Skip to main content
APEX Experts AI Solutions
Master_Protocol_Archive: AX-PRV-3.0.FULL
TIMESTAMP: 2024-04-24T17:40:00Z
Classification: INSTITUTIONAL_UNABRIDGED
AUTH: APEX_GLOBAL_COMPLIANCE_NODE

Privacy Policy

APEX Experts AI Solutions Effective Date: April 25, 2026 Last Updated: April 25, 2026 Version: 3.0 — Official Publication

This Privacy Policy explains how APEX Experts AI Solutions and its affiliated business units, products, and service teams, including APEX Experts, Asklyze, MyQuery, and Tasto, collect, use, store, protect, disclose, and delete personal data. It is written for website visitors, prospective customers, customers, users of our products, business partners, suppliers, job applicants, and any person whose personal data may be processed through our websites, platforms, applications, support channels, professional services, or AI-enabled solutions.

We have intentionally written this policy in clear language. Privacy should not feel like a hidden technical document. It should help you understand what data we handle, why we handle it, how we protect it, and what choices you have.

This policy applies to our websites and digital properties, including, where applicable, apexexperts.net, asklyze.ai, myquery.ai, tasto.cloud, related subdomains, product portals, customer support channels, demonstration environments, marketing pages, and any online service that links to this Privacy Policy. It also applies to personal data processed as part of our consulting, implementation, development, integration, automation, analytics, and support services.

This policy does not replace any written customer agreement, data processing agreement, statement of work, service order, enterprise contract, confidentiality agreement, or product-specific addendum. Where a customer agreement gives stronger privacy, security, retention, residency, confidentiality, or audit rights, that agreement will apply to the relevant customer data.

1. Our Privacy Commitment

APEX Experts AI Solutions designs and builds AI solutions, Oracle APEX applications, custom web platforms, mobile applications, analytics tools, automation systems, and enterprise software. Because our work often connects to business-critical systems, databases, workflows, and customer applications, privacy is not an optional feature for us. It is part of how we design, build, deploy, operate, and support technology.

Our privacy commitment is based on five practical principles.

First, we collect only what we need. We do not want unnecessary personal data. We design forms, workflows, integrations, APIs, and product features to request the minimum information needed for a legitimate business, contractual, product, security, or legal purpose.

Second, we explain what we do. We aim to describe our processing activities in a way that a business user, technical buyer, developer, or end user can understand. Where a product or service has special privacy behavior, we explain it in the product interface, contract, documentation, or support materials.

Third, we protect data by design. We use technical and organizational safeguards appropriate to the nature of the data, the customer environment, the deployment model, the sensitivity of the use case, and the risk involved. This may include encryption, access controls, audit logging, role-based permissions, network protections, secure development practices, vulnerability management, and separation between customer environments.

Fourth, we respect customer control. In many of our enterprise projects, the customer decides what data is processed, where the systems are hosted, who has access, and how long records are retained. In those cases, APEX acts as a service provider or data processor and follows the customer’s documented instructions.

Fifth, we do not use customer confidential data or customer production data to train general AI models unless the customer has clearly agreed to that in writing. We treat business data, database schemas, user prompts, reports, analytics outputs, source code, credentials, technical documentation, and implementation details as confidential information.

2. Who We Are

For purposes of this Privacy Policy, “APEX,” “we,” “our,” or “us” means APEX Experts AI Solutions and the relevant affiliated product or service team that provides the website, platform, product, professional service, support, or contractual engagement.

Our business includes several service and product areas:

  • AI Solutions and Process Automation: AI-assisted workflows, intelligent agents, business automation, data analysis, workflow orchestration, and custom AI integrations.
  • Oracle APEX Consulting and Development: Oracle APEX application development, modernization, performance tuning, plugin development, API integration, reporting, enterprise dashboards, and database-centric systems.
  • Custom Web Development: Websites, portals, SaaS platforms, customer dashboards, APIs, backend services, and modern web applications.
  • Mobile Application Development: iOS, Android, cross-platform applications, mobile APIs, push notification workflows, and secure mobile experiences.
  • Asklyze: An AI-powered Oracle APEX plugin and analytics experience designed to help users ask natural-language questions over approved Oracle APEX application data, subject to customer configuration and access controls.
  • MyQuery: A natural-language analytics product that helps users explore connected databases, warehouses, and business applications through reports, charts, and dashboards, subject to customer configuration, connector permissions, and product terms.
  • Tasto: A business management and ERP-oriented product for SaaS companies and growing teams, intended to support operational workflows such as CRM, subscriptions, finance, projects, HR, and internal management.

