Skip to main content

Legal

Product Privacy Notice

How Apex Edge Sales Engineering Limited collects, uses, and protects personal data in connection with ApexIQ WinCommand™.

Effective: 14 June 2026

Last reviewed: 14 June 2026

1. Who we are

Apex Edge Sales Engineering Limited is the organisation responsible for this privacy notice.

Field Details
Legal name Apex Edge Sales Engineering Limited
Company number 15821626
Registered office 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
ICO registration number ZB796431
General contact contact@apexedgesalesengineering.com
Privacy contact privacy@apexedgesalesengineering.com

This notice explains how Apex Edge Sales Engineering Limited handles personal data when operating ApexIQ WinCommand™.

2. What this notice covers

This notice covers personal data that Apex Edge Sales Engineering Limited processes as controller in connection with ApexIQ WinCommand™.

This may include personal data used for:

  • account administration;
  • authentication;
  • billing and subscription administration;
  • payment administration;
  • service communications;
  • operational usage records;
  • security monitoring;
  • fraud, abuse, and misuse prevention;
  • support administration;
  • legal, accounting, tax, and business records;
  • limited internal usage analysis to operate and improve the service, where used (we do not use third-party analytics or tracking);
  • responding to business enquiries.

This notice does not replace the Data Processing Agreement.

Where a subscriber enters personal data into ApexIQ WinCommand™ for its own Sales Engineering deal execution purposes, the subscriber is usually the controller and Apex Edge Sales Engineering Limited is usually the processor. That processing is governed by the Data Processing Agreement and the subscriber's own privacy information.

3. ApexIQ WinCommand™ in brief

ApexIQ WinCommand™ is a subscription software service that helps Sales Engineering teams run stage-by-stage deal execution with clearer coaching, artefact creation, proof capture, and inspection rhythm.

ApexIQ WinCommand™ is a system of action for Sales Engineering deal execution. The subscriber's customer relationship management system remains its system of record.

ApexIQ WinCommand™ is intended for business-to-business subscribers only. It is not intended for consumer use.

At launch, ApexIQ WinCommand™ does not include artificial intelligence-assisted outputs, document upload, or direct CRM integration, and may send emails or notifications to users.

4. Our controller and processor roles

Apex Edge Sales Engineering Limited may act as controller for some processing and processor for other processing.

4.1 Where we are controller

We are likely to act as controller when we process personal data for:

  • account setup and administration;
  • authentication and security access;
  • billing and payment administration;
  • subscription management;
  • service communications;
  • operational usage records;
  • security monitoring;
  • fraud, abuse, and misuse prevention;
  • support administration;
  • legal, accounting, tax, and business records;
  • managing our relationship with the subscriber.

4.2 Where we are processor

We are likely to act as processor when we process subscriber-controlled personal data entered into ApexIQ WinCommand™ for the subscriber's Sales Engineering deal execution purposes.

That may include opportunity data, stakeholder data, Technical Win information, proof records, validation notes, and other subscriber-controlled content. That processing is governed by the Data Processing Agreement.

5. Personal data we collect and use

5.1 Account and user data

We may process name, work email address, organisation, role or job title, subscriber workspace or tenant, account status, administrator status, user role and permissions, invitation records, password reset records, authentication records, multifactor authentication records, and session data.

Purpose: create and manage accounts; authenticate users; manage access; provide the service; keep the service secure; manage subscriptions; communicate with users.

Lawful basis: performance of a contract, where the user is the contracting party or authorised representative; legitimate interests in operating, securing, and administering a business-to-business SaaS service; legal obligation, where records must be retained or disclosed by law.

5.2 Billing and payment data

We may process billing contact name, billing email address, company name, billing address, invoice details, subscription plan, payment status, payment method metadata, transaction references, tax information, and purchase order information, where used.

Stripe may process payment information. Apex Edge Sales Engineering Limited does not receive raw payment card data where Stripe handles payment card processing.

Purpose: manage subscriptions; process payments; issue invoices; manage failed payments; manage refunds where applicable; maintain accounting and tax records; handle subscription renewals and cancellations.

Lawful basis: performance of contract; legitimate interests in billing and managing customer accounts; legal obligation for tax, accounting, and business records.

For billing and invoice questions, contact billing@apexedgesalesengineering.com. For privacy rights requests about billing data, contact privacy@apexedgesalesengineering.com.

5.3 Authentication and security data

We may process sign-in records, failed sign-in attempts, authentication tokens, session information, password reset records, multifactor authentication status, IP address, browser or device information, audit logs, administrative access logs, and security event records.

Purpose: authenticate users; protect accounts; prevent unauthorised access; detect misuse; investigate security issues; maintain auditability; protect subscribers and the service.

Lawful basis: legitimate interests in securing the service; performance of contract; legal obligation, where security or incident records are required.

5.4 Usage and operational data

We may process sign-in times, feature usage, activity logs, export events, account configuration, workspace activity, service errors, server request logs, HTTP request logs, and performance and debugging data.

