Privacy Policy
How we protect and respect your information. Last updated: March 2026
1. Information We Collect
We collect information you provide directly: name, email, company name, website URL, and payment information (processed securely by Stripe). We also collect usage data including pages visited, audit domains submitted, and chat interactions with Aria.
2. How We Use Information
We use your information to provide and improve our Services, process payments, communicate with you, send service updates and marketing communications (with opt-out), and analyze usage patterns to improve our platform.
3. Data Sharing
We do not sell your personal information. We share data only with service providers (Stripe for payments, Supabase for infrastructure) necessary to deliver our Services, and as required by law.
4. Data Security
We implement industry-standard security measures to protect your data. All data is encrypted in transit and at rest. Payment information is handled exclusively by Stripe and never touches our servers.
5. Cookies & Local Storage
We use essential cookies to maintain your session and preferences. We use Plausible Analytics for privacy-friendly website analytics that does not track personal information. Our client portal uses browser localStorage to persist your Aria chat history and interface preferences locally on your device. This data never leaves your browser and can be cleared at any time through your browser settings.
6. Data Retention
We retain your account data for the duration of your active subscription plus 90 days following cancellation. Visibility audit data and optimization history are retained for 12 months to provide trend analysis and reporting. Email engagement data (opens, clicks) is retained for 6 months. You may request early deletion of your data at any time by contacting us.
7. Your Rights
You may request access to, correction of, or deletion of your personal data at any time. You may unsubscribe from marketing emails via our unsubscribe page or by clicking the unsubscribe link in any email.
8. CCPA & GDPR Compliance
California Residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact us at the address below.
EEA/UK Residents (GDPR): We process personal data on the basis of contract performance (providing our Services) and legitimate interest (improving our platform). You have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Our data processor agreements with Supabase and Stripe ensure your data is handled in compliance with GDPR. To exercise any right, contact us at the address below.
9. CAN-SPAM Compliance
We comply with CAN-SPAM requirements. All marketing emails include our physical address, clear identification as advertising, and a working unsubscribe mechanism. Unsubscribe requests are processed within 10 business days.
10. Contact
Privacy questions? Contact us at hello@apexaiwork.com.
