Skip to main content

Legal

Data Processing Agreement

How Apex Edge Sales Engineering Limited processes personal data on behalf of subscribers using ApexIQ WinCommand™.

Effective: 14 June 2026

Last reviewed: 14 June 2026

This Data Processing Agreement assumes a business-to-business relationship in which the Subscriber acts as controller for personal data entered into ApexIQ WinCommand™ for its Sales Engineering deal execution purposes, and Apex Edge Sales Engineering Limited acts as processor for that processing.

1. Parties

This Data Processing Agreement is entered into between:

Apex Edge Sales Engineering Limited, a company registered in England and Wales with company number 15821626, whose registered office is at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom; and

Subscriber, the organisation identified in the applicable Order Form, online checkout, subscription confirmation, or accepted ordering process.

This Data Processing Agreement forms part of the Agreement governing the Subscriber's use of ApexIQ WinCommand™.

2. Purpose

This Data Processing Agreement sets out the terms on which Apex Edge Sales Engineering Limited processes Subscriber Personal Data on behalf of the Subscriber in connection with ApexIQ WinCommand™.

It applies only where Apex Edge Sales Engineering Limited processes personal data as processor on behalf of the Subscriber.

It does not apply to personal data processed by Apex Edge Sales Engineering Limited as controller, including account administration, authentication, billing, payment administration, service communications, operational usage records, security, support administration, and its own business records.

3. Definitions

In this Data Processing Agreement:

Agreement means the Online Subscription Terms (or, where applicable, a separate written subscription agreement or Order Form), together with the Service Description, this Data Processing Agreement, and any incorporated schedules or policies.

Applicable Data Protection Law means all data protection and privacy laws applicable to the processing of Subscriber Personal Data under the Agreement, including where applicable the UK GDPR, Data Protection Act 2018, EU GDPR, and Privacy and Electronic Communications Regulations.

Controller, processor, data subject, personal data, processing, personal data breach, and supervisory authority have the meanings given to them under Applicable Data Protection Law.

EU GDPR means Regulation (EU) 2016/679.

Restricted Transfer means a transfer of personal data that is restricted under Applicable Data Protection Law and requires an appropriate transfer safeguard.

Subscriber Personal Data means personal data processed by Apex Edge Sales Engineering Limited as processor on behalf of the Subscriber through ApexIQ WinCommand™.

Sub-processor means a third party appointed by Apex Edge Sales Engineering Limited to process Subscriber Personal Data on behalf of the Subscriber.

UK Addendum means the United Kingdom Addendum to the European Commission Standard Contractual Clauses.

UK GDPR has the meaning given in section 3(10) of the Data Protection Act 2018.

UK International Data Transfer Agreement means the International Data Transfer Agreement approved for use under United Kingdom data protection law.

4. Processing roles

4.1 Subscriber as controller

The Subscriber is controller for Subscriber Personal Data entered into, stored in, processed through, or exported from ApexIQ WinCommand™ for the Subscriber's Sales Engineering deal execution purposes.

The Subscriber determines the purpose and means of that processing.

4.2 Apex Edge Sales Engineering Limited as processor

Apex Edge Sales Engineering Limited acts as processor where it processes Subscriber Personal Data on behalf of the Subscriber for the purposes of providing, operating, securing, supporting, maintaining, and improving ApexIQ WinCommand™ under the Agreement.

4.3 Apex Edge Sales Engineering Limited as controller

Apex Edge Sales Engineering Limited acts as controller for processing activities where it determines the purpose and means of processing, including:

  • account administration;
  • authentication data;
  • billing and payment administration;
  • service communications;
  • operational usage records;
  • security monitoring;
  • fraud, abuse, and misuse prevention;
  • support administration;
  • legal, accounting, tax, and business records.

Those controller activities are governed by the applicable Privacy Notice, not this Data Processing Agreement.

5. Processing details

The subject matter, duration, nature, purpose, personal data categories, and data subject categories are set out below.

5.1 Subject matter

Processing of Subscriber Personal Data in connection with the provision, operation, security, support, maintenance, and administration of ApexIQ WinCommand™.

5.2 Duration

Processing continues for the duration of the Subscriber's subscription and any post-termination retention, deletion, backup, legal hold, or dispute period permitted under the Agreement.

5.3 Nature of processing

Apex Edge Sales Engineering Limited may process Subscriber Personal Data by:

  • hosting;
  • storing;
  • organising;
  • displaying;
  • transmitting;
  • securing;
  • backing up;
  • logging;
  • exporting;
  • deleting;
  • retrieving;
  • structuring;
  • analysing for service operation;
  • generating scores, recommendations, risk indicators, reports, summaries, templates, or exports;
  • providing technical support;
  • investigating security, misuse, or operational issues.

