Privacy Policy

General informationen

With the "" software solution we offer you full control, security and transparency in terms of data protection. When using, your personal data will be processed in accordance with the General Data Protection Regulation (GDPR) and in accordance with the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

The term data processing is defined in Art. 4 No. 1 of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as "GDPR") as follows: "Processing" [means] any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading out, querying , use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction;"

Via the "" software (hereinafter also referred to as "product", "software", "software solution" or "system"), Aplano GmbH GmbH (hereinafter also referred to as "we", "us" or "our") an online market place software solution is available to you, with which you can buy and sell software code independently. For the purpose of functionality and user-friendliness, the processing of personal data (hereinafter also referred to as "data") is necessary. This data is stored and managed independently by you during registration as well as during the subsequent use of the software. The stored data is then used by the software as a basis for further calculations.

With this data protection declaration, we are informing you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others about the purposes and means of processing. In addition, we will inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Information about us as responsible officials

Responsible provider of this website in terms of data protection law is:

Aplano GmbH

Bernstorffstraße 174, 22767 Hamburg, Germany

Phone: +49 (0) 40 63739473

You can contact our data protection officer at:

When visiting our website

If you visit the domain or one of our subdomains, we temporarily collect data ("server log files") that your browser transmits to us. This also happens if you visit our domains purely for the purpose of obtaining information (i.e. without registering a user account or entering data in a form).

The collection of the data serves in particular to ensure a secure and stable website. It includes, among other things, browser type and version, operating system type and version, the website from which you switched to our website ("Referrer URL"), your IP address, the subpages visited by us, including the date and time of the respective Access.

This storage takes place on the legal basis of Art. 6 Paragraph 1 lit. f) of the GDPR and the expediency is based on our legitimate interest in improving, stability, functionality and security of our website.

The data collected in this way are temporarily stored and deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data will be wholly or partially excluded from deletion until an incident has been finally clarified.

For the reasons mentioned above and for statistical purposes to optimize our website, cookies are also evaluated and web analysis services are used. You can find more information on this in our "cookie directory" and in the "Web analysis, reporting and logging" section.

As part of the registration

The data collected in the registration process include: name of the company, email address, password, telephone number, number of employees.

By "registering" for one of our services, you confirm to us that you are an entrepreneur according to § 14 BDSG or that you are an authorized representative of a company. The acquisition of the registration data serves the purpose of identifying you as a contractual partner and setting up your account ("customer account") through which you can then use the software. We also process the data collected during registration to conclude and execute the contracts and other business relationships concluded via the account.

We also use the contact details provided to provide your company with information about changes to our services, to inform you about other products and services we offer, or to carry out customer satisfaction surveys.

The data processing for the purposes mentioned represents a legitimate interest on our part, so that the data processing is justified in accordance with Art. 6 Para. 1 Clause 1 lit.f) GDPR.

As part of the use of the application

The processing of personal data (hereinafter also referred to as "data") is required for the functionality and user-friendliness of the software. In the following you will find detailed information about the data that we process from you as a user of the software and their visibility.

The visibility of data is divided into the following areas:

  • Private data: This data can only be viewed by you as the user.

  • Public data: All users within your company can see this data ("publicly available").

  • Administrative data: In addition to you as a user, only administrators and their designated representatives (so-called "managers") can view this data.

Purpose-related processing:

  • The e-mail address is used to clearly identify the account and is used, among other things, for processes such as "reset password", "login" and "registration", as well as for sending notifications to users. Your email address is only visible to you and the system administrator.

  • Your profile information is used to connect you with the code that you are planning to sell through our marketplace. It also used to verify you as a professional developer by our team. Additionally your profile will be used to handle the payout to you in case of a sale of your code.

  • Insofar as you have set it yourself, your password is only known to you and is only ever stored or transmitted by us in encrypted form.

The processing of the above-mentioned data is based on Art. 6 Para. 1 Clause 1 lit. b) GDPR if you are our direct contractual partner, and on Art. 6 Para. 1 Clause 1 lit. f) GDPR if you are an employee companies registered with us use the software.

Contact and support requests

Data that you send us via contact inquiries, support forms or e-mail are stored for processing and for traceability. Your data will be deleted if your request has been finally answered and the deletion does not conflict with any statutory retention requirements.

Storage duration of the data

Your data processed when using our website or our software will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention requirements and no other information on individual processing methods is given below.

Data security

For us, the protection of your data has top security. The transmission of all data between your internet browser and our servers is therefore SSL-encrypted. All passwords stored with us are also only stored in encrypted form.

Your rights as a data subject

As a user and person concerned, you have various rights under the GDPR, which arise in particular from Art. 15 to 23 GDPR.

You as a user and person concerned have the right

  • To receive information about the data processed by us and their processing purposes (Art. 15 GDPR)

  • to correct or complete incorrect or incomplete data (Art. 16 GDPR)

  • for deletion of the data concerning you - "right to be forgotten". (Art. 17 GDPR).

  • to restriction of processing (Art. 18 GDPR)

  • Notification obligation in connection with the correction or deletion of personal data or the restriction of processing (Art. 19 GDPR)

  • to receive the data in a structured, commonly used, machine-readable format ("data portability") as well as the right to forward the data to another person responsible if the requirements of Art. 20 Para. 1 lit. a, b GDPR are met (Art. 20 GDPR ) and the processing is carried out using automated procedures.

