Privacy Policy
Section 01
Introduction
Missioned is a dual-cloud go-to-market (GTM) platform built by Applify, Inc. ("Applify", "we", "us", "our") that helps growth-stage SaaS companies list, manage, and sell through AWS Marketplace and Microsoft Azure Marketplace. This Privacy Policy explains how Missioned collects, uses, stores, shares, and protects personal data and business data that is processed through the Missioned platform.
This policy applies exclusively to data processed within the Missioned platform. By accessing or using the platform, your organisation (the "Client" or "Controller") agrees to the terms of this policy. If your organisation has entered into a separate Data Processing Agreement (DPA) with Applify, that agreement governs in the event of any conflict.
Section 02
Who we are
The Missioned platform is operated by:
Applify, Inc.
Website: applify.co
Privacy contact: support@missioned.ai
Applify, Inc. is incorporated and headquartered in the United States. All legal and data protection enquiries should be directed to the US office via the contact details in Section 15.
Section 03
Scope of this policy
This policy covers all personal data and business-sensitive data processed by Missioned on behalf of our Clients when they use the platform to:
- Create and manage cloud marketplace listings on AWS and Azure
- Configure product and pricing information for marketplace offerings
- Manage co-sell activities, partner relationship management (PRM), and CRM integrations
- Track offers, transactions, and marketplace pipeline performance
- Communicate with AWS and Azure marketplace teams as part of co-sell or ISV accelerator programmes
This policy does not govern data collected on the Missioned marketing website (missioned.ai), which is covered by a separate website privacy notice.
Section 04
Our role as data processor
Applify, Inc. acts solely as a data processor with respect to all data processed through the Missioned platform. Our Clients are the data controllers, meaning they determine the purposes and means by which personal data is processed. Missioned processes data only:
- On the documented instructions of the Client
- To the extent necessary to provide the services described in the applicable subscription or service agreement
- In accordance with this Privacy Policy and any applicable Data Processing Agreement
We do not sell, rent, or exploit Client data for any purpose outside the scope of service delivery. We do not process Client data for our own commercial purposes, advertising, or profiling.
Section 05
Data we process
In the course of providing the Missioned platform, we may process the following categories of data on behalf of Clients:
5.1 Business and product data
- Marketplace listing information: product names, descriptions, categories, regions, and listing metadata submitted to AWS or Azure Marketplace
- Pricing information: pricing models, tiers, contract terms, private offer configurations, and billing structures
- Product and technical information: software feature details, integration specifications, and AMI or container references
- Commercial terms: CPPO structures, co-sell engagement data, ISV Accelerate programme data
5.2 Contact and identity data
- Names, job titles, and business email addresses of Client personnel and authorised users of the platform
- Contact information of the Client's customers, where that information has been shared with Missioned by the Client as part of co-sell pipeline management
- AWS and Azure account identifiers and marketplace tenant IDs
5.3 Usage and platform data
- Log data, session activity, feature usage, and access records within the Missioned platform
- Integration activity with connected CRM systems (e.g. Salesforce, HubSpot)
5.4 End-customer data
Where Clients share information about their end customers as part of co-sell submissions or pipeline management, Missioned processes that data strictly on the Client's instruction. Clients are responsible for ensuring they have a lawful basis for sharing such data with Missioned and for notifying their end customers appropriately.
Section 06
How we use the data
Missioned uses the data it processes solely for the following purposes:
- Service delivery: To operate the platform, maintain listings, process offers, and manage marketplace integrations on the Client's behalf
- Co-sell facilitation: To submit and track co-sell engagements with authorised AWS and Azure marketplace teams, pursuant to the Client's explicit instruction
- CRM integration: To synchronise pipeline and offer data with the Client's connected CRM system
- Platform improvement: To monitor platform performance, diagnose errors, and improve reliability, using aggregated, non-identifiable usage signals where possible
- Legal & compliance obligations: To comply with applicable laws, respond to lawful requests, or enforce our agreements
We do not use Client data for marketing, advertising, model training, or any secondary purpose not described in this policy or agreed in writing with the Client.