Depending on the situation, APEX may act as a data controller, a data processor, a service provider, a sub-processor, or a technology supplier. The role depends on who decides why and how the personal data is processed.

For example, when you visit our website and submit a contact form, APEX normally acts as a controller of that contact information. When we build or support an application for a customer and process personal data only according to that customer’s instructions, the customer is usually the controller and APEX is usually the processor. When we provide a SaaS product directly to a customer organization, our role may vary depending on the data category and the terms of the relevant agreement.

3. Scope of This Policy

This Privacy Policy covers personal data processed through:

  • Our public websites and landing pages.
  • Contact, demo, sales, newsletter, and support forms.
  • Customer onboarding and account administration.
  • Product accounts, workspaces, tenants, and user profiles.
  • AI prompts, analytics questions, support requests, and product interactions.
  • Professional services, consulting, implementation, support, and maintenance.
  • Security monitoring, audit logs, diagnostics, and operational telemetry.
  • Marketing, events, webinars, proposals, commercial discussions, and business communications.
  • Recruitment, contractor, supplier, and partner interactions.

This policy does not cover third-party websites, services, platforms, plugins, APIs, cloud providers, app stores, analytics tools, payment processors, or customer systems that we do not control. If a third-party service has its own privacy policy, that policy governs its own processing.

In some projects, APEX integrates with customer-owned systems such as Oracle databases, Oracle APEX applications, ERP systems, CRM systems, financial systems, data warehouses, communication tools, or cloud services. In those cases, the customer remains responsible for the privacy notices, permissions, lawful basis, user access rules, and data governance policies that apply to the customer’s own end users, employees, customers, and business records.

4. Types of Personal Data We Collect

The personal data we collect depends on how you interact with us. We do not collect every category from every person. In most cases, the information we handle is business contact information, account information, technical data, support content, and product usage data.

4.1 Information You Provide Directly

You may provide personal data when you contact us, request a demo, subscribe to updates, create an account, sign a contract, open a support ticket, join a call, submit a form, request documentation, apply for a role, or communicate with our team. This may include:

  • Name.
  • Business email address.
  • Phone number.
  • Company name.
  • Job title or role.
  • Country, city, or business location.
  • Message content.
  • Product interest.
  • Project requirements.
  • Budget or procurement information.
  • Meeting notes or call summaries.
  • Support tickets and attachments.
  • Billing and invoicing contact details.
  • Contract and signature information.
  • Feedback, survey responses, or testimonials.
  • Recruitment information, such as CVs, portfolios, employment history, and interview notes.

If you choose to include personal data in a free-text field, file upload, prompt, screenshot, support ticket, database sample, or project document, we may process that information to respond to your request or provide the service. We ask customers and users not to submit sensitive personal data unless it is necessary, lawful, and covered by an appropriate agreement.

4.2 Account and Product Information

When a customer or user creates an account or uses one of our products, we may process account and product information such as:

  • User ID or account ID.
  • Tenant, workspace, or organization ID.
  • Role, permissions, and access level.
  • Login activity and session status.
  • Authentication method.
  • Product configuration.
  • Feature usage.
  • Subscription plan.
  • License status.
  • API keys, tokens, or integration metadata, where applicable.
  • Audit logs related to account activity.
  • User preferences, settings, and notification choices.

We use this information to operate the product, authenticate users, enforce permissions, maintain security, provide support, bill customers, and improve the reliability and usability of our services.

4.3 Technical, Device, and Usage Data

When you use our websites, products, or applications, certain technical information may be collected automatically. This may include:

  • IP address.
  • Browser type and version.
  • Device type.
  • Operating system.
  • Referring website or campaign source.
  • Pages viewed.
  • Approximate location derived from IP address.
  • Date and time of access.
  • Clickstream and navigation data.
  • Error logs.
  • Performance metrics.
  • API request metadata.
  • Security event data.
  • Cookie identifiers or similar technologies.

