1. Who is the controller
For the purposes of the EU/UK GDPR, the controller of your personal data is Apex Pulse Ltd. ("Apex Pulse", "we", "us", "our"). You can contact our privacy team at [email protected].
2. What we collect
- Account data: name, email address, password (hashed), country.
- Billing data: handled by our payment processor; we receive only the last four digits of the card, card brand, and a tokenised reference. We do not store full card numbers or CVCs.
- Usage data: IP address, browser, device, pages visited, signals viewed, alert preferences, log timestamps, error reports.
- Communications: messages you send us via email, the contact form, or Telegram.
- Cookies and similar: see our Cookie Policy.
3. How we use your data
- To provide, operate, and improve the Service.
- To authenticate you, secure your account, and prevent fraud or abuse.
- To process subscriptions, billing, and refunds.
- To communicate service notices, security alerts, and (with your consent) product updates.
- To comply with legal, regulatory, and tax obligations.
- To detect and resolve technical issues.
4. Legal bases (EU/UK GDPR)
- Performance of a contract — to deliver the Service you've subscribed to.
- Legitimate interests — to secure our systems, prevent abuse, and improve the Service, balanced against your rights.
- Consent — for non-essential cookies and marketing email; you may withdraw consent at any time.
- Legal obligation — for tax, accounting, and regulatory record-keeping.
5. Sharing with third parties
We share personal data only with vetted service providers who process it on our behalf under written contracts:
- Payment processor (for card processing).
- Cloud hosting and infrastructure providers.
- Email and messaging providers (transactional notifications).
- Analytics and error-monitoring providers (aggregated, where possible).
We may also disclose data when required by law, court order, or to protect our rights, users, or the public. We never sell personal data.
6. International transfers
Your data may be processed in countries other than your own, including outside the EEA or United Kingdom. Where we transfer personal data internationally, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or transfers to jurisdictions covered by an adequacy decision.
7. Retention
We keep account data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations (typically up to 7 years for billing/tax records). Aggregated, de-identified analytics may be retained indefinitely.
8. Your rights
Depending on your jurisdiction, you may have the right to: access your personal data; correct it; delete it; restrict or object to processing; receive it in a portable format; withdraw consent; lodge a complaint with a supervisory authority (in the EU/UK) or your state attorney general (US). California residents have additional rights under the CCPA/CPRA, including the right to opt out of "sales" and "sharing" — Apex Pulse does not sell or share personal data as defined by those laws.
To exercise any right, email [email protected]. We respond within the timeframes required by applicable law (typically 30 days).
9. Security
We use industry-standard administrative, technical, and physical safeguards to protect personal data — encryption in transit and at rest, principle-of-least-privilege access controls, audit logging, and regular reviews. No system is perfectly secure; you are responsible for keeping your password confidential.
10. Children
The Service is not directed to anyone under 18, and we do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy. Material changes will be notified by email or in the Service. The "Last updated" date at the top reflects the current version.
12. Contact
Privacy questions or requests: [email protected].