Skip to main content

Legal

Sub-processor List

The third-party suppliers that may process personal data when you use ApexIQ WinCommand™.

Effective: 14 June 2026

Last reviewed: 14 June 2026

1. Purpose

This Sub-processor List identifies third-party suppliers that Apex Edge Sales Engineering Limited may use to provide, host, secure, support, bill, notify, or operate ApexIQ WinCommand™.

This document supports:

  • the Online Subscription Terms;
  • the Data Processing Agreement;
  • the Service Description;
  • the Privacy Notice;
  • procurement documentation.

2. Scope

This list covers suppliers that may process personal data on behalf of Apex Edge Sales Engineering Limited in connection with ApexIQ WinCommand™.

It does not cover:

  • subscriber-selected third-party systems;
  • unauthorised subscriber integrations;
  • the subscriber's own CRM;
  • the subscriber's own identity provider, unless separately integrated;
  • public website suppliers not used for ApexIQ WinCommand™;
  • suppliers that process personal data solely as independent controllers, except where listed for transparency.

3. Supplier role note

Some suppliers may act as processors, sub-processors, independent controllers, or a combination depending on the processing activity.

For example, payment providers may act as independent controllers for some payment compliance, fraud prevention, tax, and regulatory activities, while also providing processor or service-provider functionality for billing operations.

4. Current sub-processors

Supplier Service Data processed Location and access Role
Supabase Inc. Relational database, object storage, and user authentication infrastructure Customer and user personal data stored in the service, including names, email addresses, records, audit logs, and exports Hosted in the European Union (Ireland); supplier incorporated in the United States; support or access from outside the United Kingdom may occur Sub-processor
Stripe, Inc. Payment processing, subscription management, invoicing, and the Stripe Customer Portal Billing contact name, billing email, company name, and payment method metadata such as last 4 digits and card type. Raw card data is handled by Stripe; Apex Edge Sales Engineering Limited does not receive raw card data United States supplier May act as controller and/or processor depending on the activity
Resend, Inc. Transactional email delivery for account verification, password reset, subscription notifications, usage alerts, and export notifications Recipient name and email address; email body content, which may include name, subscription details, or notification content United States supplier Sub-processor
Netlify, Inc. Application hosting, serverless function execution, scoring APIs, export generation, scheduled functions, and global content delivery IP addresses, HTTP request logs, serverless function data, and data processed through hosted application functions United States supplier; global content delivery network Sub-processor

5. Data categories processed

Sub-processors may process some or all of the following categories depending on the service provided:

Data category Examples
Account contact data Name, work email address, organisation, role.
Billing data Billing contact, company name, billing email, invoice information, payment method metadata.
Authentication data Sign-in credentials, password reset information, authentication tokens, session data, multifactor authentication records.
Usage data Sign-in times, activity logs, request logs, feature use, export events.
Subscriber content Opportunity data, stakeholder data, deal information, Technical Win information, proof and validation information.
Export data Export files (CSV, PDF, and JSON exports) and related export notifications.
Notification data Recipient details and email content for transactional messages.
Technical data IP addresses, device data, browser data, server logs, error logs, audit logs.

6. Data subject categories

Sub-processors may process personal data relating to:

  • subscriber administrators;
  • authorised users;
  • Sales Engineering leaders;
  • Sales Engineers;
  • Account Executives;
  • revenue leaders;
  • executive viewers;
  • guest users, where permitted;
  • subscriber billing contacts;
  • customer or prospect stakeholders entered by the subscriber;
  • technical evaluators;
  • procurement contacts;
  • Economic Buyers;
  • Champions;
  • other business contacts entered by the subscriber or its users.

7. Restricted Data

Subscribers must not enter Restricted Data into ApexIQ WinCommand™ unless expressly approved in writing by Apex Edge Sales Engineering Limited.

Restricted Data includes:

  • special category personal data;
  • criminal offence data;
  • children's data;
  • raw payment card information;
  • passwords, secrets, private keys, API keys, or access tokens;
  • production customer data unrelated to Sales Engineering deal execution;
  • highly confidential security vulnerability information;
  • unlawful, infringing, defamatory, discriminatory, malicious, or harmful content;
  • information the subscriber is not authorised to process or disclose.