  • to object to the processing of the data concerning you (according to Art. 21 GDPR), provided that the data is processed by the provider in accordance with Art. 6 Para. 1 lit.f) GDPR. This also applies to profiling based on these provisions. In particular, an objection to data processing for the purpose of direct advertising is permitted.

  • to lodge a complaint with the supervisory authority if you are of the opinion that the data concerning you have not been processed by us in accordance with the GDPR.

Usage of cookies

Our online offer uses cookies. Cookies are small text files that can be stored in the browser in order to transfer certain - in our case anonymized - data to our servers or servers belonging to companies authorized by us (see section "Web analysis, reporting and logging"). The evaluation of such cookies serves, among other things, the stability, analysis, and optimization of our online offer based on Article 6 Paragraph 1 Clause 1 lit.

You can prevent the installation of cookies by setting the browser software accordingly. However, we would like to point out that in this case not all functions of this website can be used to their full extent.

Web analysis, reporting and logging

In the following section we will inform you about the software used for web analysis, reporting and logging purposes. The legal basis for the use of the services listed below is a legitimate interest in the stability, analysis, optimization, avoidance of hacking attacks and the economic operation of our online offer based on Article 6, Paragraph 1, Clause 1, lit.


In order to identify sources of error in our software at an early stage and thus to guarantee our product quality and stability, we use the crash reporting tool "Sentry" (Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107).

In the event of system crashes, runtime errors or system-critical processes, we use Sentry to register relevant meta-data that help us understand the process and eliminate sources of error. Only data is collected that helps us to fix the error independently and as quickly as possible (browser type and version, operating system type and version, status of the software, URLs called up, anonymized user data, process time stamp, device type). All data transmitted to Sentry are stored strictly separately from the data of the software.

The data is only used to meet the above-mentioned goals and the data is not processed further for advertising purposes or for further analyzes. As soon as an update for the error has been installed in order to correct the error, the data is reserved for checking the occurrence of the error for a further 30 days and then deleted.

Sentry is a company certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law:

For more information, please refer to Sentry's privacy policy:

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use Google Analytics, a web analysis service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law (

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases.

The IP address transmitted by the user's browser will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly by downloading and installing the browser plug-in available under the following link:

Alternatively, (e.g. when using a smartphone or tablet) you can prevent the collection of your data by clicking on the "Cookie Policy" link, which is positioned at the bottom left of each webpage and then opting out. An opt-out cookie is set which prevents your data from being recorded on future visits to this website.

You can find more information on how Google Analytics handles user data in the Google Privacy Policy:

This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. These data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

The personal data of the users will be deleted or anonymized after 14 months.

For more information on the use of data by Google, setting and objection options, see Google's data protection declaration ( and the settings for the display of advertisements by Google (

Google Adwords and Google Conversion-Tracking

On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use the marketing and remarketing services ("Google Marketing Services" for short ”) From Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“ Google ”).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law (

The Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with advertisements that potentially correspond to their interests. If, for example, a user is shown advertisements for products that he was interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google Marketing Services are active are accessed, Google immediately executes a code from Google and so-called (re) marketing tags (invisible graphics or code, also known as "web Beacons "called) integrated into the website. With their help, an individual cookie, i.e. a small file, is saved on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including,,,, or This file records which websites the user has visited, which content he is interested in and which offers he has clicked, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform you within the framework of Google Analytics that the IP address will be shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases entirely to one Is transferred to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. The aforementioned information can also be combined by Google with information from other sources. If the user then visits other websites, they can be shown advertisements tailored to their interests.

The user data is processed pseudonymously as part of the Google Marketing Services. This means that Google does not store and process e.g. the name or email address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in the USA.

The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies cannot therefore be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

We can incorporate third-party advertisements on the basis of the Google “AdSense” marketing service. AdSense uses cookies that enable Google and its partner websites to display ads based on users' visits to this website or other websites on the Internet.

We also use "Google Tag Manager" to integrate and manage Google analysis and marketing services on our website.

You can find more information on the use of data by Google for marketing purposes on the overview page:, Google's data protection declaration is available at

If you would like to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google:


We use Hotjar to better understand the needs of our users and to optimize the offer and the experience on this website. With the help of Hotjar's technology, we get a better understanding of the experiences of our users (e.g. how much time users spend on which pages, which links they click, what they like and what not, etc.) and this helps us to offer our users feedback align. Hotjar works with cookies and other technologies to collect data about the behavior of our users and about their end devices, in particular the IP address of the device (is only recorded and stored anonymously when you use the website), screen size, device type (Unique Device Identifiers ), Information about the browser used, location (country only), preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, see the “about Hotjar” section on Hotjar's Help page:

Support services

For the purpose of advisory services and product support, we use the "Customerly" chat software (Customerly Limited Ground Floor 8-9 Marino Mart Fairview, Clontarf Dublin D03 P590 Ireland). The chat history together with your IP and the information you give us in the chat are processed and stored by Customerly.

For more information on Customerly's GDPR compliance, visit:


This website uses so-called web fonts provided by Google for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address.

The use of Google Web Fonts takes place in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.