Privacy Policy

Last modified April 12, 2026

1. Who we are

This Privacy Policy explains how Appspire d.o.o. (hereinafter, "us", "we", or https://appspire.tech) collects, uses, shares, and otherwise processes personal data in connection with the website https://corevalues.guide and any related products, services, communications, and features (collectively, the "Services").

The controller of your personal data is:

Appspire d.o.o.
OIB: 85271623476
Registered office: Savska cesta 32, 10000, Zagreb, Croatia
Email: contact@appspire.tech

For the purposes of this Privacy Policy, "personal data" means any information relating to an identified or identifiable natural person.

2. How to read this Privacy Policy

We process personal data in accordance with applicable data protection law, including Regulation (EU) 2016/679 — the General Data Protection Regulation ("GDPR").

The categories of personal data we process depend on how you interact with us. We only process personal data where we have a valid legal basis to do so, such as:

  • to take steps at your request before entering into a contract or to perform a contract with you;
  • to comply with legal obligations;
  • for our legitimate interests, where those interests are not overridden by your rights and freedoms; or
  • with your consent, where consent is required.

3. What personal data we collect

Depending on how you use our Services, we may collect the following categories of personal data:

3.1 Information you provide directly

We may collect:

  • your name;
  • your email address;
  • your billing details;
  • the content of messages, enquiries, feedback, or support requests you send to us;
  • information you provide when subscribing to newsletters or promotional communications;
  • content you submit, upload, generate, or share through the Services.

3.2 Transaction and purchase information

If you make a purchase, payment-related information may be collected and processed through our payment partner, including:

  • your name and email address;
  • billing address;
  • country;
  • transaction amount, currency, VAT or sales tax information;
  • order and refund information;
  • fraud and verification data associated with the transaction.

3.3 Website usage and device information

When you visit our website, we may collect:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • referring URL;
  • pages viewed;
  • approximate geolocation derived from IP;
  • interactions with the website;
  • cookie identifiers and similar online identifiers.

3.4 Marketing and communications information

We may collect:

  • your email subscription status;
  • communication preferences;
  • records of whether emails were delivered, opened, or clicked, where such tracking is used lawfully.

4. How we use your personal data

4.1 To respond to enquiries and provide support

If you contact us, we use your personal data to communicate with you and respond to your request.

Categories of data: name, email address, message content, related correspondence.

Legal basis: pre-contractual steps at your request, contract performance, and/or our legitimate interest in handling enquiries and support.

Retention: for as long as necessary to handle the request and for a reasonable period afterwards to manage follow-up, record-keeping, and legal claims.

4.2 To provide the Services

We use personal data to operate the website, provide features, deliver purchased products or services, manage access, and administer customer relationships.

Categories of data: account and contact details, user content, service usage data, purchase-related data.

Legal basis: contract performance and our legitimate interests in operating and improving the Services.

Retention: for as long as necessary to provide the Services and afterwards as needed for record-keeping, legal claims, fraud prevention, and compliance obligations.

4.3 To process purchases, billing, taxes, refunds, and fraud prevention

We use personal data in connection with payments, invoices, taxes, fraud prevention, chargebacks, and refunds.

Categories of data: name, email address, billing details, country, transaction details, fraud and verification indicators.

Legal basis: contract performance, legal obligations, and our legitimate interests in payment administration, fraud prevention, and defending claims.

Retention: for as long as necessary for the transaction and as required by accounting, tax, anti-fraud, and related legal obligations.

4.4 To send newsletters and marketing communications

If you subscribe to marketing communications, we use your personal data to send newsletters, updates, promotions, and similar messages.

Categories of data: name, email address, communication preferences, email engagement data where lawfully used.

Legal basis: your consent, where required by law.

Retention: until you unsubscribe or withdraw your consent, and for a limited period afterwards where necessary to maintain suppression lists and compliance records.

You can unsubscribe at any time by using the unsubscribe link in a marketing email or by contacting us.

4.5 To analyse website use and improve performance

We use analytics and similar tools to understand how visitors use the website, improve usability, measure performance, and troubleshoot issues.

Categories of data: IP address, device and browser information, visited pages, clicks, scrolling behaviour, approximate geolocation, session and interaction data, cookie identifiers.

Legal basis: consent for non-essential cookies and analytics where required by law; otherwise our legitimate interests in improving the website.

Retention: in accordance with our Cookies Policy or the relevant tool settings.

4.6 To comply with law and protect our rights

We may process personal data to comply with applicable law, enforce our terms, establish or defend legal claims, prevent misuse, and protect the security of the website and our business.

Categories of data: any data relevant to the issue.

Legal basis: legal obligations and our legitimate interests in compliance, security, and legal protection.

Retention: for as long as required by law or reasonably necessary for the relevant purpose.

5. Cookies and similar technologies

We use cookies and similar technologies to operate the website, remember preferences, measure traffic, analyse usage, and, where applicable, support marketing and advertising.

Some cookies are strictly necessary for the website to function. Other cookies and similar technologies, such as analytics and advertising tools, are used only with your consent where required by law.

For more information about the cookies we use, how long they remain on your device, and how to manage your choices, please see our Cookies Policy.

6. Third-party tools and services

6.1 Brevo

We may use Brevo to manage newsletters, service emails, promotional campaigns, subscriber lists, and related communications.

Depending on how you interact with us, Brevo may process data such as your name, email address, subscription status, communication preferences, and email engagement information.

Brevo acts on our behalf for these communication services and processes personal data in accordance with our instructions and applicable agreements. Marketing emails and any related tracking are used with consent where required by law. Further information about how Brevo processes personal data is available in Brevo's privacy policy.

6.2 Paddle

We use Paddle for payment-related services. Paddle's buyer terms state that buyers purchase the product from Paddle as authorised reseller through Paddle's services, and Paddle's privacy policy explains that it processes transaction and related personal data in its own role for payments and associated compliance purposes.

In practice, this means Paddle may process personal data such as your name, email address, billing information, transaction details, tax information, and fraud-related data in order to:

  • process payments;
  • issue invoices and receipts;
  • calculate and handle taxes;
  • prevent fraud;
  • manage chargebacks and refunds;
  • comply with legal and regulatory obligations.

Paddle may act as a separate controller for data it processes for its own legal, tax, fraud, payment, and compliance purposes.

6.3 Umami

We use Umami, self-hosted on our own infrastructure, an open-source analytics platform, to understand how visitors use our website and to measure traffic and performance. Your data is not sent to or processed by any third-party analytics provider, and we do not share it with any external party.

Umami may collect information such as visited pages, referrer URLs, browser and device type, operating system, approximate country derived from IP address, and session interaction data. In our configuration, Umami does set cookies on your device; however, because all analytics data stays on our own servers, is fully private, is never shared with any third party, and is used solely to operate and improve the Services, we rely on our legitimate interests as the legal basis and do not require separate consent for these cookies.

6.4 Laravel Nightwatch

We use Laravel Nightwatch for application observability, error monitoring, and performance insights. Nightwatch helps us detect bugs, diagnose issues, and maintain the reliability and security of the Services.

In the course of operating the Services, Nightwatch may process technical data such as request and response metadata, error traces, performance metrics, and limited contextual information about how the Services are used. Data collected by Nightwatch is hosted within the European Union, in Frankfurt, Germany.

Legal basis: our legitimate interests in securing, maintaining, and improving the Services. Further information about Laravel Nightwatch is available at https://nightwatch.laravel.com.

6.5 WorkOS

We use WorkOS for authentication and user identity management. When you create an account or sign in, WorkOS processes personal data on our behalf to authenticate your identity and manage your session.

Depending on how you interact with the Services, WorkOS may process data such as your name, email address, profile information, and authentication-related metadata (such as session tokens and login timestamps).

WorkOS acts as a processor on our behalf for authentication services and processes personal data in accordance with our instructions and applicable agreements. WorkOS is based in the United States; where this involves a transfer of personal data outside the European Economic Area, we rely on the safeguards described in Section 8.

Further information about how WorkOS processes personal data is available in WorkOS's privacy policy.

6.6 Hetzner

We use Hetzner Online GmbH ("Hetzner"), a hosting provider established in Germany (EU), for website hosting and related infrastructure. Personal data processed through the Services — including account, content, and usage data — is stored on a Hetzner server physically located in the United States of America.

Because this involves a transfer of personal data outside the European Economic Area, we rely on the Standard Contractual Clauses approved by the European Commission as the safeguard for this transfer, as further described in Section 8.

Further information about how Hetzner processes personal data is available in Hetzner's privacy policy.

7. Who we share personal data with

We may share personal data with the following categories of recipients, where relevant:

  • hosting and infrastructure providers;
  • authentication and identity management providers;
  • analytics and performance providers;
  • email and communications providers;
  • payment, billing, tax, fraud prevention, and refund providers;
  • customer support and administrative service providers;
  • legal, accounting, audit, and professional advisers;
  • courts, regulators, law enforcement, and public authorities where required by law or necessary to protect our rights.

We do not sell your personal data.

8. International data transfers

Some of our service providers or their sub-processors may process personal data outside the European Economic Area. In particular, our hosting provider stores personal data on a server located in the United States of America (see Section 6.6), and our authentication provider is based in the United States (see Section 6.5).