Purpose: operate the service; troubleshoot issues; improve service reliability; debug errors; support users; prevent abuse; manage subscriptions; understand product usage at an operational level.

Lawful basis: legitimate interests in operating, securing, maintaining, and improving the service; performance of contract; legal obligation, where records are needed for security, audit, or compliance.

5.5 Support data

We may process name, work email address, organisation, support request content, affected user or workspace, screenshots or error messages, issue description, communication history, and troubleshooting records.

Subscribers and users should not include passwords, API keys, private keys, payment card data, special category personal data, or other Restricted Data in support requests.

Purpose: respond to support requests; troubleshoot issues; investigate defects; manage incidents; improve documentation and service quality.

Lawful basis: performance of contract; legitimate interests in supporting and improving the service; legal obligation, where support records relate to legal or security matters.

5.6 Service communications

We may process name, work email address, organisation, account status, subscription status, and service event information.

Purpose: send account verification messages; send password reset messages; send subscription notices; send service notifications; send usage or export notifications; send maintenance, security, or incident communications; send updates about terms, policies, or product changes.

Lawful basis: performance of contract; legitimate interests in administering and operating the service; legal obligation, where notices are legally required.

5.7 Business enquiries

We may process name, work email address, organisation, and the content of an enquiry when someone contacts us with a business enquiry.

Purpose: respond to enquiries and manage related business correspondence.

Lawful basis: legitimate interests in responding to business enquiries and managing our business relationships.

6. Subscriber-controlled content

Subscribers may enter personal data into ApexIQ WinCommand™ for Sales Engineering deal execution. This may include customer or prospect stakeholder names, work email addresses, job titles, buying roles, Champion information, Economic Buyer information, opportunity involvement, deal notes, technical validation information, proof records, and risk records.

For that data, the subscriber is usually the controller and Apex Edge Sales Engineering Limited is usually the processor.

The subscriber is responsible for ensuring that it has the right to enter that personal data into ApexIQ WinCommand™ and for providing appropriate privacy information to relevant individuals.

7. Restricted Data

Unless we expressly agree otherwise in writing, subscribers and users must not enter the following into ApexIQ WinCommand™:

  • special category personal data;
  • criminal offence data;
  • children's data;
  • raw payment card information;
  • passwords, secrets, private keys, API keys, or access tokens;
  • production customer data unrelated to Sales Engineering deal execution;
  • highly confidential security vulnerability information;
  • unlawful, infringing, defamatory, discriminatory, malicious, or harmful content;
  • information the subscriber is not authorised to process or disclose.

8. Cookies and similar technologies

ApexIQ WinCommand™ may use cookies or similar technologies that are necessary to provide authentication, session management, secure access, and authorised administrative functionality.

The essential technologies are:

Technology Purpose Essential? Consent required?
sb-[project-ref]-auth-token Maintains the authenticated session. Without this cookie, users cannot sign in to the service. Yes No
sb-[project-ref]-auth-token-code-verifier Used during the PKCE authentication flow to verify the authentication code exchange. Set briefly during sign-in and then deleted. Yes No
impersonation_session Set only for super-admin users conducting authorised impersonation of a tenant account. Contains a signed, time-limited session token. Not set for regular users. Yes No
notice_session_dismissed Set only when a user dismisses an in-product system notice. Remembers that dismissal for the current sign-in session. Stores only a dismissal marker. Not set for users who have not dismissed a notice. Yes No

Non-essential cookies or similar technologies are not used unless appropriate notice, consent, and withdrawal mechanisms are in place. ApexIQ WinCommand™ also uses browser local storage for functional interface preferences (for example, whether the navigation sidebar is collapsed and the last deal viewed). These entries stay on the user's device and are not used for tracking or analytics.

The ICO explains that PECR applies to cookies and similar technologies and that PECR sits alongside UK GDPR; organisations using cookies or similar technologies must consider both regimes. See the Cookie Notice for more detail.

9. Where personal data comes from

We may collect personal data:

  • directly from users when they register, sign in, subscribe, contact us, or use the service;
  • from subscriber administrators who invite or manage users;
  • from payment and subscription systems;
  • from authentication systems;
  • from service logs and security systems;
  • from support interactions;
  • from the subscriber's use of ApexIQ WinCommand™;
  • from suppliers used to provide the service.

Where personal data is entered into ApexIQ WinCommand™ by a subscriber about its customers, prospects, stakeholders, or business contacts, that personal data usually comes from the subscriber.

10. Who we share personal data with

We may share personal data with:

  • hosting, database, authentication, and infrastructure suppliers;
  • payment processors and billing platforms;
  • transactional email providers;
  • application hosting and content delivery providers;
  • support and operational suppliers, where used;
  • professional advisers, including solicitors, accountants, auditors, and insurers;
  • regulators, courts, law enforcement, tax authorities, or public bodies where required;
  • potential acquirers, investors, or successors in connection with a corporate transaction, subject to appropriate safeguards;
  • other parties where required to protect legal rights, security, subscribers, users, or the service.