5.4 Purpose of processing

The purpose of processing is to provide ApexIQ WinCommand™ to the Subscriber, including:

  • stage-by-stage deal execution;
  • Sales Engineering coaching;
  • opportunity inspection;
  • proof and validation records;
  • Technical Win tracking;
  • risk and blocker visibility;
  • handoff readiness;
  • internal deal review rhythm;
  • scoring, recommendations, and automated risk indicators;
  • data exports, including CSV, PDF, and JSON, during the active Subscription Term;
  • security, access control, audit logging, and support.

5.5 Types of personal data

Subscriber Personal Data may include:

  • names;
  • work email addresses;
  • employer or organisation;
  • job title or role;
  • account or opportunity involvement;
  • buying role;
  • stakeholder influence information;
  • Champion or Economic Buyer information;
  • deal notes;
  • technical validation notes;
  • proof records;
  • risk records;
  • audit records connected to Subscriber-controlled content;
  • information included in exported Subscriber records.

5.6 Categories of data subjects

Subscriber Personal Data may relate to:

  • Subscriber personnel;
  • Authorised Users;
  • Sales Engineering leaders;
  • Sales Engineers;
  • Account Executives;
  • revenue leaders;
  • customer or prospect stakeholders;
  • technical evaluators;
  • procurement contacts;
  • economic buyers;
  • champions;
  • other business contacts entered by the Subscriber or its Authorised Users.

5.7 Restricted data

Unless expressly agreed in writing, the Subscriber must not enter or process the following in ApexIQ WinCommand™:

  • special category personal data;
  • criminal offence data;
  • children's data;
  • raw payment card information;
  • passwords, secrets, private keys, or API keys;
  • production customer data unrelated to Sales Engineering deal execution;
  • highly confidential security vulnerability information;
  • unlawful, infringing, defamatory, discriminatory, malicious, or harmful content;
  • information the Subscriber is not authorised to process or disclose.

6. Subscriber instructions

6.1 Documented instructions

Apex Edge Sales Engineering Limited will process Subscriber Personal Data only on the Subscriber's documented instructions, unless required to do otherwise by applicable law.

The Subscriber's documented instructions include:

  • the Agreement;
  • this Data Processing Agreement;
  • the Order Form;
  • the Service Description;
  • the Subscriber's use and configuration of ApexIQ WinCommand™;
  • instructions submitted through authorised support, administration, export, deletion, or account management processes.

6.2 Unlawful instructions

Apex Edge Sales Engineering Limited will notify the Subscriber if it believes an instruction infringes Applicable Data Protection Law, unless legally prohibited from doing so.

Apex Edge Sales Engineering Limited may suspend or refuse to follow an instruction where reasonably necessary to comply with law, protect the Service, prevent misuse, maintain security, or avoid processing Restricted Data.

7. Confidentiality

Apex Edge Sales Engineering Limited will ensure that personnel authorised to process Subscriber Personal Data are bound by confidentiality obligations or are under an appropriate statutory duty of confidentiality.

Apex Edge Sales Engineering Limited will limit access to Subscriber Personal Data to personnel, contractors, suppliers, and Sub-processors who need access for the purposes of the Agreement.

8. Security measures

8.1 General security obligation

Apex Edge Sales Engineering Limited will implement appropriate technical and organisational measures designed to protect Subscriber Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.

8.2 Security measures in place

The security measures in place include:

  • HTTPS/TLS for encryption in transit;
  • role-based access control;
  • multifactor authentication;
  • administrative access controls;
  • audit logging;
  • backups;
  • support access controls.

8.3 Additional security measures

Apex Edge Sales Engineering Limited may implement or document additional technical and organisational security measures from time to time.

9. Sub-processors

9.1 General authorisation

The Subscriber gives Apex Edge Sales Engineering Limited general authorisation to appoint Sub-processors to process Subscriber Personal Data for the purposes of providing ApexIQ WinCommand™.

9.2 Current Sub-processors

The current Sub-processors are:

Supplier Service Data likely processed
Supabase Inc. Database, storage, and authentication infrastructure Customer and user personal data, names, email addresses, records, audit logs, exports
Stripe, Inc. Payment processing, subscription management, invoicing, and customer portal Billing contact name and email, company name, payment method metadata
Resend, Inc. Transactional email delivery Recipient name and email address, email body content
Netlify, Inc. Application hosting, serverless function execution, content delivery, request logs IP addresses, HTTP request logs, serverless function processing data

9.3 Sub-processor obligations

Apex Edge Sales Engineering Limited will ensure that each Sub-processor is bound by written terms requiring it to protect Subscriber Personal Data to a standard materially equivalent to this Data Processing Agreement, where required by Applicable Data Protection Law.

