Privacy Policy

1) Who We Are & Contact

Controller: Apollo – Next (legal entity details to be inserted). If you have questions about this Policy or our data practices, you may contact us at:

• Email: [email protected]
• Postal: Apollo – Next, Attn: Privacy, 123 Example Street, City, Country

If applicable, our Data Protection Officer (DPO) can be reached at: [email protected] .

2) Data We Collect

2.1 Data you provide to us

• Account & Identity: name, username, password (hashed), profile details, preferred language.
• Contact: email address, phone number, postal address.
• Business/Professional: company name, role, VAT/tax ID where relevant.
• Customer Support: messages, attachments, feedback, survey responses.
• Payments & Billing: billing address, transaction details (processed via PCI-compliant providers; we do not store full card numbers).
• Content & Files: documents, images, or other materials you upload or submit through the Services.

2.2 Data collected automatically

• Device/Log: IP address, device IDs, browser type, operating system, pages viewed, referring/exit pages, timestamps, crash/error logs.
• Usage & Analytics: feature usage, session duration, clickstream, performance metrics, coarse location (derived from IP).
• Cookies/SDKs/Pixels: identifiers used for essential functionality, analytics, personalization, and (where permitted) advertising.

2.3 Data from other sources

• Partners & Vendors: analytics, CRM, payment processors, identity verification, fraud-prevention services.
• Public & Third-Party: public records, professional networks, marketing leads, or consent-based lists.

Sensitive data: We do not seek to collect sensitive personal data (e.g., health, biometric, precise location) unless necessary and lawful (e.g., security or compliance) and only with appropriate safeguards and, where required, your explicit consent.

3) Sources of Personal Data

We obtain personal data directly from you, automatically via your use of the Services, and from third parties that support our operations or publicly available sources, as described above.

4) Purposes & Legal Bases

We process personal data for the purposes below. Under the EU/UK GDPR, our legal bases typically include performance of a contract , legitimate interests , consent , and legal obligations :

• Provide the Services (set up accounts, enable features, troubleshoot) — Contract; Legitimate interests.
• Billing & Transactions (process payments, prevent fraud) — Contract; Legitimate interests; Legal obligations.
• Support & Communications (respond to requests, send service-related notices) — Contract; Legitimate interests.
• Analytics & Improvement (measure usage, test, research, product development) — Legitimate interests; Consent where required.
• Personalization (remember settings, tailor content) — Legitimate interests; Consent where required.
• Marketing (newsletters, offers) — Consent; Legitimate interests (opt-out available).
• Security & Abuse Prevention (detect, investigate, and prevent fraud or misuse) — Legitimate interests; Legal obligations.
• Compliance (tax, accounting, regulatory requests, disputes) — Legal obligations; Legitimate interests.

You may withdraw consent at any time where consent is the legal basis. Withdrawal does not affect prior lawful processing.

5) Cookies & Similar Technologies

We use first- and third-party cookies, SDKs, and pixels to operate, secure, and improve the Services. Categories include:

• Strictly Necessary: essential for login, session management, and core features.
• Performance/Analytics: help us understand usage and improve the Services.
• Functional: remember preferences and enhance features.
• Advertising/Targeting: measure campaigns and show relevant content (used only where permitted by law).

Where required, we request your consent via a cookie banner. You can manage preferences through our cookie settings panel (link or button to be inserted) and your browser controls.

6) How We Share Data

We may share personal data with:

• Service Providers/Processors: hosting, infrastructure, analytics, customer support, communications, payments, fraud prevention.
• Business Partners: with your consent or as part of features you enable.
• Corporate Transactions: in connection with a merger, acquisition, asset sale, financing, or similar event (we will take steps to ensure appropriate protections).
• Legal & Safety: to comply with law or protect rights, safety, and security, including enforcing terms and investigating misuse.

We do not sell personal information as the term “sell” is defined by the CCPA/CPRA. We may “share” personal information for cross-context behavioral advertising only with your consent where required and subject to your right to opt out.

7) International Transfers

Your data may be processed in countries outside your own, including outside the EEA/UK. Where we transfer personal data internationally, we rely on appropriate safeguards such as adequacy decisions, the EU/UK Standard Contractual Clauses, and complementary measures as needed.

8) Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including to satisfy legal, accounting, or reporting obligations, resolve disputes, and enforce agreements. When no longer needed, we will delete or irreversibly anonymize the data.

9) Security

We employ organizational, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration. No system is perfectly secure; you are responsible for maintaining the secrecy of account credentials and promptly notifying us of any suspected unauthorized activity.

10) Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access to a copy of your data and information about how it is processed.
• Rectification of inaccurate or incomplete data.
• Erasure (deletion) in certain circumstances.
• Restriction of processing in certain circumstances.
• Portability of certain data in a structured, commonly used format.
• Objection to processing based on legitimate interests, and to direct marketing at any time.
• Withdraw Consent for processing where consent was the basis.

To exercise rights, contact [email protected] . We may need to verify your identity. You also have the right to lodge a complaint with your local supervisory authority.

11) Marketing Preferences

You can opt out of marketing emails by clicking “unsubscribe” in our messages or contacting us. Even after opting out, you will continue to receive service and transactional communications.

12) Automated Decision-Making & Profiling

We may use limited profiling to personalize content, measure performance, and improve user experience. We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement. If such processes are introduced, we will provide clear notice and obtain consent where required.

13) Children’s Privacy

Our Services are not directed to children under the age required by applicable law (e.g., 13 or 16). We do not knowingly collect personal data from such children. If you believe a child provided personal data to us, please contact us and we will take appropriate steps to delete it.

14) Third-Party Links & Services

The Services may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy notices.

15) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy and adjusting the effective date, and, where required, we will seek your consent.

16) How to Contact Us

Questions or concerns? Contact our privacy team:

• Email: [email protected]
• Postal: Apollo – Next, 23-27 Maidenhead Street, Hertford, United Kingdom, SG14 1DW

17) Jurisdiction-Specific Notices

EU/EEA & UK

• Lawful Bases: See Section 4. Where we rely on legitimate interests, they include delivering and improving the Services, ensuring security, and communicating with you about relevant features.
• Supervisory Authority: You have the right to lodge a complaint with your national data protection authority. Contact details are available on official EU and UK government websites.

California (CCPA/CPRA)

• Categories collected: Identifiers, commercial information, internet/network activity, geolocation (coarse), inferences for personalization (where permitted).
• Sources: You, your devices, service providers, partners, and public sources.
• Business purposes: As described in Section 4.
• Sharing/Selling: We do not sell personal information. We may “share” limited identifiers for cross-context behavioral advertising only with your consent where required. You may opt out at any time.
• Your rights: Know, delete, correct, opt out of sale/share, limit use of sensitive data (if applicable), and non-discrimination for exercising rights. To exercise rights, email [email protected] .
• Opt-out link: Do Not Sell or Share My Personal Information (implement per your cookie/settings solution).

Virginia, Colorado, Connecticut, Utah, Texas (and similar U.S. laws)

You may have rights to access, correct, delete, and opt out of targeted advertising or profiling with legal/significant effects. Use the contact details above or the in-product settings to exercise these rights.