We use technical data to keep our services secure, diagnose problems, measure performance, understand website usage, prevent abuse, detect suspicious activity, improve user experience, and support product development.

4.4 Customer Data Processed Through Services

In professional services and enterprise product deployments, customers may provide or connect data from their own environments. This may include database schemas, table names, metadata, business records, application logs, user roles, configuration details, reports, dashboards, query results, API responses, source code, documentation, or test data.

The exact data depends on the project and the customer’s instructions. We strongly encourage customers to provide non-production data or properly masked data whenever possible during design, testing, debugging, demonstration, and training activities.

Where APEX processes customer data as a processor, we process it only to provide the agreed service, follow the customer’s documented instructions, maintain security, comply with applicable law, and perform obligations under the relevant agreement.

4.5 AI Prompts, Questions, Outputs, and Context

Some of our services and products involve AI-assisted functionality. Depending on the product, deployment model, and customer configuration, we may process:

  • Natural-language prompts or questions.
  • Generated SQL, reports, summaries, charts, or dashboards.
  • Metadata used to help the AI understand available data structures.
  • User feedback on AI outputs.
  • Prompt history or conversation context.
  • Product telemetry related to AI accuracy, latency, errors, or safety checks.
  • Security logs related to prompt injection, unsafe requests, or attempted data exfiltration.

We design AI workflows to limit unnecessary exposure of customer data. Where possible, we use metadata, schema context, approved table lists, and scoped retrieval instead of transmitting broad datasets. Product-specific architecture may differ, so the relevant product documentation, customer agreement, deployment model, and configuration should always be reviewed.

Unless a customer has clearly agreed in writing, APEX does not use customer confidential data, customer production data, database contents, prompts, query outputs, source code, or business records to train general-purpose AI models.

5. How We Use Personal Data

We use personal data for legitimate business, contractual, product, security, and legal purposes. These purposes include the following.

5.1 To Provide and Operate Our Services

We use personal data to create accounts, authenticate users, deliver product features, manage subscriptions, configure workspaces, provide access to dashboards, process support tickets, deploy customer projects, maintain integrations, and deliver professional services.

For example, if a customer asks us to build an Oracle APEX application, we may process business contact details, project requirements, technical documentation, application configuration, database metadata, and support communications. If a customer uses an AI analytics feature, we may process the question, approved schema context, access permissions, and generated output needed to provide the answer.

5.2 To Communicate With You

We use contact information to respond to inquiries, schedule demos, send proposals, manage procurement, provide onboarding instructions, deliver support, send service updates, notify you of product changes, and communicate about your account or project.

We may also send marketing communications where permitted by law. You can opt out of marketing emails at any time by using the unsubscribe link or contacting us. Even if you opt out of marketing, we may still send non-marketing messages, such as security notices, account updates, support responses, billing communications, or contractual notices.

5.3 To Improve Products and Services

We may use usage data, support trends, product telemetry, error logs, feature adoption patterns, and customer feedback to improve reliability, performance, design, usability, documentation, security, and product quality. Where possible, we use aggregated or de-identified information for analytics and improvement.

We do not need to know more about users than necessary to improve the product. Our goal is to understand whether features work, where users face friction, what errors occur, and how we can make the experience more useful and secure.

5.4 To Protect Security and Prevent Abuse

We use personal data and technical data to detect, prevent, investigate, and respond to security incidents, unauthorized access, misuse, fraud, spam, abuse, malicious automation, credential attacks, prompt injection attempts, API abuse, and other harmful activity.

Security processing may include audit logs, access logs, IP addresses, user IDs, device information, timestamps, request metadata, error messages, and administrative actions. Security logs are used to protect our systems, customers, users, and business operations.

5.5 To Comply With Legal and Contractual Obligations

We may process personal data to comply with applicable laws, respond to lawful requests, maintain business records, process tax and accounting information, enforce agreements, manage disputes, protect legal rights, conduct audits, and meet regulatory obligations.

5.6 To Manage Our Business

We use personal data for internal business operations such as finance, procurement, vendor management, recruitment, workforce management, project planning, quality assurance, contract administration, and corporate governance.