Sub-processors are not approved to process Restricted Data unless expressly stated in the Agreement and supported by appropriate legal, security, and supplier review.

8. International transfers

ApexIQ WinCommand™ may involve processing, hosting, support, or access outside the United Kingdom, and restricted international transfers may occur.

Where required by Applicable Data Protection Law, Apex Edge Sales Engineering Limited uses appropriate transfer safeguards, which may include the UK International Data Transfer Agreement, the UK Addendum, European Commission Standard Contractual Clauses, supplier-provided transfer terms, adequacy decisions, or other lawful transfer mechanisms, and will complete and maintain a transfer risk assessment where required.

9. Sub-processor appointment standard

Before appointing or continuing to use a sub-processor for ApexIQ WinCommand™, Apex Edge Sales Engineering Limited requires, where required by Applicable Data Protection Law, that the supplier provides appropriate commitments covering:

  • data processing terms;
  • confidentiality;
  • technical and organisational security measures;
  • sub-processor flow-down obligations;
  • international transfer safeguards;
  • incident notification;
  • deletion or return;
  • audit or assurance information;
  • retention;
  • support access controls;
  • data location;
  • service continuity;
  • supplier sub-processor changes.

10. Sub-processor change notice

Apex Edge Sales Engineering Limited may update this Sub-processor List from time to time.

Before appointing a new sub-processor that materially affects processing of Subscriber Personal Data, Apex Edge Sales Engineering Limited will provide notice by one or more of the following methods:

  • email notice;
  • account notice;
  • website update;
  • updated Sub-processor List;
  • other reasonable method.

The notice period and objection process match the Data Processing Agreement. Subscribers may object to a new sub-processor on reasonable data protection grounds within 10 business days after notice. If the objection is reasonable and cannot be resolved, Apex Edge Sales Engineering Limited may not appoint the sub-processor for that subscriber, offer an alternative, suspend affected functionality, or terminate the affected subscription with a pro-rata refund of prepaid unused fees for the affected period.

11. Emergency sub-processors

Apex Edge Sales Engineering Limited may need to appoint or use a supplier urgently for security, incident response, legal compliance, service continuity, or emergency operational reasons.

Where practicable and lawful, Apex Edge Sales Engineering Limited will notify affected subscribers of emergency sub-processor use as soon as reasonably practicable.

12. Supplier removal

Apex Edge Sales Engineering Limited may remove or replace a sub-processor from time to time.

Removal or replacement may occur because of:

  • product changes;
  • supplier changes;
  • security reasons;
  • legal or regulatory requirements;
  • cost or operational reasons;
  • service improvement;
  • supplier termination;
  • subscriber or procurement requirements.

Where a supplier is removed, Apex Edge Sales Engineering Limited will confirm, where applicable, whether data has been deleted, returned, archived, retained under legal hold, or retained under supplier backup cycles.

13. Subscriber-selected suppliers

If the subscriber uses its own third-party tools, browser extensions, identity provider, CRM, scripts, automation tools, integrations, or export destinations with ApexIQ WinCommand™, those services are not sub-processors of Apex Edge Sales Engineering Limited unless expressly agreed in writing.

The subscriber is responsible for:

  • selecting those suppliers;
  • configuring them securely;
  • ensuring lawful data transfers;
  • managing access;
  • ensuring appropriate contracts and data processing terms;
  • complying with privacy and security requirements;
  • handling data exported from ApexIQ WinCommand™.

14. Contact points

Purpose Email
General enquiries contact@apexedgesalesengineering.com
Legal notices and contractual correspondence legal@apexedgesalesengineering.com
Billing, invoices, VAT, refunds, payment, and purchase orders billing@apexedgesalesengineering.com
Product support support@apexedgesalesengineering.com
Privacy, cookies, and data rights privacy@apexedgesalesengineering.com
Security reports and vulnerability concerns security@apexedgesalesengineering.com