Your privacy,
protected.

01 Overview

App & Design ("we," "us," or "our") operates appandesign.com and provides iOS app development, website design, web management, and custom SaaS services. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you visit our website or engage our services.

This policy is governed by the laws of the State of New Jersey, including the New Jersey Data Privacy Act (NJDPA, P.L. 2023, c.266) (effective January 15, 2025), the New Jersey Identity Theft Prevention Act (N.J.S.A. 56:8-161 et seq.), and the New Jersey Consumer Fraud Act (N.J.S.A. 56:8-1 et seq.). Where applicable, federal laws including COPPA and CAN-SPAM also apply.

By using our website or services, you agree to the practices described in this policy.

02 Information we collect

Information you provide directly:

• Name and email address when you contact us through our contact form
• Project details, budget range, and message content submitted through our forms
• Email correspondence and project-related communications
• Payment information — processed entirely by third-party providers; we never store card numbers

Information collected automatically:

• IP address and approximate geographic location (state/city level)
• Browser type, operating system, and device information
• Pages visited, time spent on pages, and referring URLs
• Date and time of visits

We do not collect:

• Social Security numbers or government ID numbers
• Financial account numbers or banking information
• Sensitive personal characteristics (race, religion, health, biometric data)
• Precise geolocation data

03 How we use your information

We use the information we collect solely for the following purposes:

• To respond to your inquiries — answering questions and following up on project requests
• To deliver services — building and managing websites, iOS apps, and related work you've hired us for
• To communicate — sending project updates, invoices, and service-related messages
• To improve our website — understanding which pages are most useful and fixing technical issues
• To comply with legal obligations — responding to lawful requests from courts or government authorities

We do not use your information for targeted advertising, profiling, or sale to data brokers.

Under the NJDPA, we process your data based on one of the following legal bases: performance of a contract (delivering services you requested), legitimate interests (operating and improving our business), or compliance with legal obligations.

04 How we share information

We do not sell, rent, or trade your personal information to third parties. Period.

We may share information in these limited circumstances:

• Service providers: Vendors who help us operate (e.g., web hosting, email delivery, payment processing). These providers are contractually prohibited from using your data for their own purposes.
• Legal requirements: If required by a valid court order, subpoena, or New Jersey or federal law, we may disclose information to authorities. We will attempt to notify you unless legally prohibited from doing so.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may transfer as a business asset. We will notify affected users prior to any such transfer.
• With your consent: Any other sharing requires your explicit prior consent.

05 Cookies & tracking

Our website uses minimal, essential cookies only. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics platforms that profile individual users.

Cookies we may set:

• Session cookies: Temporary cookies that expire when you close your browser, used to maintain form state
• Server logs: Standard web server logs (Apache/Nginx) recording IP addresses and page requests for security and uptime monitoring — retained for 30 days

You can disable cookies in your browser settings. Our website remains fully functional without them.

We do not use Google Analytics, Meta Pixel, or similar third-party tracking scripts on this website.

06 Data security

We implement reasonable technical and organizational measures to protect your information, consistent with N.J.S.A. 56:8-161 et seq. (New Jersey Identity Theft Prevention Act), including:

• HTTPS/TLS encryption for all data in transit
• Server-side access controls limiting who can access stored data
• Regular security monitoring via Cloudflare CDN and firewall rules
• Restricted access to production systems on a need-to-know basis

Data breach notification: In the event of a security breach involving your personal information, we will notify affected New Jersey residents as required by N.J.S.A. 56:8-163 — within a reasonable time, not to exceed any timeframe specified by the Attorney General, and without unreasonable delay.

07 Your rights under New Jersey law

Under the New Jersey Data Privacy Act (NJDPA), New Jersey residents have the following rights regarding their personal data:

• Right to know: You may request confirmation of whether we process your personal data and receive a copy of it
• Right to correct: You may request correction of inaccurate personal data we hold about you
• Right to delete: You may request deletion of personal data we have collected from you
• Right to data portability: You may request your data in a portable, commonly used format
• Right to opt out: You may opt out of the processing of your data for purposes of targeted advertising, sale, or profiling (we do not engage in these activities)
• Right to appeal: If we decline a request, you may appeal our decision

To exercise any of these rights, contact us at [email protected]. We will respond within 45 days of receiving your request, with one possible extension of 45 additional days where reasonably necessary. We will not discriminate against you for exercising these rights.

You may also have rights under the New Jersey Consumer Fraud Act (N.J.S.A. 56:8-1) regarding deceptive practices. If you believe we have violated this Act, you may contact the New Jersey Division of Consumer Affairs at njconsumeraffairs.gov.

08 Children's privacy

Our website and services are directed to businesses and adults only. We do not knowingly collect personal information from children under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA).

If we discover we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe we have collected such information, please contact us immediately at [email protected].

09 Third-party links & services

Our website may contain links to third-party websites (such as client project sites, LinkedIn, or GitHub). These sites have their own privacy policies, and we have no responsibility or liability for their content or practices.

We encourage you to review the privacy policies of any third-party sites you visit.

Our website uses the following third-party services with their own privacy implications:

• Google Fonts — fonts loaded from Google's CDN (Google Privacy Policy applies)
• Cloudflare — CDN, DNS, and security services (Cloudflare Privacy Policy applies)

10 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we do, we will update the "Last updated" date at the top of this page.

For material changes, we will provide more prominent notice, which may include an email notification to contacts on file. Continued use of our website after changes constitutes acceptance of the updated policy.

We recommend reviewing this page periodically. Archived versions are available upon request.

11 Contact us

For privacy-related questions, requests to exercise your rights, or data breach notifications, contact us at: