Pta 3, AD200 (if applicable)

Whether you have a question about this policy, want to exercise one of your rights (explained below), or have a concern about how we handle data, we encourage you to contact us. We’re here to help.

Information We Collect About You

When you use Appcrazy, we collect information in a couple of different ways:

1. Information You Provide Directly:
We do not require users to sign up for an account or provide personal details just to browse our content. However, if you choose to communicate with us (for example, sending us an email inquiry or filling out a contact form if one is available), you will be providing us with certain information like your name, email address, and any other details you include in your message. We will use this information solely for the purpose of communicating with you and addressing your inquiry or feedback.

2. Information Collected Automatically:
Like many websites, our Site automatically collects some data about your visit. This includes:

Usage Data: We track how you navigate our Site. This can include the pages you visit, the time and date of your visit, time spent on each page, and the links you click on (such as clicking a link to the Google Play Store or App Store to view/download an app). This information helps us understand which content is popular or useful and how users interact with our Site.
Device and Technical Data: We gather technical information about the device and browser you use to access the Site. This may include your IP address (which can give a general idea of your location, e.g., city or country), browser type and version, device type (desktop, mobile, tablet), operating system, and other similar technical information. We use this data to ensure the Site is optimized for as many users as possible and to troubleshoot technical issues if they arise.
Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar tracking technologies like web beacons or pixels. Cookies help us remember your preferences and understand how you use our Site. There are different types of cookies we use:
Necessary Cookies: These are essential for the Site’s core functionality. For instance, if we display a cookie consent banner, we use a cookie to remember your choices so that you don’t have to repeat them on every page. Similarly, our security measures (via Cloudflare) set a cookie (__cf_bm) to help differentiate between human users and bots, which is important for protecting the Site.
Analytics Cookies: With your consent (if required by law in your region), we use analytics cookies to collect information about how visitors use the Site. We have integrated Google Analytics to learn about things like how many users visit per day, which pages are most visited, and how users find us (e.g., via search engine or ads). Google Analytics may set cookies such as ga andgid that assign a unique ID to your browser. We’ve configured Google Analytics in compliance with privacy best practices (for example, IP anonymization is enabled, meaning Google truncates your IP address in the EU/EEA to anonymize it).
Microsoft Clarity: We also use Microsoft Clarity for additional insights on user behavior. Clarity can record interactions on our Site (like mouse clicks, scrolling, and how you navigate pages) to generate heatmaps and session replays. This sounds more intrusive than it is — Clarity does not collect personal information like your name or any input you type into fields; it’s mainly looking at how users in general engage with our pages. Clarity sets its own cookies (e.g., clck for a persistent user ID andclsk for session linking). The data from Clarity helps us improve site design and user experience.
Advertising and Conversion Cookies: Because we run advertising campaigns to attract visitors and we display ads on our Site, there are cookies related to advertising. If you click on one of our ads on another platform (like a Microsoft Bing ad or a Yahoo Japan ad) and come to our Site, a cookie might be set to note that you arrived via that ad. For example, Microsoft Advertising’s UET (Universal Event Tracking) uses cookies (_uetvid, uetsid) to monitor what visitors do after clicking an ad, so we can measure the success of our advertising. Similarly, we have a mechanism for Yahoo Japan Ads that stores a click ID in a cookie (ycl_yjad) for conversion tracking. On our Site itself, we use Google AdSense to display ads, and Google may set cookies like IDE (used for showing Google ads on non-Google sites, which helps with ad personalization or frequency capping) and test_cookie (used to check if your browser supports cookies, typically a short-lived cookie).

We provide detailed information about all these cookies and their purposes in our Cookie Policy. There, you’ll find a list of specific cookies, what they do, who provides them, and how long they last.

3. Information from External Sources:
In general, we do not actively obtain information about you from third parties. However, third-party services that we use might give us aggregated data. For instance, Google Analytics provides us with demographic estimates (like what percentage of our users are from certain countries or using certain browsers) based on the data collected, but this is not tied to any named individual. If we ever were to incorporate external data (for example, if we partnered with a social media platform for a promotion and got info about participants), we would update our policy accordingly. As of now, virtually all information comes either directly from you or via your interactions with our Site and associated tools.

