Legal
Product Privacy Notice
How Apex Edge Sales Engineering Limited collects, uses, and protects personal data in connection with ApexIQ WinCommand™.
Effective: 14 June 2026
Last reviewed: 14 June 2026
1. Who we are
Apex Edge Sales Engineering Limited is the organisation responsible for this privacy notice.
| Field | Details |
|---|---|
| Legal name | Apex Edge Sales Engineering Limited |
| Company number | 15821626 |
| Registered office | 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom |
| ICO registration number | ZB796431 |
| General contact | contact@apexedgesalesengineering.com |
| Privacy contact | privacy@apexedgesalesengineering.com |
This notice explains how Apex Edge Sales Engineering Limited handles personal data when operating ApexIQ WinCommand™.
2. What this notice covers
This notice covers personal data that Apex Edge Sales Engineering Limited processes as controller in connection with ApexIQ WinCommand™.
This may include personal data used for:
- account administration;
- authentication;
- billing and subscription administration;
- payment administration;
- service communications;
- operational usage records;
- security monitoring;
- fraud, abuse, and misuse prevention;
- support administration;
- legal, accounting, tax, and business records;
- limited internal usage analysis to operate and improve the service, where used (we do not use third-party analytics or tracking);
- responding to business enquiries.
This notice does not replace the Data Processing Agreement.
Where a subscriber enters personal data into ApexIQ WinCommand™ for its own Sales Engineering deal execution purposes, the subscriber is usually the controller and Apex Edge Sales Engineering Limited is usually the processor. That processing is governed by the Data Processing Agreement and the subscriber's own privacy information.
3. ApexIQ WinCommand™ in brief
ApexIQ WinCommand™ is a subscription software service that helps Sales Engineering teams run stage-by-stage deal execution with clearer coaching, artefact creation, proof capture, and inspection rhythm.
ApexIQ WinCommand™ is a system of action for Sales Engineering deal execution. The subscriber's customer relationship management system remains its system of record.
ApexIQ WinCommand™ is intended for business-to-business subscribers only. It is not intended for consumer use.
At launch, ApexIQ WinCommand™ does not include artificial intelligence-assisted outputs, document upload, or direct CRM integration, and may send emails or notifications to users.
4. Our controller and processor roles
Apex Edge Sales Engineering Limited may act as controller for some processing and processor for other processing.
4.1 Where we are controller
We are likely to act as controller when we process personal data for:
- account setup and administration;
- authentication and security access;
- billing and payment administration;
- subscription management;
- service communications;
- operational usage records;
- security monitoring;
- fraud, abuse, and misuse prevention;
- support administration;
- legal, accounting, tax, and business records;
- managing our relationship with the subscriber.
4.2 Where we are processor
We are likely to act as processor when we process subscriber-controlled personal data entered into ApexIQ WinCommand™ for the subscriber's Sales Engineering deal execution purposes.
That may include opportunity data, stakeholder data, Technical Win information, proof records, validation notes, and other subscriber-controlled content. That processing is governed by the Data Processing Agreement.
5. Personal data we collect and use
5.1 Account and user data
We may process name, work email address, organisation, role or job title, subscriber workspace or tenant, account status, administrator status, user role and permissions, invitation records, password reset records, authentication records, multifactor authentication records, and session data.
Purpose: create and manage accounts; authenticate users; manage access; provide the service; keep the service secure; manage subscriptions; communicate with users.
Lawful basis: performance of a contract, where the user is the contracting party or authorised representative; legitimate interests in operating, securing, and administering a business-to-business SaaS service; legal obligation, where records must be retained or disclosed by law.
5.2 Billing and payment data
We may process billing contact name, billing email address, company name, billing address, invoice details, subscription plan, payment status, payment method metadata, transaction references, tax information, and purchase order information, where used.
Stripe may process payment information. Apex Edge Sales Engineering Limited does not receive raw payment card data where Stripe handles payment card processing.