Section 07
Data sharing
Missioned does not sell or disclose Client data to third parties except in the circumstances below, and only with the Client's prior authorisation where applicable.
7.1 Authorised cloud marketplace partners
When a Client instructs Missioned to submit a listing, private offer, or co-sell engagement, the relevant listing, pricing, and pipeline data is shared with Amazon Web Services (AWS) and/or Microsoft Azure marketplace teams. This sharing occurs only upon the Client's explicit instruction and authorisation. Clients should review AWS and Azure's own privacy and data handling policies for how those entities process shared data.
7.2 Sub-processors
Missioned uses the following categories of sub-processors to deliver its services. All sub-processors are bound by data processing terms consistent with this policy:
- CRM platforms (e.g. Salesforce): for pipeline and lead data management where integrated by the Client
- Analytics tools: for platform usage monitoring and performance analytics, using aggregated data
- Cloud infrastructure providers: for hosting and data storage
- Communication tools: for support and account management correspondence
Clients may request an up-to-date list of sub-processors by contacting support@missioned.ai.
7.3 Legal disclosures
We may disclose data where required by law, court order, or governmental authority, or where necessary to protect the rights, property, or safety of Applify, our Clients, or others. We will notify the relevant Client of any such request where legally permitted to do so.
7.4 Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of Applify's assets, Client data may be transferred to the acquiring entity, subject to equivalent data protection commitments.
Section 08
Data retention and deletion
Retention period: Missioned retains all Client data, including listing information, product data, pricing data, contact data, and end-customer data, for a maximum of 365 days from the date of collection or last update, unless the Client requests earlier deletion or a shorter period is required by applicable law.
At the end of the 365-day retention period, or upon the termination of a Client's subscription (whichever is earlier, unless the Client requests otherwise in writing), all data is permanently and irreversibly deleted from Missioned's systems and sub-processors, including backups, within 30 days of the applicable deletion trigger.
Clients may request deletion of their data at any time prior to the 365-day period by contacting support@missioned.ai. Upon receipt of a verified deletion request, we will complete deletion within 30 days and provide written confirmation.
Notwithstanding the above, Applify may retain limited data (such as transaction records or billing information) for a longer period where required by applicable tax, financial, or legal obligations, in which case such data will be held in restricted access and not used for any operational purpose.
Section 09
Security
Applify implements appropriate technical and organisational measures to protect the data processed through Missioned against unauthorised access, disclosure, alteration, or destruction. These measures include, but are not limited to:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls and least-privilege access principles
- Regular security assessments and vulnerability testing
- Incident response procedures with Client notification obligations
- Employee data protection training and confidentiality obligations
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, Applify will notify the affected Client without undue delay and, where required, assist the Client in meeting its own breach notification obligations to relevant supervisory authorities and data subjects.
Section 10
Your rights
As Missioned operates as a data processor, data subject rights requests (e.g. access, correction, deletion) should in the first instance be directed to the Client organisation that controls the data. Clients are responsible for honouring data subject rights under applicable law.
However, where a data subject contacts Missioned directly, we will promptly forward the request to the relevant Client and provide reasonable assistance to help the Client respond within the legally required timeframe. Rights that may be available depending on jurisdiction include:
- Right of access: to obtain a copy of personal data held
- Right to rectification: to correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): to request deletion of personal data
- Right to restriction of processing: to limit how data is used
- Right to data portability: to receive data in a structured, machine-readable format
- Right to object: to object to certain types of processing
- Right to withdraw consent: where processing is based on consent
To submit a rights request or enquiry to Missioned, contact: support@missioned.ai
Section 11
Global compliance and jurisdiction-specific notices
Missioned operates globally and is committed to complying with applicable data protection laws in each jurisdiction where it processes data. The following table summarises the key regulatory frameworks that apply:
International data transfers
Where Client data is transferred from one country to another in the course of service delivery (for example, from EU to US infrastructure), Applify relies on appropriate transfer mechanisms, including:
- Standard Contractual Clauses (SCCs) as approved by the European Commission for EU/EEA transfers
- International Data Transfer Agreements (IDTAs) for UK transfers
- Contractual safeguards and adequacy assessments for transfers from Singapore, India, UAE, and Australia
Clients who require jurisdiction-specific transfer impact assessments or supplementary measures may request these from support@missioned.ai.