Current suppliers include:

Supplier Service
Supabase Inc. Database, storage, and authentication infrastructure
Stripe, Inc. Payment processing, subscription management, invoicing, and customer portal
Resend, Inc. Transactional email delivery
Netlify, Inc. Application hosting, serverless function execution, and content delivery

These suppliers are listed in the Sub-processor List.

11. International transfers

Personal data may be hosted, processed, accessed, or supported outside the United Kingdom. Current suppliers include organisations based in the United States, and restricted international transfers may occur.

Where required by applicable data protection law, Apex Edge Sales Engineering Limited uses appropriate transfer safeguards, which may include:

  • the United Kingdom International Data Transfer Agreement;
  • the United Kingdom Addendum to European Commission Standard Contractual Clauses;
  • European Commission Standard Contractual Clauses;
  • supplier-provided transfer terms;
  • adequacy decisions;
  • other lawful transfer mechanisms.

Apex Edge Sales Engineering Limited will complete and maintain a transfer risk assessment where required for restricted transfers.

12. How long we keep personal data

We keep data only where legally required or operationally necessary for the live service. Where data is no longer required, we delete it within 30 days, including from backups, unless an exception below applies. We do not keep a long-term anonymised audit dataset.

Data type Retention period
Billing, accounting, tax, invoice, payment, refund, and purchase order records 6 years from the end of the relevant financial year (legal and accounting requirement)
Contract acceptance evidence linked to a paid subscription (accepted terms version, timestamp, accepting user, subscription identifier) Retained with billing and legal records
Subscriber workspace content (opportunities, stakeholders, deal notes, proof and risk records, Technical Win records) 30 days after termination, expiry, trial non-conversion, or account closure
Generated outputs and artefacts 30 days (treated as subscriber content)
Stored exports (export files and metadata containing subscriber content) 30 days
Operational account and admin records 30 days after account closure, unless retained as billing or legal evidence
Support records 30 days after ticket closure
Security logs (sign-in events, IP addresses, authentication and admin-access events) 30 days
Operational logs (application, error, and request logs) 30 days
Product analytics and usage data 30 days
Transactional email records 30 days (suppression records kept only as needed to honour opt-out)
Website and contact enquiry records 30 days, unless an active relationship, enquiry, consent, or legal basis applies
Privacy rights request records 30 days after closure, unless needed for legal evidence
Backups 30 days maximum
Records under legal hold or dispute Retained for as long as required for the claim, dispute, regulator request, or legal hold

Deletion may be paused or overridden only where required by a legal or accounting retention obligation, a legal hold, or an active security investigation, abuse-prevention, billing dispute, privacy dispute, regulator request, or legal claim.

13. Your rights

Depending on the circumstances and applicable law, individuals may have rights to:

  • access personal data;
  • correct inaccurate personal data;
  • request erasure;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • complain to a supervisory authority.

The rights available may depend on the lawful basis for processing.

Right to object

Where we rely on legitimate interests, individuals may have the right to object to that processing.

Withdrawing consent

Where we rely on consent, individuals can withdraw consent at any time. Withdrawing consent does not affect processing that happened before consent was withdrawn.

14. How to exercise rights

Requests should be sent to privacy@apexedgesalesengineering.com.

We may need to verify identity before responding.

If the request relates to personal data entered into ApexIQ WinCommand™ by a subscriber, we may need to refer the request to the subscriber where the subscriber is the controller.

15. Complaints

Individuals can contact Apex Edge Sales Engineering Limited at privacy@apexedgesalesengineering.com.

Individuals also have the right to complain to the Information Commissioner's Office, the United Kingdom supervisory authority for data protection.

16. Security

We use technical and organisational measures designed to protect personal data.

Security controls include:

  • HTTPS/TLS for encryption in transit;
  • role-based access control;
  • multifactor authentication;
  • administrative access controls;
  • audit logging;
  • backups;
  • support access controls.

17. Children

ApexIQ WinCommand™ is intended for business users only. It is not intended for children, and subscribers must not enter children's data into the service.

18. Automated decision-making

ApexIQ WinCommand™ may include scoring, recommendations, or automated risk indicators to support Sales Engineering execution.

These outputs are intended for operational support and human review. They are not intended to make legally significant decisions about individuals. At launch, the service does not include artificial intelligence-assisted outputs.

19. Changes to this notice

We may update this privacy notice from time to time.

Where changes are material, we may notify subscribers or users by email, in-product notice, website notice, or another reasonable method.

The updated notice will apply from the effective date stated in the notice.

20. Contact

For questions about this notice or how we handle personal data, contact:

Apex Edge Sales Engineering Limited, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.

Email: privacy@apexedgesalesengineering.com

21. Contact points

Purpose Email
General enquiries contact@apexedgesalesengineering.com
Legal notices and contractual correspondence legal@apexedgesalesengineering.com
Billing, invoices, VAT, refunds, payment, and purchase orders billing@apexedgesalesengineering.com
Product support support@apexedgesalesengineering.com
Privacy, cookies, and data rights privacy@apexedgesalesengineering.com
Security reports and vulnerability concerns security@apexedgesalesengineering.com