6. Legal Bases for Processing

Depending on the applicable law and the context, we rely on one or more legal bases for processing personal data. These may include:

  • Contract: Processing necessary to provide products, services, support, subscriptions, consulting, implementation, or contractual communications.
  • Legitimate interests: Processing necessary for business operations, service improvement, security, fraud prevention, product analytics, customer relationship management, and internal administration, provided those interests are not overridden by your rights and freedoms.
  • Consent: Processing based on your permission, such as optional marketing communications, certain cookies, or specific product features where consent is required.
  • Legal obligation: Processing necessary to comply with applicable laws, tax rules, accounting requirements, court orders, regulatory requests, or legal obligations.
  • Vital, public, or other lawful grounds: Where applicable law recognizes additional legal bases in specific circumstances.

Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect processing that happened before the withdrawal, and it may not affect processing that is necessary for legal, contractual, security, or legitimate business reasons.

Where we act as a processor for a customer, the customer is normally responsible for identifying the legal basis for processing personal data in its own systems. We follow the customer’s documented instructions and the terms of the relevant data processing agreement.

7. Product-Specific Privacy Notes

Because APEX operates different services and products, privacy behavior can vary by product, deployment model, customer configuration, and contract terms. The following sections explain our general approach.

7.1 Asklyze

Asklyze is designed for Oracle APEX environments and database-centric applications. Its purpose is to help authorized users ask natural-language questions and generate insights, charts, dashboards, or reports from approved application data.

Our privacy approach for Asklyze is based on controlled scope and customer governance. Customers should configure which schemas, tables, views, columns, and data domains are available to Asklyze. Customers should also manage user access, application authorization, database privileges, and business rules that define what each user is allowed to see.

Depending on the deployment and configuration, Asklyze may process prompts, metadata, approved schema context, generated SQL, query logs, chart definitions, dashboard configurations, and user feedback. Asklyze should not be configured to expose sensitive data to users who are not authorized to access it.

Where Asklyze is deployed in a zero-data-movement or customer-controlled architecture, customer data remains within the customer’s environment except for the minimum context required to operate the agreed AI workflow, if any. The exact technical behavior is governed by the applicable product documentation, deployment guide, and customer agreement.

Asklyze is not intended to bypass Oracle database permissions, Oracle APEX authorization schemes, row-level security, application security, customer governance rules, or internal approval workflows. Customers are responsible for configuring safe access boundaries and validating that generated outputs are appropriate for their users and use cases.

7.2 MyQuery

MyQuery helps users explore data sources through natural-language analytics, reports, charts, dashboards, and business questions. Depending on customer configuration, MyQuery may connect to databases, warehouses, business applications, or other data sources.

MyQuery may process connection metadata, schema metadata, table and column descriptions, user questions, query plans, generated SQL or API calls, result summaries, chart definitions, dashboard state, and usage telemetry. We aim to minimize unnecessary movement of raw data and to use scoped, permission-based access patterns.

Customers are responsible for ensuring that connected data sources are lawful to use, that users have appropriate access rights, and that sensitive data is handled according to internal policies and applicable law. Customers should avoid connecting unnecessary datasets and should apply least-privilege permissions to connectors and service accounts.

Unless otherwise agreed in writing, customer data processed through MyQuery is not used to train general AI models. Product improvement may rely on aggregated, de-identified, or diagnostic information where permitted by law and contract.

7.3 Tasto

Tasto is intended to support business operations such as CRM, subscription management, expenses, accounting workflows, projects, HR-related administration, and internal company processes. Because ERP-style systems may contain operational, financial, employee, customer, supplier, and business records, privacy and access control are especially important.

Tasto may process account information, user roles, customer records, supplier records, transaction records, subscription information, project data, employee-related administrative information, audit logs, and support data. Customers should configure user roles carefully and limit access based on business need.

Where Tasto processes employee-related or HR-related data, customers are responsible for providing appropriate employee notices, obtaining any required consents, applying lawful bases, and setting retention policies that match local employment and tax requirements.

