Privacy Policy

Last Updated: 18 December 2025

This Privacy Policy explains how ApexVol Ltd. ("ApexVol," "we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our website, applications, and services (collectively, the "Services"). We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

1. Data Controller

ApexVol Ltd. is the data controller responsible for your personal data.

ApexVol Ltd.

United Kingdom

Email: support@apexvol.com

2. Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide

Category Examples
Account Information Name, email address, password (encrypted), username
Billing Information Payment card details (processed by Stripe), billing address, transaction history
Communications Support requests, feedback, survey responses
Preferences Watchlists, saved tickers, dashboard configurations

2.2 Information Collected Automatically

Category Examples
Device Information IP address, browser type, operating system, device identifiers
Usage Data Pages visited, features used, timestamps, session duration
Cookies & Similar Technologies Session cookies, authentication tokens (see our Cookie Policy)

3. How We Collect Your Data

  • Direct interactions: When you create an account, subscribe to a plan, contact support, or fill out forms
  • Automated technologies: Through cookies, server logs, and similar technologies as you navigate our Services
  • Third-party sources: Payment processors (Stripe) for transaction verification

5. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our options analytics platform
  • Account Management: To create and manage your account, authenticate access, and process subscriptions
  • Payment Processing: To process payments and prevent fraudulent transactions
  • Communications: To send transactional emails (receipts, password resets, service updates) and, with your consent, marketing communications
  • Support: To respond to your inquiries and provide customer service
  • Analytics: To understand usage patterns and improve user experience
  • Security: To detect, prevent, and address fraud, abuse, and security issues
  • Legal Compliance: To comply with applicable laws and regulations

6. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with:

6.1 Service Providers

Provider Purpose Data Shared
Stripe Payment processing Payment card details, billing address, email
SendGrid (Twilio) Transactional emails Email address, name
Cloud Hosting Provider Infrastructure & data storage All data (encrypted at rest)
Theta Data Market data API API requests (no personal data)

All service providers are bound by Data Processing Agreements (DPAs) requiring them to protect your data and use it only for the specified purposes.

6.2 Other Disclosures

We may also disclose your data:

  • To comply with legal obligations, court orders, or government requests
  • To protect the rights, property, or safety of ApexVol, our users, or the public
  • In connection with a merger, acquisition, or sale of assets (with notice to you)

7. International Transfers

Your data may be transferred to and processed in countries outside the UK or European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries deemed adequate by the UK Government
  • Standard Contractual Clauses (SCCs): UK-approved contractual protections with recipients
  • Supplementary Measures: Additional technical and organizational safeguards where required

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Policy:

Data Category Retention Period
Account Data Duration of account + 2 years after deletion request
Billing & Transaction Records 7 years (UK tax/accounting requirements)
Usage Logs 90 days (security & debugging purposes)
Support Communications 3 years after resolution
Marketing Consent Records Duration of consent + 3 years

After the retention period, data is securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: TLS 1.3 for data in transit; AES-256 encryption for data at rest
  • Access Controls: Role-based access, multi-factor authentication for staff
  • Secure Sessions: HTTPOnly, Secure, and SameSite cookie flags
  • Password Security: Passwords hashed using industry-standard algorithms (bcrypt)
  • Regular Audits: Security assessments and vulnerability testing
  • Incident Response: Documented breach notification procedures (within 72 hours per GDPR)

While we strive to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right Description
Access Request a copy of the personal data we hold about you
Rectification Request correction of inaccurate or incomplete data
Erasure Request deletion of your data ("right to be forgotten")
Restriction Request limitation of processing in certain circumstances
Portability Receive your data in a structured, machine-readable format
Objection Object to processing based on legitimate interests or for marketing
Withdraw Consent Withdraw consent at any time (does not affect prior lawful processing)

How to Exercise Your Rights

To exercise any of these rights, please:

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days with notice.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: ico.org.uk

Phone: 0303 123 1113

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

11.1 Your California Rights

Right Description
Right to Know Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose about you
Right to Delete Request deletion of personal information we hold about you, subject to certain exceptions
Right to Correct Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing Opt out of the sale or sharing of your personal information for cross-context behavioral advertising
Right to Non-Discrimination Not receive discriminatory treatment for exercising your privacy rights

11.2 Do Not Sell or Share My Personal Information

We Do Not Sell Your Personal Information

ApexVol does not sell your personal information to third parties. We also do not share your personal information for cross-context behavioral advertising purposes as defined under the CCPA/CPRA.

While we do not currently sell or share personal information, you may still submit an opt-out request for the record. We will honor such requests and notify you if our practices change in the future.

11.3 Categories of Personal Information

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, IP address, account ID
  • Commercial Information: Subscription history, transaction records
  • Internet Activity: Browsing history on our site, interactions with our Services
  • Geolocation Data: Approximate location based on IP address
  • Inferences: Preferences derived from usage patterns

11.4 How to Exercise Your California Rights

To submit a request, you may:

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

11.5 Shine the Light

Under California Civil Code Section 1798.83 ("Shine the Light"), California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. As stated above, we do not share your personal information with third parties for their direct marketing purposes.

12. Cookies

We use cookies and similar technologies to operate our Services. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

13. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at support@apexvol.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying a notice within the Services

Your continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

ApexVol Ltd.

United Kingdom

Email: support@apexvol.com

© 2025 ApexVol Ltd. All rights reserved.