Why & How We Use Your Information

We use your information for the following purposes:

To Provide and Maintain the Site: The most basic use of information is to deliver our content to you and ensure the Site works properly. For example, using your IP address to send the correct data to your browser, or using cookies to maintain site stability and security. If the Site is experiencing heavy load or an attack, Cloudflare may use certain data to mitigate that (ensuring that real users can still access the site).
To Improve Your Experience: We continuously want to improve the content and functionality of Appcrazy. By analyzing how users navigate the Site (through aggregate data from Google Analytics and Clarity), we can identify things like which topics are most popular, whether users are finding what they need quickly, or if certain pages have high bounce rates (people leaving immediately) which might indicate an issue. For example, Clarity might show us a heatmap indicating that a lot of users try clicking on something that’s not actually a button — a sign that we might need to make that element clickable or clearer. These insights directly feed into making the Site better for you and future visitors.
To Display Advertisements: Ads keep our content free. We use information to manage and tailor the ads you see. However, we do so in a privacy-conscious way. By default (especially for users in jurisdictions with strict privacy rules), we have set ads to be non-personalized unless you give consent for personalized ads. Non-personalized ads means the ads are mostly contextual (based on the content of the page, like showing a tech product ad on a tech site) rather than based on your personal browsing history. If you do consent to personalized advertising, Google may use data it has about you (like your Google profile or past web activity) to show more relevant ads. In both cases, we might use information like general location (e.g., ads for an app may be different in one country versus another) or prevent showing you the same ad repeatedly. Advertising-related cookies and data help in this process.
To Measure Advertising Effectiveness: It’s important for us to know if our advertising efforts are working. If we run a campaign on Google Ads or Bing Ads to bring in visitors, we want to see if those visitors actually find our site useful (for instance, do they read multiple pages, or do they quickly leave?). We use conversion tracking cookies for this reason. For example, if we place a Bing ad and you click it and then, on our Site, you click an “Install” link to go to the Play Store, that might count as a conversion for us (it indicates you found what you were looking for). The _uetvid cookie and similar help us link the ad click to that action. This information guides how we create future content and allocate our advertising budget.
To Communicate with You: If you reach out to us (say via email), we will use your contact information to respond. We might also use it to follow up and ensure you got the help you needed. We do not send marketing emails or newsletters at this time. If that ever changes, we will update this Policy and ensure we have necessary permissions to do so. For now, communication is only initiated by you and responded to by us.
To Enforce Terms and Protect the Site: We use data (like IP addresses, and server logs) to help detect and prevent fraud, abuse, or unlawful activity on our Site. For example, if we notice one particular IP address is making thousands of requests per minute (likely a bot or attack), we may log that and block it. Similarly, if someone attempted to post unauthorized content (if our site had forms or comment sections, which it currently doesn’t) or tried to scrape our content aggressively, we’d use data about that activity to mitigate it. We also might use data to enforce our Terms of Service. If something goes legally wrong, information like logs could be used to investigate or demonstrate what happened.
Legal Compliance: Sometimes we may need to process data to comply with laws or regulations. For example, data retention laws might require us to hold certain records for a period of time. Or if law enforcement has a lawful request (like an IP address associated with specific illegal behavior targeting our Site), we might process and share data to comply. Also, under data protection laws, we keep track of user consents and preferences (that’s processing data too) to prove we comply with those regulations (for instance, records that you consented to cookies at a certain time).

We ensure that we have a valid legal reason (known as a "legal basis") for each use of personal data, especially under GDPR-style laws. Typically, the legal bases applicable to our Site’s operations are:

Consent: We rely on your consent for things like non-essential cookies (analytics, personalization, ads) in regions where consent is required. When you see our cookie banner and choose your settings, you are giving (or denying) consent for certain categories of data use. You can change your mind later, and we will honor that (explained more below).
Legitimate Interests: We have a legitimate interest in ensuring our Site operates securely and effectively, and in understanding our user base to improve our services. For data that has minimal impact on privacy (especially when aggregated or pseudonymized, like analytics data, or necessary data like logs for security), we may process under legitimate interests. We always weigh our interests against your rights — for example, we wouldn’t sacrifice your privacy for trivial gains on our part.
Contractual Necessity: Although not very applicable in our case since you’re not entering a contract just by browsing, if you were to enter into a specific agreement with us (like paying for a service or something), then using your data to deliver that service would fall under contractual necessity.
Legal Obligation: If we have to comply with a legal obligation by processing data (like retaining transaction records for tax reasons or providing information to authorities when legally compelled), that’s another basis.

Cookies & Your Choices

Cookies and online tracking are a big part of how we operate, but we want to empower you with choice:

When you first visit our Site, you’ll encounter a consent banner (especially if you’re in a jurisdiction like the EU where it’s required). This banner will explain in broad terms that we use cookies for various purposes and will give you options to accept or customize your preferences. Through our Consent Management Platform (CMP), which is certified under the IAB’s Transparency and Consent Framework (TCF), you can choose which types of cookies to allow:

Strictly Necessary Cookies: These are always on because the site won’t function properly without them (for instance, we can’t remember that you opted out of cookies unless we set a cookie to remember that!). You cannot disable these through the consent banner because they don’t store personally identifiable info and are needed for core site features (such as security and basic functionality).
Analytics Cookies: You have the choice to allow or decline these. If you decline, we will not load Google Analytics or Microsoft Clarity on your browser, meaning your site visit won’t be included in our usage stats (and that’s okay!). If you allow, those tools will run and help us gather insight into site usage.
Advertising Cookies: You also have the choice here. If you decline advertising cookies (or simply don’t consent to them), we will either not load our ad partners’ cookies or we will ask them (through signals) to serve only non-personalized ads. If you accept them, you might get more relevant advertising but it does mean our partners like Google could use cookie data to show you targeted content.