Section 12
Data processing agreement (DPA)
Given Missioned's role as a data processor, Clients who are subject to the GDPR, UK GDPR, India DPDP Act, Singapore PDPA, UAE PDPL, or equivalent legislation are required to have a Data Processing Agreement (DPA) in place with Applify before processing personal data through the platform.
12.1 What the DPA covers
Applify's standard DPA sets out:
- The subject matter, nature, purpose, and duration of processing
- The types of personal data and categories of data subjects involved
- Applify's obligations and rights as a processor, including confidentiality and security commitments
- Sub-processing authorisation and notification requirements
- Audit rights and cooperation obligations
- Data return and deletion commitments upon termination
- International transfer mechanisms and supplementary measures
12.2 Processor obligations under applicable DPA acts
EU & UK GDPR (Article 28): Applify processes personal data only on documented instructions from the Client; ensures persons authorised to process data are bound by confidentiality; implements appropriate technical and organisational security measures; assists the Client in fulfilling data subject rights requests; deletes or returns data at the Client's choice at the end of the service relationship; and provides all information necessary to demonstrate compliance, supporting audits.
India DPDP Act 2023 (Section 8, Obligations of Data Processor): As a Data Processor under the DPDP Act, Applify processes personal data only pursuant to a valid contract with the Data Fiduciary (Client), implements appropriate technical and organisational safeguards as specified or approved by the Data Fiduciary, and assists the Client in meeting its obligations to Data Principals under the Act, including in relation to rights requests and breach notifications.
Singapore PDPA: Applify implements contractual and technical safeguards consistent with the PDPA's data protection provisions, and assists Clients in meeting their obligations under the Act, including breach notification requirements and data subject access obligations.
UAE PDPL: Processing is conducted on the basis of the Client's instructions and in accordance with the purposes set out in the service agreement. Applify implements safeguards consistent with UAE PDPL requirements and supports Clients in fulfilling Data Subject rights under UAE law.
Australian Privacy Act: Applify acts as a contracted service provider and handles personal information in accordance with the Australian Privacy Principles, maintaining security and confidentiality obligations consistent with APP 11 (security of personal information).
12.3 Requesting a DPA
To request Applify's standard DPA, or to submit your organisation's own DPA for review, please contact support@missioned.ai. Enterprise Clients may negotiate custom DPA terms as part of their subscription agreement.
Section 13
Children's data
The Missioned platform is intended solely for use by businesses and their authorised personnel. It is not directed at individuals under the age of 18. Applify does not knowingly process personal data relating to children through the platform. If a Client believes that data relating to a minor has been submitted to the platform in error, they should contact us immediately at support@missioned.ai for prompt deletion.
Section 14
Changes to this policy
Applify may update this Privacy Policy from time to time to reflect changes in law, our services, or our data practices. When we make material changes, we will notify Clients via email or in-platform notification at least 30 days before the changes take effect. The updated policy will be posted at this URL with a revised "Last Updated" date.
Continued use of the Missioned platform after the effective date of any updated policy constitutes acceptance of the revised terms. If a Client objects to material changes, they may terminate their subscription in accordance with the applicable service agreement.
Section 15
Contact us
For any questions, concerns, or requests relating to this Privacy Policy or the handling of data within the Missioned platform, please contact us at:
Data Privacy - Missioned / Applify, Inc.
Email: support@missioned.ai
Website: applify.co
Where required by applicable law, data subjects retain the right to lodge a complaint with the relevant supervisory authority in their jurisdiction.