Where personal data is transferred to a country that does not benefit from an adequacy decision by the European Commission, we rely on an appropriate safeguard recognised under applicable law, such as:

  • Standard Contractual Clauses approved by the European Commission;
  • Binding Corporate Rules; or
  • another lawful transfer mechanism available under the GDPR.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to provide the Services, comply with legal obligations, resolve disputes, prevent fraud, enforce agreements, and defend legal claims.

  • contact enquiries are kept for as long as needed to handle the enquiry and related follow-up;
  • account and service data are kept for as long as the account or service relationship is active and for a reasonable period afterwards;
  • transaction and billing records are kept for as long as required by tax, accounting, and legal rules;
  • marketing data is kept until you unsubscribe or withdraw consent, plus a limited period to maintain suppression records;
  • cookie-related data is retained according to our Cookies Policy and the configuration of the relevant tools.

10. Automated decision-making and profiling

We may use limited profiling for analytics, segmentation, communications, and marketing optimisation.

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR, unless we specifically inform you otherwise.

11. Your rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to withdraw consent at any time, where processing is based on consent;
  • the right to lodge a complaint with a competent supervisory authority.

To exercise your rights, please contact us at contact@appspire.tech. We may ask for information necessary to verify your identity before processing your request.

12. Security

We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include access controls, encryption in transit where appropriate, secure hosting, and administrative safeguards. However, no method of transmission over the internet or method of storage is completely secure.

13. Third-party links and services

Our website may contain links to third-party websites, services, plugins, or social media platforms. We do not control those third parties and are not responsible for their privacy practices. Their use of your personal data is governed by their own terms and privacy policies.

14. Children

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16 without appropriate authorisation where required by law. If you believe that a child has provided us with personal data in breach of this policy, please contact us so that we can take appropriate steps.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or operational practices. The updated version will be posted on this page with a revised "Last modified" date.

16. Notice for California Residents

This section applies to residents of California and supplements the rest of this Privacy Policy. It is provided in accordance with the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, "CCPA").

16.1 Categories of personal information collected

In the preceding 12 months, we have collected the following categories of personal information as defined under the CCPA:

  • Identifiers — such as name, email address, and IP address;
  • Commercial information — such as purchase history, transaction details, and billing records;
  • Internet or other network activity — such as browsing behaviour, pages viewed, clicks, and interactions with the Website;
  • Geolocation data — approximate location derived from IP address;
  • Inferences — drawn from the above to understand preferences or behaviour for analytics and communications purposes.

The sources, purposes, and third parties involved in each category are described in sections 3, 4, 6, and 7 of this Privacy Policy.

16.2 Sale and sharing of personal information

We do not sell your personal information for money. However, under the CCPA, the use of certain analytics tools may constitute "sharing" personal information for cross-context behavioural advertising purposes. To the extent that any such sharing occurs, you have the right to opt out.

To opt out of the sharing of your personal information, please contact us at contact@appspire.tech or adjust your preferences through our cookie preferences tool.

16.3 Your rights under the CCPA

As a California resident, you have the following rights:

  • Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the sources from which it was collected, the purposes for which it was used, and the categories of third parties with whom it was shared;
  • Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions permitted by law;
  • Right to correct — you may request that we correct inaccurate personal information we hold about you;
  • Right to opt out of sale or sharing — you may direct us not to sell or share your personal information as described above;
  • Right to limit use of sensitive personal information — to the extent we collect sensitive personal information as defined under the CCPA, you may request that we limit its use to purposes permitted by law;
  • Right to non-discrimination — we will not deny you goods or services, charge you a different price, or provide you with a lesser quality of service because you exercised any of your rights under the CCPA.

16.4 Retention of personal information by category

We retain each category of personal information for the following periods:

  • Identifiers — for as long as your account or service relationship is active and for a reasonable period afterwards, or as required to comply with legal obligations;
  • Commercial information — for as long as required by tax, accounting, and legal rules, typically several years after the transaction;
  • Internet or network activity — in accordance with the configuration of the relevant analytics tools, typically up to 12 months;
  • Geolocation data — in accordance with the configuration of the relevant analytics tools, typically up to 12 months;
  • Inferences — for as long as the underlying data is retained, or until you withdraw consent or request deletion.

16.5 How to submit a request

To exercise any of your rights under the CCPA, please contact us by email at contact@appspire.tech with the subject line "California Privacy Request". We will respond within the timeframes required by applicable law.

We may need to verify your identity before processing your request. We will not discriminate against you for submitting a request.

17. Contact

If you have questions about this Privacy Policy or our processing of personal data, or if you want to exercise your rights, you can contact us at:

Appspire d.o.o.
Savska cesta 32,
10000, Zagreb, Croatia
Email: contact@appspire.tech

Back to home