Privacy Policy

1. Who We Are

APEX Capitals Ltd ("APEX Capitals", "we", "us", "our") is registered in England and Wales. We operate the asset management platform at app.apexcapitals.co.uk and the marketing website at apexcapitals.co.uk.

For data protection purposes, APEX Capitals Ltd is the Data Controller. Our registered address is: 1 Canada Square, Canary Wharf, London E14 5AB.

Contact our Data Protection Officer at: privacy@apexcapitals.co.uk

2. What Data We Collect

Account data:** Name, email address, company name, job title when you register for an account.

Portfolio data:** Asset details, financial information, documents, and other data you upload or enter into the platform. This data belongs to you and is processed on your behalf.

Usage data:** How you use the platform, feature interactions, session data, and performance metrics. This is used to improve the product.

Communication data:** Messages you send us via email, contact forms, or support tickets.

Payment data:** Billing information processed via our PCI-DSS compliant payment processor (Stripe). We do not store full card details.

Technical data:** IP address, browser type, device information, and cookie data.

3. How We Use Your Data

We use your data to:

- Provide and maintain the APEX Capitals platform - Process your account registration and manage your subscription - Send service communications (account alerts, security notices, billing) - Provide customer support - Improve the platform through usage analytics - Send product updates and marketing communications (with your consent) - Comply with our legal obligations - Prevent fraud and ensure platform security

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Contract:** Processing your account data is necessary to provide the platform services you have contracted for.

Legitimate interests:** Usage analytics and security monitoring are in our legitimate interest to provide a reliable, secure service.

Consent:** Marketing communications are sent only with your explicit consent, which you can withdraw at any time.

Legal obligation:** We may process data where required by law (e.g., tax records, responding to court orders).

5. Data Storage & Security

All customer data is stored exclusively in United Kingdom data centres. We do not transfer data outside of the UK.

We implement appropriate technical and organisational security measures including:

- AES-256 encryption at rest - TLS 1.3 encryption in transit - Role-based access controls - Regular security audits - Intrusion detection systems - Automated vulnerability scanning

We are aligned with ISO 27001 information security standards.

6. Data Retention

We retain your account data for the duration of your subscription plus 30 days (to allow account recovery). After account deletion, your personal data is permanently deleted within 30 days.

Portfolio data (your assets, financials, documents) is deleted immediately upon your request.

Anonymised usage analytics may be retained for up to 36 months for platform improvement purposes.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access:** You can request a copy of the personal data we hold about you.

Right to rectification:** You can ask us to correct inaccurate data.

Right to erasure:** You can request deletion of your personal data ("right to be forgotten").

Right to portability:** You can request your data in a machine-readable format.

Right to restrict processing:** You can ask us to pause processing of your data.

Right to object:** You can object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact us at privacy@apexcapitals.co.uk. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies to operate the platform and improve your experience.

Essential cookies:** Required for the platform to function. Cannot be disabled.

Analytics cookies:** Help us understand how the platform is used. You can opt out.

Marketing cookies:** Used for relevant advertising. Only set with your consent.

You can manage cookie preferences through your browser settings or our cookie consent banner.

9. Third-Party Services

We use carefully selected third-party services to operate the platform. All third parties are contractually bound to handle your data in compliance with UK GDPR.

Key third parties include: Stripe (payment processing), Resend (transactional email), and cloud infrastructure providers operating UK data centres.

We do not sell your data to third parties. We do not use your data for advertising profiling.

10. Business Customers — Data Processing Agreement

If you are a business customer using APEX Capitals to manage data about your clients or employees, a Data Processing Agreement (DPA) is available upon request.

As Data Controller, you are responsible for ensuring you have a legal basis to share any third-party data with the APEX Capitals platform.

To request a DPA, email: dpa@apexcapitals.co.uk

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email and by posting a notice in the platform.

Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions or to exercise your rights:

Data Protection Officer APEX Capitals Ltd 1 Canada Square, Canary Wharf London E14 5AB

Email: privacy@apexcapitals.co.uk