Purpose: manage subscriptions; process payments; issue invoices; manage failed payments; manage refunds where applicable; maintain accounting and tax records; handle subscription renewals and cancellations.
Lawful basis: performance of contract; legitimate interests in billing and managing customer accounts; legal obligation for tax, accounting, and business records.
For billing and invoice questions, contact billing@apexedgesalesengineering.com. For privacy rights requests about billing data, contact privacy@apexedgesalesengineering.com.
5.3 Authentication and security data
We may process sign-in records, failed sign-in attempts, authentication tokens, session information, password reset records, multifactor authentication status, IP address, browser or device information, audit logs, administrative access logs, and security event records.
Purpose: authenticate users; protect accounts; prevent unauthorised access; detect misuse; investigate security issues; maintain auditability; protect subscribers and the service.
Lawful basis: legitimate interests in securing the service; performance of contract; legal obligation, where security or incident records are required.
5.4 Usage and operational data
We may process sign-in times, feature usage, activity logs, export events, account configuration, workspace activity, service errors, server request logs, HTTP request logs, and performance and debugging data.
Purpose: operate the service; troubleshoot issues; improve service reliability; debug errors; support users; prevent abuse; manage subscriptions; understand product usage at an operational level.
Lawful basis: legitimate interests in operating, securing, maintaining, and improving the service; performance of contract; legal obligation, where records are needed for security, audit, or compliance.
5.5 Support data
We may process name, work email address, organisation, support request content, affected user or workspace, screenshots or error messages, issue description, communication history, and troubleshooting records.
Subscribers and users should not include passwords, API keys, private keys, payment card data, special category personal data, or other Restricted Data in support requests.
Purpose: respond to support requests; troubleshoot issues; investigate defects; manage incidents; improve documentation and service quality.
Lawful basis: performance of contract; legitimate interests in supporting and improving the service; legal obligation, where support records relate to legal or security matters.
5.6 Service communications
We may process name, work email address, organisation, account status, subscription status, and service event information.
Purpose: send account verification messages; send password reset messages; send subscription notices; send service notifications; send usage or export notifications; send maintenance, security, or incident communications; send updates about terms, policies, or product changes.
Lawful basis: performance of contract; legitimate interests in administering and operating the service; legal obligation, where notices are legally required.
5.7 Business enquiries
We may process name, work email address, organisation, and the content of an enquiry when someone contacts us with a business enquiry.
Purpose: respond to enquiries and manage related business correspondence.
Lawful basis: legitimate interests in responding to business enquiries and managing our business relationships.
6. Subscriber-controlled content
Subscribers may enter personal data into ApexIQ WinCommand™ for Sales Engineering deal execution. This may include customer or prospect stakeholder names, work email addresses, job titles, buying roles, Champion information, Economic Buyer information, opportunity involvement, deal notes, technical validation information, proof records, and risk records.
For that data, the subscriber is usually the controller and Apex Edge Sales Engineering Limited is usually the processor.
The subscriber is responsible for ensuring that it has the right to enter that personal data into ApexIQ WinCommand™ and for providing appropriate privacy information to relevant individuals.
7. Restricted Data
Unless we expressly agree otherwise in writing, subscribers and users must not enter the following into ApexIQ WinCommand™:
- special category personal data;
- criminal offence data;
- children's data;
- raw payment card information;
- passwords, secrets, private keys, API keys, or access tokens;
- production customer data unrelated to Sales Engineering deal execution;
- highly confidential security vulnerability information;
- unlawful, infringing, defamatory, discriminatory, malicious, or harmful content;
- information the subscriber is not authorised to process or disclose.
8. Cookies and similar technologies
ApexIQ WinCommand™ may use cookies or similar technologies that are necessary to provide authentication, session management, secure access, and authorised administrative functionality.
