Privacy Policy
Last updated: July 2026
1. Introduction
SaaStore ("we", "us", "our") operates the saastore.ai marketplace platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. It is written to be read alongside our Terms of Service, Cookie Policy, and Refund Policy. The data controller for the purposes of this Policy is the SaaStore team (a registered osek patur), based in Tel Aviv-Yafo.
2. Information We Collect
We collect information you provide directly to us:
- Account Information: Name, email address, and password when you create an account.
- Profile Information: Store name, description, avatar, and contact phone number for seller accounts. Please note: profile details of seller accounts - including the store name, description, and the contact phone number provided for that purpose - are displayed publicly on Listing pages.
- Payment Information: We do not collect payments from Users (buyers) and do not store credit card numbers on our servers. Payment to a Vendor for software takes place on the Vendor's own site or with the payment provider chosen by the Vendor, subject to that provider's privacy policy. Payments by Vendors to SaaStore for promotion services are processed by an external payment processor (currently Tranzila); payment details are provided directly to the processor and are subject to its terms and privacy policy.
- Content: App listings, screenshots, descriptions, and support messages you submit.
- Test-account credentials: A Vendor may, at its option, provide access details for a test account of its app for the purpose of the manual review. These details are stored with admin-only access, are used solely for the review, are never displayed on the Listing, and can be changed or revoked immediately afterwards.
- Communications: Messages you send through our support inbox.
3. Information Collected Automatically
- Usage Data: Pages visited, features used, and actions taken on the platform.
- Device Information: Browser type, operating system, and device identifiers.
- Log Data: IP address, access times, and referring URLs.
- Cookies: Essential session cookies for authentication, plus third-party advertising and analytics tags and cookies - currently Google Ads, Google Analytics (aggregate reporting), and Meta Pixel - once you opt in via our cookie banner. The full list appears in our Cookie Policy.
4. How We Use Your Information
- Provide, maintain, and improve our services
- Send technical notices, updates, and support messages
- Respond to your comments, questions, and customer service requests
- Monitor and analyse trends, usage, and activities at aggregate level
- Detect, investigate, and prevent fraudulent activity, abuse, and security incidents
- Comply with legal obligations
- Send you marketing communications about new features, curated app picks, and offers - ONLY if you separately opted in at signup. You may withdraw this consent at any time by emailing info@saastore.ai, without affecting any other use of your account.
5. Legal Basis for Processing (GDPR)
If you are in the European Economic Area, United Kingdom, or another jurisdiction with similar law, we process your personal data on one or more of the following legal bases as set out in Article 6 of the General Data Protection Regulation (GDPR):
- Performance of a contract - to create and operate your account, to facilitate access to Listings you subscribe to or purchase, and to provide the Service as described in our Terms of Service.
- Legitimate interests - to operate, secure, and improve the Service, prevent abuse and fraud, measure aggregate usage, and communicate operational information. We balance these interests against your rights and rely on this basis only where our interests are not overridden by your rights and freedoms.
- Consent - for analytics and advertising cookies (collected via our cookie banner) and for any optional marketing communications. You may withdraw consent at any time without affecting prior lawful processing.
- Legal obligation - to comply with tax, accounting, anti-money-laundering, regulatory, or court-ordered requirements.
6. Information Sharing
We do not sell your personal information. We may share information with:
- Service Providers: Third parties that perform services on our behalf (Tranzila for payment processing of promotion services; Resend for transactional email; Google for analytics and advertising measurement; Meta for advertising and its measurement; Cloudflare R2 for content and media storage; Railway for application hosting). Each provider processes only the data necessary for their function and under their own privacy terms.
- Advertising partners, for Vendors who purchased promotion services: where a Vendor purchases paid promotion services from SaaStore, we may share that Vendor's Listing details and relevant campaign data with external advertising partners in order to run the promotion on additional platforms, with the Vendor's consent under the Promotion Services Terms.
- Sellers/Buyers: Limited information necessary to facilitate contact between a User and a Vendor (for example, forwarding a User's inquiry or support request to the relevant Vendor).
- Legal Requirements: When required by law, regulation, or legal process, including responses to subpoenas, court orders, and lawful requests by public authorities.
- Successor entities: In connection with a merger, acquisition, financing due diligence, or sale of all or substantially all of our assets, subject to confidentiality and to your rights described in this Policy.
