Skip to main content
Apex Edge Sales Engineering

ApexIQ WinCommand™

Apex Edge Sales Engineering

Legal

Privacy Policy

This policy explains how Apex Edge Sales Engineering collects, uses, and protects your personal data when you use ApexIQ WinCommand™.

Effective: 1 May 2026

Last reviewed: 15 May 2026

1. Who we are

Apex Edge Sales Engineering ("we", "us", "our") is the operator of ApexIQ WinCommand™ ("the Service"), a Sales Engineering management platform accessible at wincommand.apexedgesalesengineering.com.

We are the data controller for personal data processed in connection with the Service, registered in England and Wales. For data protection matters, contact us at contact@apexedgesalesengineering.com.

2. Data we collect

Account and identity data

  • Full name and email address
  • Company or organisation name
  • Password (stored as a one-way cryptographic hash - we never see your plaintext password)
  • Job role within your organisation (if provided)

Usage and activity data

  • Records you create within the Service (deals, assessments, scores)
  • Feature usage events, timestamps, last active date
  • Actions taken within the platform (audit log)

Technical data

  • IP address (captured at login and for security monitoring)
  • Browser type and version (via session cookies)
  • Session tokens (stored in strictly necessary cookies)

Billing data

  • Subscription status, plan, and billing interval
  • Invoice history
  • Payment card metadata (last 4 digits, card type, expiry - provided by Stripe; we never receive or store full card numbers)

3. How we use your data

Purpose Legal basis
Providing and operating the Service - creating your account, authenticating you, storing your records Performance of contract
Sending account and service notifications (email verification, password reset, subscription confirmation, usage alerts) Performance of contract / Legitimate interests
Billing and subscription management via Stripe Performance of contract / Legal obligation
Security monitoring, fraud prevention, and abuse detection Legitimate interests
Complying with legal obligations (tax records, regulatory requests) Legal obligation
Sending product updates relevant to your active subscription Legitimate interests
Improving the Service through aggregated, anonymised usage analysis Legitimate interests

We do not use your data for advertising, profiling for marketing purposes, or automated decision-making that produces legal or similarly significant effects.

4. Legal bases for processing (UK GDPR)

  • Performance of contract: Processing necessary to deliver the Service under our Terms of Service - account creation, authentication, service operation, billing.
  • Legitimate interests: Security, fraud prevention, service improvement, and direct marketing to existing customers (where you have a reasonable expectation of hearing from us). We have carried out a balancing test and determined our interests do not override your rights.
  • Legal obligation: Tax and accounting records, responding to lawful requests from authorities.

5. Data sharing and sub-processors

We share personal data only with service providers ("sub-processors") that are necessary to operate the Service. We do not sell personal data. We do not share data with advertisers or data brokers.

Sub-processor Location Purpose
Supabase Inc. EU (Frankfurt) Database, file storage, and user authentication
Stripe Inc. United States Payment processing and subscription management
Resend Inc. United States Transactional email delivery
Netlify Inc. United States Application hosting and content delivery

For the full list of sub-processors, including transfer safeguards, see our Sub-processors page.

6. International data transfers

Your data is stored in the EU (Supabase, hosted on AWS Frankfurt region). Some of our sub-processors operate from the United States. Transfers to those sub-processors are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and
  • UK International Data Transfer Agreements (IDTAs) as required under UK GDPR.

We do not transfer data to countries without an adequate level of protection unless protected by the above safeguards.

7. Data retention

Data category Retention period
Account and identity data Duration of subscription plus 7 years (legal and tax obligations)
Usage and activity records 2 years from creation, or until account deletion
Billing records and invoices 7 years (HMRC requirement)
Audit log entries 7 years (retained in anonymised form after account deletion)
Security and access logs (IP addresses) 90 days

When you delete your account, your personal data (name, email) is anonymised immediately. Records you created (deals, scores, assessments) are retained for your team but disassociated from your identity. Audit log entries are retained in anonymised form for 7 years to meet our legal obligations.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction: Ask us to pause processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format (JSON). Available directly from Settings → Account in the application.
  • Right to object: Object to processing based on legitimate interests.
  • Rights related to automated decision-making: We do not make solely automated decisions with significant effects.

To exercise any right, contact us at contact@apexedgesalesengineering.com. We will respond within one calendar month. We may need to verify your identity before processing the request.

9. Account self-service

Authenticated users can exercise the following rights directly within the Service without contacting us:

  • Download a JSON export of all personal data tied to your account - Settings → Account → Download my data
  • Delete your account and anonymise your personal data - Settings → Account → Delete my account

10. Cookies

We use only strictly necessary cookies to operate the Service. We do not use analytics, advertising, or third-party tracking cookies. For full details, see our Cookie Policy.

11. Security

We implement appropriate technical and organisational security measures, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security on all database tables - users can only access their own organisation's data
  • Role-based access controls within each tenant workspace
  • Audit logging of all significant actions
  • Service-role credential isolation - admin keys are never exposed client-side

If you discover a security vulnerability, please report it to contact@apexedgesalesengineering.com.

12. Changes to this policy

We will notify you by email at least 14 days before any material changes to this Privacy Policy take effect. Non-material updates (corrections, clarifications) may be made at any time. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

The current version of this policy is always available at wincommand.apexedgesalesengineering.com/legal/privacy-policy.

13. Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority:

  • Website: ico.org.uk
  • Telephone: 0303 123 1113

We would appreciate the opportunity to address your concern directly before you contact the ICO. Please reach out to us first at contact@apexedgesalesengineering.com.