The essential technologies are:
| Technology | Purpose | Essential? | Consent required? |
|---|---|---|---|
| sb-[project-ref]-auth-token | Maintains the authenticated session. Without this cookie, users cannot sign in to the service. | Yes | No |
| sb-[project-ref]-auth-token-code-verifier | Used during the PKCE authentication flow to verify the authentication code exchange. Set briefly during sign-in and then deleted. | Yes | No |
| impersonation_session | Set only for super-admin users conducting authorised impersonation of a tenant account. Contains a signed, time-limited session token. Not set for regular users. | Yes | No |
| notice_session_dismissed | Set only when a user dismisses an in-product system notice. Remembers that dismissal for the current sign-in session. Stores only a dismissal marker. Not set for users who have not dismissed a notice. | Yes | No |
Non-essential cookies or similar technologies are not used unless appropriate notice, consent, and withdrawal mechanisms are in place. ApexIQ WinCommand™ also uses browser local storage for functional interface preferences (for example, whether the navigation sidebar is collapsed and the last deal viewed). These entries stay on the user's device and are not used for tracking or analytics.
The ICO explains that PECR applies to cookies and similar technologies and that PECR sits alongside UK GDPR; organisations using cookies or similar technologies must consider both regimes. See the Cookie Notice for more detail.
9. Where personal data comes from
We may collect personal data:
- directly from users when they register, sign in, subscribe, contact us, or use the service;
- from subscriber administrators who invite or manage users;
- from payment and subscription systems;
- from authentication systems;
- from service logs and security systems;
- from support interactions;
- from the subscriber's use of ApexIQ WinCommand™;
- from suppliers used to provide the service.
Where personal data is entered into ApexIQ WinCommand™ by a subscriber about its customers, prospects, stakeholders, or business contacts, that personal data usually comes from the subscriber.
10. Who we share personal data with
We may share personal data with:
- hosting, database, authentication, and infrastructure suppliers;
- payment processors and billing platforms;
- transactional email providers;
- application hosting and content delivery providers;
- support and operational suppliers, where used;
- professional advisers, including solicitors, accountants, auditors, and insurers;
- regulators, courts, law enforcement, tax authorities, or public bodies where required;
- potential acquirers, investors, or successors in connection with a corporate transaction, subject to appropriate safeguards;
- other parties where required to protect legal rights, security, subscribers, users, or the service.
Current suppliers include:
| Supplier | Service |
|---|---|
| Supabase Inc. | Database, storage, and authentication infrastructure |
| Stripe, Inc. | Payment processing, subscription management, invoicing, and customer portal |
| Resend, Inc. | Transactional email delivery |
| Netlify, Inc. | Application hosting, serverless function execution, and content delivery |
These suppliers are listed in the Sub-processor List.
11. International transfers
Personal data may be hosted, processed, accessed, or supported outside the United Kingdom. Current suppliers include organisations based in the United States, and restricted international transfers may occur.
Where required by applicable data protection law, Apex Edge Sales Engineering Limited uses appropriate transfer safeguards, which may include:
- the United Kingdom International Data Transfer Agreement;
- the United Kingdom Addendum to European Commission Standard Contractual Clauses;
- European Commission Standard Contractual Clauses;
- supplier-provided transfer terms;
- adequacy decisions;
- other lawful transfer mechanisms.
Apex Edge Sales Engineering Limited will complete and maintain a transfer risk assessment where required for restricted transfers.