9.4 Sub-processor list

Apex Edge Sales Engineering Limited will maintain a Sub-processor List identifying Sub-processors used to process Subscriber Personal Data.

9.5 Changes to Sub-processors

Apex Edge Sales Engineering Limited may update the Sub-processor List from time to time.

Before appointing a new Sub-processor that materially affects processing of Subscriber Personal Data, Apex Edge Sales Engineering Limited will provide notice by email, account notice, website update, or another reasonable method.

9.6 Objection to new Sub-processors

The Subscriber may object to a new Sub-processor on reasonable data protection grounds within 10 business days after notice.

If the objection is reasonable and cannot be resolved, Apex Edge Sales Engineering Limited may:

  • not appoint the Sub-processor for that Subscriber;
  • offer an alternative;
  • suspend affected functionality;
  • terminate the affected subscription and provide a pro-rata refund of prepaid unused Fees for the affected period.

10. International transfers

10.1 Restricted transfers

Subscriber Personal Data may be hosted, processed, accessed, or supported outside the United Kingdom. Restricted Transfers may occur.

10.2 Transfer safeguards

Where required by Applicable Data Protection Law, Apex Edge Sales Engineering Limited will use appropriate transfer safeguards, which may include:

  • the UK International Data Transfer Agreement;
  • the UK Addendum;
  • European Commission Standard Contractual Clauses;
  • supplier-provided transfer terms;
  • adequacy decisions;
  • other lawful transfer mechanisms.

10.3 Transfer risk assessment

Apex Edge Sales Engineering Limited will complete and maintain a transfer risk assessment where required by Applicable Data Protection Law for Restricted Transfers.

11. Assistance to Subscriber

Taking into account the nature of the processing and information available to Apex Edge Sales Engineering Limited, Apex Edge Sales Engineering Limited will provide reasonable assistance to the Subscriber with:

  • data subject access requests;
  • correction requests;
  • deletion requests;
  • restriction requests;
  • objection requests;
  • portability requests;
  • personal data breach obligations;
  • data protection impact assessments;
  • prior consultation with supervisory authorities, where required.

Apex Edge Sales Engineering Limited may charge reasonable fees for assistance where the request is excessive, complex, outside standard support, caused by Subscriber error, or not required by Applicable Data Protection Law.

12. Data subject requests

If Apex Edge Sales Engineering Limited receives a request from a data subject relating to Subscriber Personal Data processed on behalf of the Subscriber, Apex Edge Sales Engineering Limited will, where reasonably practicable:

  • notify the Subscriber;
  • not respond to the request except on the Subscriber's documented instructions, unless required by law;
  • provide reasonable assistance to help the Subscriber respond.

The Subscriber remains responsible for responding to requests where it acts as controller.

13. Personal data breaches

13.1 Notification

Apex Edge Sales Engineering Limited will notify the Subscriber without undue delay after becoming aware of a personal data breach affecting Subscriber Personal Data.

13.2 Information provided

Where available, the notification may include:

  • the nature of the breach;
  • categories and approximate number of affected data subjects;
  • categories and approximate number of affected records;
  • likely consequences;
  • measures taken or proposed to address the breach;
  • contact point for further information.

13.3 Subscriber responsibility

The Subscriber is responsible for assessing whether regulatory or data subject notifications are required where it acts as controller.

13.4 No admission

A breach notification is not an admission of fault or liability by Apex Edge Sales Engineering Limited.

14. Deletion and return

14.1 Export during subscription

During the active Subscription Term, ApexIQ WinCommand™ supports CSV exports and PDF exports on all paid plans, and scheduled CSV exports on the Growth and Scale plans. A JSON "Download my data" personal-data export is also available on every plan. Export availability varies by plan.

Unless expressly agreed otherwise, the CSV, PDF, and scheduled exports are available during the Subscription Term and not after it ends. The JSON "Download my data" export is available during the Subscription Term and, as a data subject right, during the limited retention window after termination, expiry, or suspension, until Subscriber content is permanently deleted (see section 14.2).

The Subscriber is responsible for exporting required data before access ends or before the data is deleted.

14.2 Deletion after termination

Following termination or expiry of the subscription, Apex Edge Sales Engineering Limited will delete Subscriber content from active systems within 30 days unless retention is required by law, contract, dispute management, security, fraud prevention, accounting, or another legitimate business purpose.

