Privacy Policy

Last updated: January 21, 2026

1. Introduction

ApexGen ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company name
  • Payment Information: Credit card details (processed securely by Stripe)
  • Lead Data: Contact information of leads you upload (names, emails, phone numbers)
  • Campaign Data: Email templates, SMS messages, AI agent configurations

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and preferences
  • Log Data: API requests, error logs, campaign execution logs

3. How We Use Your Information

  • Service Delivery: To provide, maintain, and improve the Service
  • Campaign Execution: To send emails, SMS, and make voice calls on your behalf
  • AI Processing: To train AI agents and generate personalized messages
  • Analytics: To analyze usage patterns and improve features
  • Customer Support: To respond to your inquiries and provide assistance
  • Billing: To process payments and send invoices
  • Security: To detect fraud, prevent abuse, and ensure platform security
  • Communications: To send service updates, new features, and promotional offers (you can opt-out)

4. Data Sharing & Third Parties

4.1 Service Providers

We share data with trusted third parties who help us operate the Service:

  • Supabase: Database hosting and authentication
  • Resend: Email delivery infrastructure
  • Twilio: SMS and voice call delivery
  • OpenAI: AI conversation generation
  • Stripe: Payment processing
  • Vercel: Application hosting

4.2 We DO NOT:

  • Sell your personal data to advertisers or data brokers
  • Share your lead data with other ApexGen users
  • Use your data to train AI models for other customers

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request.

5. Data Security

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Control: Role-based access controls and Row Level Security (RLS)
  • Authentication: Secure password hashing and optional 2FA
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Daily encrypted backups stored in multiple locations

6. Data Retention

  • Active Accounts: We retain your data as long as your account is active
  • Deleted Accounts: Data is deleted within 30 days of account deletion
  • Backups: Backup copies may persist for up to 90 days
  • Legal Obligations: We may retain certain data to comply with legal requirements

7. Your Rights (GDPR & UK DPA)

If you are in the UK or EU, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Portability: Export your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@apexgen.ai

8. Cookies & Tracking

8.1 Essential Cookies

Required for the Service to function (authentication, preferences)

8.2 Analytics Cookies

Help us understand how you use the Service (can be disabled)

8.3 How to Manage Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place (Standard Contractual Clauses).

10. Children's Privacy

Our Service is not intended for users under 18 years old. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification 30 days before they take effect.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights:

  • Email: privacy@apexgen.ai
  • Data Protection Officer: dpo@apexgen.ai
  • Address: ApexGen Ltd, London, United Kingdom

13. Supervisory Authority

If you are in the UK or EU and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.

  • UK: Information Commissioner's Office (ICO) - https://ico.org.uk
  • EU: Your local Data Protection Authority