12. How long we keep personal data
We keep data only where legally required or operationally necessary for the live service. Where data is no longer required, we delete it within 30 days, including from backups, unless an exception below applies. We do not keep a long-term anonymised audit dataset.
| Data type | Retention period |
|---|---|
| Billing, accounting, tax, invoice, payment, refund, and purchase order records | 6 years from the end of the relevant financial year (legal and accounting requirement) |
| Contract acceptance evidence linked to a paid subscription (accepted terms version, timestamp, accepting user, subscription identifier) | Retained with billing and legal records |
| Subscriber workspace content (opportunities, stakeholders, deal notes, proof and risk records, Technical Win records) | 30 days after termination, expiry, trial non-conversion, or account closure |
| Generated outputs and artefacts | 30 days (treated as subscriber content) |
| Stored exports (export files and metadata containing subscriber content) | 30 days |
| Operational account and admin records | 30 days after account closure, unless retained as billing or legal evidence |
| Support records | 30 days after ticket closure |
| Security logs (sign-in events, IP addresses, authentication and admin-access events) | 30 days |
| Operational logs (application, error, and request logs) | 30 days |
| Product analytics and usage data | 30 days |
| Transactional email records | 30 days (suppression records kept only as needed to honour opt-out) |
| Website and contact enquiry records | 30 days, unless an active relationship, enquiry, consent, or legal basis applies |
| Privacy rights request records | 30 days after closure, unless needed for legal evidence |
| Backups | 30 days maximum |
| Records under legal hold or dispute | Retained for as long as required for the claim, dispute, regulator request, or legal hold |
Deletion may be paused or overridden only where required by a legal or accounting retention obligation, a legal hold, or an active security investigation, abuse-prevention, billing dispute, privacy dispute, regulator request, or legal claim.
13. Your rights
Depending on the circumstances and applicable law, individuals may have rights to:
- access personal data;
- correct inaccurate personal data;
- request erasure;
- restrict processing;
- object to processing;
- request data portability;
- withdraw consent where processing is based on consent;
- complain to a supervisory authority.
The rights available may depend on the lawful basis for processing.
Right to object
Where we rely on legitimate interests, individuals may have the right to object to that processing.
Withdrawing consent
Where we rely on consent, individuals can withdraw consent at any time. Withdrawing consent does not affect processing that happened before consent was withdrawn.
14. How to exercise rights
Requests should be sent to privacy@apexedgesalesengineering.com.
We may need to verify identity before responding.
If the request relates to personal data entered into ApexIQ WinCommand™ by a subscriber, we may need to refer the request to the subscriber where the subscriber is the controller.
15. Complaints
Individuals can contact Apex Edge Sales Engineering Limited at privacy@apexedgesalesengineering.com.
Individuals also have the right to complain to the Information Commissioner's Office, the United Kingdom supervisory authority for data protection.
16. Security
We use technical and organisational measures designed to protect personal data.
Security controls include:
- HTTPS/TLS for encryption in transit;
- role-based access control;
- multifactor authentication;
- administrative access controls;
- audit logging;
- backups;
- support access controls.
17. Children
ApexIQ WinCommand™ is intended for business users only. It is not intended for children, and subscribers must not enter children's data into the service.
18. Automated decision-making
ApexIQ WinCommand™ may include scoring, recommendations, or automated risk indicators to support Sales Engineering execution.
These outputs are intended for operational support and human review. They are not intended to make legally significant decisions about individuals. At launch, the service does not include artificial intelligence-assisted outputs.
19. Changes to this notice
We may update this privacy notice from time to time.
Where changes are material, we may notify subscribers or users by email, in-product notice, website notice, or another reasonable method.
The updated notice will apply from the effective date stated in the notice.
20. Contact
For questions about this notice or how we handle personal data, contact:
Apex Edge Sales Engineering Limited, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.
Email: privacy@apexedgesalesengineering.com
21. Contact points
| Purpose | |
|---|---|
| General enquiries | contact@apexedgesalesengineering.com |
| Legal notices and contractual correspondence | legal@apexedgesalesengineering.com |
| Billing, invoices, VAT, refunds, payment, and purchase orders | billing@apexedgesalesengineering.com |
| Product support | support@apexedgesalesengineering.com |
| Privacy, cookies, and data rights | privacy@apexedgesalesengineering.com |
| Security reports and vulnerability concerns | security@apexedgesalesengineering.com |