Remember, you can adjust your choices any time. Typically, there’s a “Privacy Settings” link or button on our Site (often in the footer or as a floating icon) that reopens the CMP interface. Using that, you can modify your consent state (say, withdraw consent for analytics if you gave it earlier, or vice versa). Additionally, you can manage cookies through your web browser settings. All major browsers allow you to see what cookies are stored and to clear them. You can usually also block cookies from specific sites or all sites. Bear in mind, if you clear cookies entirely, you’ll remove ones that store your preferences — meaning if you opted out before via our banner, that opt-out cookie is gone and you might get the banner again on your next visit to reconfirm your choices.

We also support the Global Privacy Control (GPC) signal for California residents to the extent applicable. If your browser is set to send a “Do Not Sell or Share” signal via GPC, our site will interpret that as an opt-out of sale/sharing for CCPA/CPRA purposes (though as we mention later, we don’t sell personal data in the traditional sense). However, GPC is more about data sales; for cookie consent, the CMP is your main tool.

For more nitty-gritty detail on each cookie we use, please read our Cookie Policy (which is usually accessible wherever this Privacy Policy is). It lists cookies by name, explains their purpose, provider, and lifespan, which can satisfy the curiosity of those who want to know exactly what’s going on under the hood.

How We Share Information

We do not sell your personal information to third parties. But we do share information in certain scenarios, as necessary to run our operations or as required by law:

With Service Providers (Processors): We use various third-party companies to help us operate the Site and understand our users. These companies process data on our behalf under strict instructions, and they’re not allowed to use that data for their own purposes (at least not without your consent or unless they’ve collected it independently).
Examples: We’ve talked about Google and Microsoft a lot. When you allow analytics cookies, Google is processing data to give us analytics; Microsoft is doing similarly with Clarity. Cloudflare processes data to provide security and performance (it’s basically a gatekeeper for our site). These companies might incidentally use the data to improve their own services (for instance, Cloudflare might analyze attack patterns across all its clients, or Google might use aggregated analytics data to improve their Analytics product), but they’re not using it to, say, build an advertising profile on you from our analytics (Google Analytics data is separate from Google Ads data unless we link them and have permission, which we have not enabled without consent).
These providers are bound by data processing agreements. That means we have contracts or terms in place that include clauses to protect your data (including the standard contractual clauses for international transfer, which we’ll mention below).
With Advertising Partners: When ads are shown on our Site, certain data is automatically shared with the ad networks. For example, if an ad network is bidding to show an ad to you, they receive the context (our site’s topic), possibly a cookie identifier (if permitted), and maybe general geo-info to decide which ad is relevant. This is done in real-time via programmatic advertising systems. We have configured our Google AdSense to use the IAB’s Transparency & Consent Framework as well, meaning it respects the consent string provided by the CMP. If you opted out, Google will limit what data is used. If you opted in, Google might share some info with its advertising partners to serve tailored ads. Similar logic applies to any other ad or tracking pixels (Microsoft, Yahoo) we run for conversions.
It’s important to note that while we consider these things as “sharing” for transparency, they often do not involve us (humans at JR NETMEDIA) seeing your personal data. It’s more of a system-to-system communication. For instance, we don’t see a list of, say, ad identifiers or anything on our end — we just see aggregated reports like “100 conversions happened this week from Bing Ads.”
Business Transfers: If, in the future, JR NETMEDIA undergoes a business transaction like a merger, acquisition by another company, or sale of assets, user information might be among the assets transferred. If that happens, we will ensure the new owner continues to uphold the standards of this Privacy Policy (or we’ll notify users if policies change). For example, if some larger company bought our Site to incorporate our app info into their portfolio, the user data (mostly analytics and such) would likely go with the site. In any such event, we would communicate the change to our users and outline any choices you may have.
Legal and Safety Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We might also share information if we believe it’s necessary to:
Comply with a legal obligation or process (subpoenas, court orders, etc.).
Enforce our Terms of Service or other agreements.
Protect our rights, property, or safety, or those of our users or others. For instance, exchanging information with other companies and organizations for fraud protection or security risk reduction. If someone tries to perpetrate a cyber attack, we might share relevant logs with cybersecurity organizations to help prevent broader harm.
Aggregate Data: We might share aggregated or de-identified information publicly and with third parties. For example, we might publish trends or usage statistics (like "Our site has over 1 million monthly visitors interested in mobile apps, with X% from Europe and Y% from Asia"). This kind of data has no personal identifiers and is purely statistical. Sharing it causes no privacy harm, as it cannot be traced back to any individual.