7.4 Professional Services and Custom Development

In consulting, implementation, and custom development projects, we may access customer environments, code repositories, databases, staging systems, test environments, documentation, screenshots, logs, and user stories. We treat this information as confidential and process it only for the relevant project.

We recommend that customers provide masked, anonymized, synthetic, or non-production data whenever possible. If production access is necessary, the access should be limited, logged, time-bound, and approved by authorized customer personnel.

8. AI, Automation, and Responsible Data Use

AI systems can be powerful, but they must be used carefully. APEX follows a privacy-aware approach when designing AI and automation features.

We aim to limit the data sent to AI systems to what is necessary for the task. We use techniques such as scoped context, metadata selection, retrieval boundaries, prompt filtering, system instructions, access checks, audit logs, and output validation where appropriate. We also consider risks such as prompt injection, unauthorized data exposure, hallucinated outputs, overbroad queries, sensitive data leakage, and misuse of generated content.

AI outputs may be incorrect, incomplete, or require human review. Customers and users should not treat AI-generated outputs as legal, financial, medical, accounting, compliance, or professional advice unless reviewed by qualified personnel. Where AI is used for analytics, automation, or decision support, the customer remains responsible for validating outputs before using them for important business decisions.

We do not intentionally use customer confidential data to train general AI models unless the customer has explicitly agreed in writing. Where third-party AI providers are used, the applicable customer agreement, product documentation, and provider terms may describe additional safeguards, restrictions, or data handling details.

9. Cookies and Similar Technologies

Our websites and products may use cookies, pixels, local storage, software development kits, analytics tools, and similar technologies. These technologies help us operate websites, remember preferences, measure performance, understand traffic, improve content, measure campaign performance, detect abuse, and secure user sessions.

Cookies may be categorized as:

  • Strictly necessary cookies: Required for website operation, account login, security, session management, and basic functionality.
  • Performance and analytics cookies: Help us understand how visitors use our websites and products, which pages are useful, and where errors occur.
  • Preference cookies: Remember settings such as language, region, or interface choices.
  • Marketing cookies: Help us measure campaigns or provide relevant content where allowed.

Where required by applicable law, we will ask for consent before using non-essential cookies. You can control cookies through your browser settings and, where available, our cookie banner or preference center. Blocking certain cookies may affect website or product functionality.

10. How We Share Personal Data

We do not sell personal data in the ordinary sense of the word. We may share personal data only when there is a legitimate reason, appropriate protection, and a lawful basis to do so.

We may share personal data with:

  • Cloud hosting providers: To host websites, applications, databases, files, logs, backups, and product infrastructure.
  • Security providers: To monitor threats, protect accounts, detect abuse, and respond to incidents.
  • Communication providers: To send emails, manage support tickets, schedule meetings, and provide customer communications.
  • Analytics providers: To understand website and product usage, where permitted.
  • Payment, billing, and accounting providers: To process invoices, subscriptions, payments, tax records, and financial administration.
  • Professional advisors: Such as lawyers, accountants, auditors, insurers, and compliance advisors.
  • AI, automation, and infrastructure providers: Where needed to provide AI-enabled features, subject to customer configuration, contract terms, and applicable safeguards.
  • Business partners or subcontractors: Where they help us deliver a project or service under appropriate confidentiality and data protection obligations.
  • Authorities or legal parties: Where required by law, court order, regulation, legal process, or to protect rights, safety, and security.
  • Corporate transaction parties: If we are involved in a merger, acquisition, financing, restructuring, sale of assets, or similar business transaction, subject to appropriate protections.

Where we engage service providers or sub-processors to process personal data on our behalf, we require them to process data only for authorized purposes and to apply appropriate confidentiality, security, and data protection measures.

11. International Data Transfers

APEX may operate across more than one country and may use cloud, support, development, security, or operational providers located in different jurisdictions. As a result, personal data may be transferred to, stored in, or accessed from countries other than the country where you are located.

Where international transfers occur, we use appropriate safeguards required by applicable law. These safeguards may include contractual commitments, data processing agreements, standard contractual clauses, transfer impact assessments, customer-approved hosting regions, encryption, access controls, and other technical or organizational measures.

For customer-controlled deployments, the customer agreement may specify data residency, hosting region, access restrictions, or cross-border transfer rules. Customers with strict residency requirements should confirm the agreed deployment architecture before production use.