14.3 Backup deletion

Subscriber content deleted from active systems may remain in backups for up to 30 days before expiry or overwriting in the ordinary backup cycle, unless longer retention is required for legal, security, disaster recovery, supplier-controlled backup cycles, or operational reasons.

14.4 Legal hold

Apex Edge Sales Engineering Limited may retain information where reasonably necessary to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain security, or preserve evidence.

15. Retention schedule

We keep data only where legally required or operationally necessary for the live service. Where data is no longer required, we delete it within 30 days, including from backups, unless an exception below applies. We do not keep a long-term anonymised audit dataset.

Data type Retention period
Billing, accounting, tax, invoice, payment, refund, and purchase order records 6 years from the end of the relevant financial year (legal and accounting requirement)
Contract acceptance evidence linked to a paid subscription (accepted terms version, timestamp, accepting user, subscription identifier) Retained with billing and legal records
Subscriber workspace content (opportunities, stakeholders, deal notes, proof and risk records, Technical Win records) 30 days after termination, expiry, trial non-conversion, or account closure
Generated outputs and artefacts 30 days (treated as subscriber content)
Stored exports (export files and metadata containing subscriber content) 30 days
Operational account and admin records 30 days after account closure, unless retained as billing or legal evidence
Support records 30 days after ticket closure
Security logs (sign-in events, IP addresses, authentication and admin-access events) 30 days
Operational logs (application, error, and request logs) 30 days
Product analytics and usage data 30 days
Transactional email records 30 days (suppression records kept only as needed to honour opt-out)
Privacy rights request records 30 days after closure, unless needed for legal evidence
Backups 30 days maximum
Records under legal hold or dispute Retained for as long as required for the claim, dispute, regulator request, or legal hold

Deletion may be paused or overridden only where required by a legal or accounting retention obligation, a legal hold, or an active security investigation, abuse-prevention, billing dispute, privacy dispute, regulator request, or legal claim.

16. Audits and information

16.1 Information provision

Apex Edge Sales Engineering Limited will make available information reasonably necessary to demonstrate compliance with this Data Processing Agreement, subject to confidentiality, security, and commercial sensitivity.

16.2 Audit process

Where required by Applicable Data Protection Law, the Subscriber may request an audit of Apex Edge Sales Engineering Limited's compliance with this Data Processing Agreement.

Any audit must be:

  • subject to reasonable prior written notice;
  • limited to once per 12-month period unless required by a regulator or following a confirmed personal data breach;
  • conducted during normal business hours;
  • conducted in a manner that does not disrupt the Service;
  • subject to confidentiality obligations;
  • limited to systems, processes, and records relevant to Subscriber Personal Data;
  • conducted by the Subscriber or an independent auditor approved by Apex Edge Sales Engineering Limited.

16.3 Alternative evidence

Apex Edge Sales Engineering Limited may satisfy audit requests by providing appropriate documentation, policies, third-party reports, security summaries, certifications, or responses to reasonable questionnaires, where available.

16.4 Costs

The Subscriber will bear its own audit costs. Apex Edge Sales Engineering Limited may charge reasonable fees for audit support unless the audit is required because of Apex Edge Sales Engineering Limited's confirmed material breach of this Data Processing Agreement.

17. Liability

Liability under this Data Processing Agreement is subject to the liability and indemnity provisions of the Agreement (including the Online Subscription Terms), unless expressly stated otherwise.

18. Conflict

If there is a conflict between this Data Processing Agreement and the rest of the Agreement in relation to processing of Subscriber Personal Data, this Data Processing Agreement prevails to the extent of the conflict.

If there is a conflict between this Data Processing Agreement and the UK International Data Transfer Agreement, UK Addendum, Standard Contractual Clauses, or another legally required transfer mechanism, the legally required transfer mechanism prevails to the extent required by Applicable Data Protection Law.

19. Term and survival

This Data Processing Agreement starts when Apex Edge Sales Engineering Limited begins processing Subscriber Personal Data on behalf of the Subscriber.

It continues for as long as Apex Edge Sales Engineering Limited processes Subscriber Personal Data on behalf of the Subscriber.

Obligations relating to confidentiality, deletion, return, legal hold, audit evidence, and international transfer safeguards survive termination for as long as required by Applicable Data Protection Law or the Agreement.

20. Contact points

Purpose Email
General enquiries contact@apexedgesalesengineering.com
Legal notices and contractual correspondence legal@apexedgesalesengineering.com
Billing, invoices, VAT, refunds, payment, and purchase orders billing@apexedgesalesengineering.com
Product support support@apexedgesalesengineering.com
Privacy, cookies, and data rights privacy@apexedgesalesengineering.com
Security reports and vulnerability concerns security@apexedgesalesengineering.com