Finally, the third parties we integrate (like Google, Microsoft, etc.) each have their own privacy policies. We strive to only work with reputable companies that have strong privacy and security track records. If you want to dive deeper into how those companies treat data from tools we use: - Google’s Privacy Policy covers Google Analytics and AdSense data usage. - Microsoft’s Privacy Statement covers Microsoft Clarity and their advertising services. - Cloudflare’s Privacy Policy covers data through their security services. - Yahoo Japan (if applicable for ads) has privacy guidelines usually available on their site (sometimes only in Japanese, but presumably accessible).

We list some of these in the sources at the end for reference, but on our Site’s interface, you can often find them via the cookie banner details.

International Data Transfers & Storage

Location of Data: We, as JR NETMEDIA, are based in Andorra. However, the internet is global, and so is our usage of services. Practically speaking, most of the data we collect (especially through third parties like Google or Microsoft) might be stored on servers in the United States or other countries. For example, when you browse our site from Europe, your data might be processed by a Google server in Europe first (due to Google’s network design) but then stored in or backed up to servers in the U.S. Similarly, Cloudflare operates a worldwide network; your traffic is handled by a node near you (for speed) but could also traverse or be logged in the U.S. or elsewhere.

Data Protection Safeguards: Andorra is recognized as providing an adequate level of data protection by the European Union. Even so, when we transfer data internationally, we want to ensure continued protection: - We rely on agreements that include Standard Contractual Clauses (SCCs) for our service providers. These are legal clauses approved by the European Commission to legitimize data transfers from Europe to third countries. For instance, Google Analytics data transfer outside of Europe is governed by SCCs between Google and us (as part of Google’s Data Processing Amendment). - Some providers may also rely on international frameworks if available. For example, recently, a new EU-US data transfer framework was introduced (the Data Privacy Framework). If companies like Google or Microsoft get certified under that, it provides additional assurances for data moving to the US. We keep an eye on these developments. - Data Minimization: We try to limit what data is transferred. For example, we enable IP anonymization for Google Analytics, meaning your full IP isn’t stored by Google. We don’t collect highly sensitive info anyway. So the data that does travel is typically of low sensitivity (usage patterns, etc.). - User Control: Remember, you have control. If you’re uncomfortable with data potentially leaving your country, you can opt out of analytics cookies — then the only data going abroad would be the bare minimum (like your IP address hitting our server, which is inevitable for internet communication, and maybe being proxied through Cloudflare). We have to be honest that an IP address will often go to the U.S. because companies like Cloudflare route traffic globally. However, Cloudflare, for example, is subject to privacy obligations and security measures.

Retention & Deletion in Transfers: Data we collect via third parties is subject to their retention practices too. For instance, Google Analytics data is typically retained for a set period (we currently set it to 14 months, as mentioned before). After that, Google deletes it on a rolling basis. If you request us to delete your data (like a log or something linked to you, perhaps via an IP), and if we can identify it in third-party systems, we will also request those third parties to delete it where feasible. For example, we can delete Google Analytics Client IDs or reset data in certain cases.

Your Perspective: We understand that international data transfers might seem worrying due to differing laws (like surveillance concerns in the U.S.). We promise that we take these concerns seriously. We monitor guidance from authorities (like the EU’s recommendations on Google Analytics usage post-Schrems II, etc.). If needed, we will adapt our practices or even self-host solutions to keep data local, should legal environments demand it. At present, we believe our approach (using well-known, reputable services with safeguards) is appropriate and in line with global standards.

Data Retention – How Long We Keep Data

We don’t want to keep your personal data for any longer than necessary. Here’s a breakdown of how long different types of data are retained before being deleted or anonymized:

Analytics Data: As noted earlier, we have configured Google Analytics to retain user-level and event-level data for 14 months. This means if you visited today, that particular record of your visit (tied to a random identifier, not your name or anything) would drop off our analytics after 14 months, unless you visit again and the clock resets with new events. Microsoft Clarity’s recordings and data are retained for a shorter period (Clarity’s default is typically 30 days for full session recordings, though aggregated data may remain). We generally don’t have direct control beyond those settings, but that’s the timeline we operate under for analytics. We also periodically review aggregated analytics – since aggregates contain no personal identifiers, we might keep those summaries indefinitely (e.g., "total visits per month" stats to compare growth year over year).
Server Logs: Our web server and security logs (which contain IP addresses, timestamps, and requested URLs) are typically kept for a short duration, such as 30 to 90 days, for routine troubleshooting and security analysis. Cloudflare’s logs, similarly, are retained around that range (and sometimes less, depending on the log type). Unless we detect a security incident that warrants longer investigation (in which case we might isolate certain log entries and keep them longer), these logs roll over and older entries are purged regularly.
Ad and Conversion Data: Data associated with advertising cookies remains as long as the cookies themselves are valid or unless you clear them. For example, the Google IDE cookie lasts 13 months in the EU. If you revisit within that time, it may get renewed; if not, it disappears on its own after 13 months. The Bing Ads uetvid cookie we use lasts about 13 months as well, anduetsid (session cookie) expires after 24 hours. Yahoo’s yclyjad cookie lasts 90 days. We receive reports from these ad systems that do not personally identify you (they might say something like "100 users from campaign X did action Y"). We may keep those reports indefinitely since they don’t contain personal data — they are just numbers that help us strategize.
Contact Communications: If you email us or send a message, we will retain that correspondence for as long as needed to address your issue, and possibly a bit beyond just in case follow-ups are needed. A common practice is to keep communications for up to 1-2 years. This helps if you come back with a related question or if there’s a need to reference what was discussed. For important notices (like DMCA takedown requests or legal matters), we may retain them longer, often up to 6 years or more, to have a record in case of any future disputes or legal requirements.
Consent Records: We keep records of what consent was given and when, as required by regulations. The consent string (TCF string) stored via cookie has an expiration (often 13 months by standard), and we will likely prompt you again after that time to reconfirm. Internally, we may store logs of consent events (like "User from IP X gave consent to Y categories on date Z") to demonstrate compliance. These logs might be kept for a couple of years since regulators often expect you to have proof of consent. But again, these typically don’t include identifiable personal info beyond maybe an IP and timestamp, which in isolation and with passage of time is not highly identifying.
No User Accounts Data: Because we don’t have user accounts, we do not have things like profile data or posts that need retention policies. If we ever introduce such features (e.g., allowing user comments or an email newsletter), we’ll update this section to reflect how long we keep that data.

Once the retention period is over, we either delete the data or anonymize it (so it can no longer be linked to any individual). Deletion is often automated (like Google Analytics auto-deletion). For things like emails, deletion is manual or semi-automated (we might do periodic sweeps of old communications to clear them out).

If you request deletion of your data and we can identify it (for instance, you provide an IP and proof you accessed at a certain time, or you give us a cookie ID, etc.), we will delete that data from our systems and instruct third parties to do so as required. Some data, once aggregated, might not be feasible to delete without affecting integrity of stats (like if your visit is part of a total count that’s already summed up, we can’t subtract it easily); but in such cases, it’s not identifiable anyway.

Your Rights Regarding Your Data

Under the GDPR (and Andorra’s similar law), you have certain rights about your personal data. We extend these rights as applicable to all users, not just EU citizens, because we believe in treating everyone fairly. Here’s a summary in plain language:

Right to Access: You can ask us, “What personal data do you have about me?” and we’ll provide a copy of that data, along with details on how it’s used, who it’s shared with, etc. Given the nature of our data collection, most of it is pseudonymous and might not be easily tied to your identity (for example, we might only have a cookie ID or IP logs). But to the extent we can locate data about you, we will provide it. For instance, if you emailed us before, we can give you a copy of that email from our records, as that’s personal data (it’s tied to you).
Right to Rectification: If you believe we have incorrect or incomplete information about you, you can ask us to correct it. In practice, since we mostly don’t collect data like name/address (unless you provided it), this might apply if, say, you think we logged something incorrectly or an email we have for you is misspelled. We will update our records as requested, when possible.
Right to Erasure: Also known as the “right to be forgotten”. You can request that we delete the personal data we hold about you. We will honor this request in all cases where we are not legally required or have a compelling legitimate interest to keep the data. For example, if you had once given consent to analytics and now want all that data deleted, technically analytics data is aggregated/pseudonymous so it’s hard to isolate yours. But what we can do is ensure no further data is collected (by respecting your cookie opt-out) and erase any identifiable records we might hold (like correspondence). If you were in a Clarity recording and you want that deleted, we would see if Clarity allows deletion of specific session recordings and do so. If you filled a form or comment that’s stored in our database, we would remove it completely. Do note: some data might be in system backups or logs that are impractical to edit; in those cases, we’ll let those expire naturally, and they will not be actively used.
Right to Restrict Processing: You can ask us to halt certain processing of your data. For instance, maybe you contest the accuracy of data and want us to stop using it until it’s fixed. Or you objected to processing and are awaiting our evaluation of that objection. While processing is restricted, we can still store the data, but not use it. In web terms, this might not come up often — it’s more likely you’d simply opt out or request deletion. But it’s your right nonetheless.
Right to Object: You have the right to object to processing of your personal data that is done on the basis of our legitimate interests or for direct marketing. The clearest example: if we were sending marketing emails, you could object and we’d stop (also that’s covered by unsubscribe in practice). For our Site, you might object to processing like analytics tracking done under legitimate interest (if we did any without consent). In such a case, we would stop that processing for you — effectively, it’s like an opt-out. If you object to any data usage that we consider necessary (like security logging), we’d discuss that with you or find a solution, because some things we can’t just stop without compromising the Site’s integrity. But we would absolutely take your objection seriously and either cease processing or provide compelling legitimate grounds for why we must continue (if allowed by law).
Right to Data Portability: This applies to data you provided us in a structured, commonly used format. For our site, there’s rarely data you “provide” in that sense (except maybe if you contacted us or left a comment). If we had a lot of data about you that you gave us and you wanted it in a portable format (like CSV or JSON), we’d provide that. For instance, if theoretically you had a user account and uploaded content, you could ask for an export of all your content and profile — that’s portability. In current context, this is not very applicable, but if you needed, say, all email communications between us and you in a file, we can do that.
Right to Withdraw Consent: If we are processing something based on your consent, you can withdraw that consent at any time. The easiest example: cookies. If you consented to analytics cookies but later don’t want to be tracked, you can change your preference (withdraw consent) and we will stop analytics from that point forward. Withdrawing consent doesn’t affect processing that already happened (when you had consented), but we cease future processing. If you had given any other consent (like an email marketing sign-up), you can withdraw from that too (e.g., unsubscribe).
Right in relation to Automated Decision-Making: We do not make any decisions about you that are purely automated and have a significant effect. There’s no AI deciding things like credit scores or hiring on our site. The only automated things are ad targeting (which is done by algorithms but not in a way that produces legal effects or similar). If that ever changes, we will let you know and you’d have the right to certain protections (like human intervention or to contest decisions).