7. International Data Transfers
Our service providers may process personal data outside of your country of residence, including in the United States. For users in the EEA, UK, or Switzerland, transfers of personal data to countries that have not received an adequacy decision from the European Commission are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses, or by similar mechanisms relied on by the relevant provider. You may request a copy of those safeguards by contacting us at the address in Section 13.
8. Data Security
We implement technical and organisational measures intended to protect your personal information, including encryption in transit, access controls, server-side hashing for credentials, logging, and incident-response procedures. No method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.
9. Data Retention
We retain personal information for as long as it is needed to provide the Service and to comply with legal obligations. Typical retention periods:
- Account data - retained while the account is active and for a reasonable period after deletion to handle disputes, fraud, and legal obligations.
- Transaction records - retained for the period required by applicable tax and accounting law.
- Server logs - retained on a rolling basis (typically up to 12 months) for security and abuse prevention.
- Marketing consent - retained until you withdraw consent.
You may request earlier deletion at any time as described in Section 10, subject to retention required by law.
10. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access - request a copy of the personal information we hold about you.
- Rectification - request correction of inaccurate or incomplete information.
- Erasure - request deletion of your personal information ("right to be forgotten"), subject to retention required by law.
- Restriction of processing - request that we limit how we process your information in certain circumstances.
- Objection - object to processing carried out under our legitimate interests, including direct marketing.
- Portability - receive a copy of your information in a structured, commonly-used, machine-readable format, and transmit it to another controller.
- Withdraw consent - where processing is based on consent, withdraw that consent at any time without affecting prior lawful processing.
- Complain to a supervisory authority - lodge a complaint with the supervisory authority in your country (in Israel, the Privacy Protection Authority / Rashut Hahaganah al HaPratiyut; in the EU, your national data protection authority).
To exercise any of these rights, email info@saastore.ai. We will respond within one month of receiving a verifiable request, as required by GDPR Article 12. We may need to verify your identity before acting on a request.
11. Israeli Privacy Protection Law
SaaStore is operated from Israel and is subject to the Israeli Privacy Protection Law, 5741-1981, as amended (including Amendment 13, which entered into force on 14 August 2025 and aligns the Law more closely with the GDPR's consent standard), and the regulations promulgated under it (including the Privacy Protection Regulations (Information Security), 5777-2017). Following Amendment 13, most private databases no longer require registration; where the database we maintain meets the criteria for notification to the Israeli Privacy Protection Authority (Rashut Hahaganah al HaPratiyut), we will notify it as required. Israeli users have rights of access, rectification, erasure, and portability that are substantially aligned with the rights described in Section 10 above, and may exercise them by emailing info@saastore.ai. Marketing communications are sent only on the basis of separate, freely-given consent collected at signup; this consent can be withdrawn at any time by emailing info@saastore.ai.
Data breach reporting: in the event of a security incident affecting users' personal data, we will notify the Israeli Privacy Protection Authority and affected users in accordance with the timelines and content requirements set out in the Privacy Protection Regulations (Information Security), 5777-2017, as amended.
12. Children's Privacy
The Service is not directed to children under the age of 16 (or the age of digital consent in your jurisdiction, whichever is higher). We do not knowingly collect personal information from anyone under that age. If you believe a child has provided us with personal information, please contact us at info@saastore.ai and we will delete that information.
13. Cookies
We use essential cookies for authentication and session management, and third-party advertising and analytics tags - currently Google Ads, Google Analytics (aggregate reporting), and Meta Pixel - to understand site traffic and measure marketing performance. We may add tags of additional advertising platforms; any such tag will be listed in the Cookie Policy and activated only subject to your consent. Advertising tags load with all consent signals in the "denied" state (Google Consent Mode v2 and equivalent consent mechanisms), and no advertising or analytics cookies are set on your device unless and until you accept via the cookie banner. You may withdraw consent at any time through the "Cookie preferences" link in the footer, and configure your browser to reject cookies generally (which may affect certain features). See our Cookie Policy for the complete list and instructions.
14. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes we will provide reasonable advance notice through the Service or by email to registered account holders before the change takes effect. For non-material changes the change is effective upon publication. The "Last updated" date at the top of this page always reflects the current version.
15. Contact Us
For privacy-specific requests (access, correction, deletion, portability, objection, withdrawal of consent, complaints) or any other question about this Policy, email info@saastore.ai. To report a security incident or suspected data breach, email security@saastore.ai with the details.