Legal
Sub-processors
This page lists all third-party sub-processors engaged by Apex Edge Sales Engineering to process personal data in connection with ApexIQ WinCommand™.
Effective: 1 May 2026
Last reviewed: 15 May 2026
Apex Edge Sales Engineering acts as a data processor on behalf of its Customers (who are the data controllers). The companies listed below are sub-processors - third parties to whom Apex Edge Sales Engineering has delegated specific processing activities. All sub-processors are subject to data processing agreements with Apex Edge Sales Engineering. Where personal data is transferred outside the UK or EEA, appropriate transfer safeguards are in place.
Current sub-processors
| Sub-processor | Entity / Country | Purpose | Data processed | Transfer safeguard |
|---|---|---|---|---|
| Supabase | Supabase Inc. (US) / Hosted: EU (AWS Frankfurt, eu-central-1) | Relational database, object storage (file exports), and user authentication infrastructure | All Customer and user personal data stored in the Service: names, email addresses, records, audit logs, exports | Data stored in EU region. SCCs / IDTAs apply for any Supabase Inc. (US entity) processing. |
| Stripe | Stripe, Inc. (United States) | Payment processing, subscription management, invoicing, and the Stripe Customer Portal | Billing contact name and email address, company name, payment method metadata (last 4 digits, card type - Stripe handles raw card data under PCI DSS; we never receive it) | EU Standard Contractual Clauses; UK IDTA |
| Resend | Resend, Inc. (United States) | Transactional email delivery (account verification, password reset, subscription notifications, usage alerts, export notifications) | Recipient name and email address; email body content (which may include your name, subscription details, or notification content) | EU Standard Contractual Clauses; UK IDTA |
| Netlify | Netlify, Inc. (United States) | Application hosting, serverless function execution (scoring APIs, export generation, scheduled functions), and global content delivery | IP addresses and HTTP request logs (retained for up to 30 days for security and debugging purposes) | EU Standard Contractual Clauses; UK IDTA |
Data residency
Customer personal data (account records, deals, assessments, scores, audit logs, and exports) is stored in Supabase's EU region (AWS Frankfurt, eu-central-1). This ensures data residency within the European Economic Area for stored data at rest.
Requests to the application pass through Netlify's global CDN infrastructure. Netlify processes request metadata (IP addresses, headers) in the United States, covered by SCCs/IDTAs as noted above.
Transfer safeguards
Where personal data is transferred to sub-processors operating outside the UK or EEA, Apex Edge Sales Engineering relies on the following transfer mechanisms:
| Mechanism | Applies to |
|---|---|
| EU Standard Contractual Clauses (SCCs) - Commission Implementing Decision (EU) 2021/914 | Transfers from EEA to the United States (Stripe, Resend, Netlify, Supabase Inc.) |
| UK International Data Transfer Agreement (IDTA) - approved by the UK ICO | Transfers from the UK to the United States under UK GDPR |
Copies of the relevant SCCs and IDTAs are available on request from contact@apexedgesalesengineering.com.
Changes to this list
Apex Edge Sales Engineering will provide at least 30 days' advance notice of any planned addition to or replacement of sub-processors. Notice is given by updating this page and, where feasible, by email notification to Customer tenant administrators.
Customers have the right to object to the engagement of a new sub-processor on data protection grounds, as described in clause 6 of the Data Processing Addendum.
Contact
For questions about sub-processors or transfer safeguards, contact contact@apexedgesalesengineering.com.