To exercise any of these rights, please contact us at [email protected]. Please clearly explain what you want to do (e.g., “I want a copy of my data” or “Please delete all data you have on me”). We may need to verify your identity to ensure we don’t give your data to someone else or delete the wrong person’s info. If you’re contacting from an email that we have on file (like you emailed us before from that address), that helps establish identity. If we only have a cookie ID or IP address for you, we might ask for more info (like a specific cookie value or some proof you own that IP, which can be tricky). We’ll work with you to figure it out.

We aim to respond to requests within one month. If it’s a complex request or we have a lot of requests at once, we might need up to two additional months, but we’ll let you know if that’s the case. We don’t charge a fee for these requests in most circumstances. If, however, someone makes repetitive, unfounded, or excessive requests, the law allows us to either charge a reasonable fee or refuse — but we would explain why if that situation arose.

Lastly, if you believe we’ve not handled your data correctly or satisfied your rights, you have the right to lodge a complaint with a supervisory authority. In Andorra, that’s the APDA (Andorran Data Protection Agency). In the EU, you can contact your local data protection authority. We sincerely hope that will never be necessary, and we welcome you to talk to us first so we can address any issues.

Children’s Privacy

Our Site and services are not intended for children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you are under 13, please do not use our Site or send any personal information to us (such as name, email, or phone number). If we discover that we have inadvertently gathered personal data from a child under 13, we will take immediate steps to delete such information from our records.

For teens between 13 and 16: If you are in a region (like some EU countries) where parental consent is required for us to lawfully collect your personal data, please ensure that your parent or guardian provides consent. Generally, our content is PG-13 (we discuss apps, some of which might be games or social media that have their own age ratings), but again, we do not have sections collecting data like registrations.

Parents or guardians: If you believe your child under 13 (or under 16, in jurisdictions with that threshold) has provided us with personal information, please contact us at [email protected]. We will investigate and, if appropriate, remove the data and cease any related processing. We are committed to complying with youth privacy regulations such as COPPA (Children’s Online Privacy Protection Act in the US) and relevant EU member state laws implementing GDPR’s Article 8.

It’s also worth mentioning: we label our Site’s AdSense settings as not directed to children. This means Google will treat our content as general audience and not serve any child-targeted behavioral ads. If a child still manages to access our Site, the data collected is minimal and handled as per this policy, but ideally, we want to prevent collecting at all by disallowing such use.

Security Measures

We understand that the security of your personal data is extremely important. We’ve put in place appropriate technical and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction of your data. These include:

Secure Protocols: Our Site uses HTTPS for all traffic. You’ll notice the padlock icon in your browser’s address bar when visiting Appcrazy, indicating that the connection between your browser and our server is encrypted. This helps protect data in transit from eavesdropping.
Cloudflare Security: We employ Cloudflare not just as a content delivery network for faster site loading globally, but also for its security features. Cloudflare helps mitigate DDoS attacks (where bad actors overwhelm a site with traffic) and blocks many common threats. The Cloudflare Bot Management system specifically identifies and filters out malicious bots from legitimate users, using the __cf_bm cookie and other techniques. This means many threats are stopped before they even reach our actual server.
Server Security: Our web server is kept up to date with the latest security patches. We also use firewall rules to block suspicious activity. Admin access to our systems (if any) is restricted and protected by strong authentication (like long passwords or keys, and possibly two-factor authentication).
Monitoring: We actively monitor our Site for any unusual activity or potential vulnerabilities. This could be via automated tools that scan for malware or through alerts that trigger if something seems off (like sudden spikes in traffic that might indicate an attack).
Limited Data Access: Within JR NETMEDIA, access to raw data (like logs or analytics identifiers) is limited to personnel who need it to perform their duties (for example, a developer troubleshooting an issue or analyzing usage trends). We ensure anyone with such access is bound by confidentiality and understands their responsibility to protect user privacy.
No Sensitive Personal Data: We consciously avoid collecting highly sensitive information (like credit card numbers, social security numbers, health data, etc.) which inherently reduces the risk surface. Most data we handle is of relatively low sensitivity (browsing data, etc.), though we treat all personal data with care regardless.
Third-Party Security: We choose vendors who are known for robust security measures. Companies like Google and Microsoft invest heavily in security. While no company is immune to breaches, they have dedicated teams and advanced measures to secure the data they handle on our behalf. We also review their compliance certifications (e.g., ISO 27001, SOC 2, etc.) to be confident in their security posture.
Backup Protocols: We keep backups of important data to prevent data loss. These backups are encrypted and stored securely. If a disaster happened (like a server failure), we could restore data from backups, ensuring continuity. Backups are protected with similar care (access controls, encryption) to prevent unauthorized access.
Breach Response Plan: In the unlikely event of a data breach (for example, if we discovered that an unauthorized person accessed our systems or our third-party provider had a breach impacting our data), we have a plan to respond. This includes:
Identifying and isolating the issue (stopping further unauthorized access).
Assessing what data (if any) was compromised.
Notifying affected users and authorities as required by law. For instance, if personal data of EU users was breached, we’d notify the APDA and possibly users, following GDPR guidelines on breach notification.
Taking steps to prevent a recurrence, such as patching systems, changing credentials, etc.

It’s important to understand that while we strive to protect your information, no security measure is 100% foolproof. The internet by its nature has risks. However, we are constantly updating and refining our security practices to meet or exceed industry standards.

We also encourage you to play a role in protecting your information. For example, if you contact us via email, ensure you’re using a secure email provider and not sending highly sensitive data in plain text. Be aware of phishing: we will never ask you for passwords or payment information out of the blue. If something regarding our Site seems suspicious, reach out to us to confirm.

Third-Party Websites and Services

Our Site contains links to external websites, such as official app pages on the Google Play Store or Apple App Store, and possibly other tech-related resources. If you click these links, you will be directed away from our Site. Please note that we have no control over, and are not responsible for, the content or privacy practices of those external sites. Their privacy policies will govern any data they collect from you.

For example, if you click a link to go to the Google Play Store to install an app, Google’s Privacy Policy and terms of service apply there, not ours. The same goes for Apple’s App Store or any other third-party site.

We encourage you to review the Privacy Policy of every site you visit, especially before providing any personal information to them.

Additionally, our integration of third-party services means some data flows to those services. We’ve discussed Google Analytics, Microsoft Clarity, and ad networks at length. To recap: - Google Analytics uses data under Google’s privacy terms; however, they are restricted from using it beyond providing us the service (without your consent for other uses like ad personalization). - Microsoft Clarity likewise operates under Microsoft’s Privacy Policy. Clarity doesn’t collect personal data like names, but note that Microsoft might use some Clarity data to improve their services (they claim to mask and not use any sensitive info). - AdSense/Advertising partners: If an ad from, say, Google or another network appears on our Site, that ad might have trackers (like cookies or pixel tags) that allow the advertiser to know you saw or clicked the ad. This is essentially you interacting with a third-party service (the ad network) through our Site. Those interactions may result in data (e.g., the fact that a particular browser saw an ad at time X on our site) being recorded by that third party, subject to their policies and your consent choices.

Social Media: If we have social media buttons or embedded content (like a YouTube video or a Twitter feed) on our Site, those services might load their own cookies or otherwise collect data. For instance, playing an embedded YouTube video on our site will subject you to YouTube’s data collection (which could include tracking views, linking to your YouTube/Google account if logged in, etc.). We currently focus on app info and don’t typically embed social content, but it’s good to be aware of.

We want to underline that JR NETMEDIA is only responsible for the privacy and security of data we directly collect and control. Once data goes to a third party (because you clicked a link or loaded third-party content), it’s governed by that party’s rules. We do, however, choose reputable third parties and do configure things to minimize unnecessary data sharing (for example, not integrating unnecessary trackers, or using privacy-preserving modes where available).

If you find any link on our Site that you believe is inappropriate or leads to content with poor privacy practices, feel free to inform us. We appreciate feedback and want to ensure we’re only directing our users to reliable resources.

Compliance with Laws

We operate out of Andorra and aim to comply fully with both Andorran law and relevant international laws regarding data protection:

Andorran Law (LQPD): Andorra’s “Qualified Law 29/2021 of Personal Data Protection” is the primary law governing personal data in Andorra. It’s designed to mirror many of the protections of the EU’s GDPR. We align our practices with this law — for example, obtaining consent where needed, safeguarding data, and respecting rights like access and deletion.
GDPR (EU General Data Protection Regulation): Even though Andorra isn’t in the EU, GDPR can apply to us if we are offering services to or monitoring the behavior of people in the EU. Given that our Site is accessible worldwide and we do get visitors from the EU (since app information is of interest globally), we consider GDPR standards as a baseline for our operations. Everything in this Privacy Policy — from clear consent mechanisms to detailing your rights — is part of GDPR compliance. We also adhere to the GDPR principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and accountability.
CCPA/CPRA (California): If you’re a California resident, you have certain rights under the California Consumer Privacy Act and the California Privacy Rights Act. These rights (like knowing what personal data is collected, opting out of its sale, deleting it, etc.) overlap a lot with GDPR rights, which we already honor. We do not “sell” personal information in the sense CCPA defines (exchange of data for money or equivalent value to third parties). We do use third-party advertising and analytics, which CCPA might consider a “share” for cross-context behavioral advertising. We have provided mechanisms (like the CMP and Global Privacy Control support) to opt out of such sharing. If you are a California resident wanting to exercise CCPA rights, you can contact us just like an EU user would, and we’ll treat it accordingly. One difference: California’s law has a broader definition of personal info (including households, devices). Rest assured, we handle those with care too.
Other US States: Laws in places like Virginia, Colorado, etc., are coming or in effect. We anticipate that by following GDPR/CCPA, we’re largely in compliance with those too (they also give rights to access, delete, opt-out of certain processing). If you’re from any region and have privacy inquiries, we’ll do our best to address them per your local law on top of our default approach.
Canada (PIPEDA): We may have users in Canada. We don’t do anything that would violate PIPEDA’s principles of consent and reasonable purposes. We consider visiting our Site as implicit consent for necessary data (e.g., showing content, security logs). For non-necessary stuff, we ask (via cookie banner). We allow opting out. So Canadian users are covered by our general policies too.
Brazil (LGPD): Similarly, Brazil’s law is akin to GDPR. All the rights and bases we’ve discussed apply. If Brazilian users have specific LGPD rights (like confirming existence of processing, etc.), those are in line with what we offer.
International Data Transfers: We already talked about how we handle that under GDPR (adequacy, SCCs). Andorra itself is considered adequate by the EU, so data from EU to Andorra is fine. For data from Andorra/EU to US, we have SCCs etc. Under Andorran law, international transfers should also have safeguards, which we do implement.
E-Privacy (Cookie Law): Andorra doesn’t have a direct equivalent of the EU’s ePrivacy directive (since Andorra is not in EU), but APDA has cookie guidelines which we follow. For EU users, ePrivacy requires consent for cookies that aren’t strictly necessary. That’s exactly what our cookie banner does. So we’re good on that front.

In summary, we design our privacy practices to be robust and universally respectful, so that no matter where you’re from, you benefit from a high standard of privacy protection.

If any new laws come into play or existing ones change, we will adapt accordingly. We keep ourselves informed about global privacy developments to ensure ongoing compliance.

Updates to This Policy

We may revise this Privacy Policy from time to time, and we will always post the most current version on our Site. If a revision meaningfully reduces your rights or involves a significant change in how we handle personal data, we will take steps to let you know. This could be through a more prominent notice on our website (like a banner or pop-up), an email notification if we have your email (for example, if you have contacted us before), or any other appropriate method.

The “Last updated” date at the top will always indicate when the latest changes were made.

Some reasons we might update the policy include: - Changes in the services we use (for instance, if we switch analytics providers or add a new advertising partner). - Changes in what data we collect or how we process it (say, we launch a new feature that collects data). - Legal or regulatory changes that require us to update our commitments (if a new law requires a certain disclosure, for example). - Feedback from users or changes in industry best practices.

We encourage you to review this Privacy Policy periodically. If you continue to use Appcrazy after changes to the Privacy Policy have been posted, that will signify your acceptance of the updated terms (provided that, if required, we have obtained any new consents needed under applicable law).

For any substantial changes, in addition to posting a notice, we might also archive previous versions of this policy and make them available for review (so you can see what’s changed). If you have any questions about a change, you can always contact us for clarification.

How to Contact Us

Your opinions and feedback matter to us. If you: - Have questions or comments about this Privacy Policy, - Need to exercise any of your rights concerning your personal data, - Have concerns about how we handle your data, or - Just want more information about our privacy practices,

feel free to reach out to us:

Email: [email protected]

We will do our best to respond promptly and thoroughly. Typically, you can expect a response within a few business days. If your request is complex or we need to look into things (like pulling data together for an access request), it might take a bit longer, but we will acknowledge your request and keep you updated on the progress.

We appreciate the trust you place in us by using Appcrazy, and we are committed to honoring that trust by being transparent and responsive when it comes to your privacy.

Thank you for reading our Privacy Policy. Happy browsing!