12. Data Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction. The measures we apply depend on the service, deployment model, sensitivity of the data, customer requirements, and risk profile.

Security measures may include:

  • Encryption in transit using modern transport security protocols.
  • Encryption at rest where supported by the hosting environment and product architecture.
  • Strong authentication and access controls.
  • Role-based permissions and least-privilege access.
  • Administrative access restrictions.
  • Audit logs and security event monitoring.
  • Network security controls.
  • Secure software development practices.
  • Code review and change management.
  • Vulnerability management and patching.
  • Secret management practices.
  • Backup and recovery controls.
  • Separation between customer environments where applicable.
  • Security reviews for sensitive integrations.
  • Incident response procedures.
  • Confidentiality obligations for personnel and contractors.

Some customer projects may use specific technologies such as AES-256-GCM encryption, TLS, database encryption, Oracle security features, row-level security, transparent data encryption, web application firewalls, multi-factor authentication, or other controls. We only state that a specific technology applies where it is actually implemented in the relevant environment, product, or contract.

No system is completely secure. Security is a shared responsibility between APEX, customers, users, hosting providers, identity providers, and integration partners. Customers should protect their credentials, configure access permissions carefully, review user roles, rotate secrets when needed, monitor administrative activity, and notify us promptly of suspected unauthorized access.

13. Access Control and Customer Responsibilities

Many privacy incidents happen not because a system lacks features, but because access is configured too broadly. Customers are responsible for assigning appropriate user roles, database privileges, application permissions, connector permissions, and administrative access.

Customers should apply the principle of least privilege. Users should only have access to the data and functions they need for their role. Administrative accounts should be limited, protected with strong authentication, and reviewed regularly. Shared accounts should be avoided where possible. Credentials should not be placed in tickets, screenshots, chat messages, emails, or prompts unless a secure approved channel is used.

For AI analytics products, customers should carefully choose which tables, schemas, columns, reports, and business domains are available to the AI workflow. If sensitive fields are not needed, they should be excluded, masked, tokenized, or restricted through application and database controls.

14. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law, contract, accounting rules, dispute handling, security requirements, backup practices, or legitimate business needs.

Retention periods vary by data category. For example:

  • Website contact inquiries may be retained for sales, support, and relationship management purposes.
  • Account records may be retained while the account is active and for a reasonable period afterward.
  • Billing, tax, and accounting records may be retained for legally required periods.
  • Support tickets may be retained to provide continuity, troubleshoot issues, and maintain service history.
  • Security logs may be retained for monitoring, investigation, compliance, and abuse prevention.
  • Project documents may be retained according to the relevant agreement or statement of work.
  • Backups may persist for a limited period after deletion from active systems.
  • Recruitment records may be retained for hiring administration and future opportunities where permitted.

Where a customer agreement specifies retention or deletion rules for customer data, we follow that agreement. Upon termination of a service, we may delete or return customer data according to the applicable contract, product capability, legal requirements, and technical limitations.

Deletion from active systems does not always immediately remove data from encrypted backups, disaster recovery archives, audit logs, or legally retained records. Backup copies are protected and are deleted or overwritten according to normal backup cycles unless earlier deletion is technically feasible and required by contract or law.

15. Data Deletion and Return

Customers may request deletion or return of customer data according to the applicable agreement and product functionality. Where required, we will support reasonable export, deletion, or transition activities.

For enterprise projects, deletion may involve multiple layers: application data, database records, files, logs, backups, integration tokens, support attachments, project documents, and access credentials. We recommend that deletion obligations be clearly documented in the contract or statement of work, especially for regulated or sensitive environments.

Where we provide a certificate or confirmation of deletion, the wording will reflect the systems and data categories actually covered. We will not claim that data has been destroyed from systems outside our control or from backups that are retained under lawful, contractual, or technical constraints unless that destruction has actually occurred.

16. Your Privacy Rights

Depending on where you are located and which law applies, you may have rights regarding your personal data. These rights may include:

  • The right to know whether we process your personal data.
  • The right to access personal data we hold about you.
  • The right to receive information about processing purposes, categories, recipients, retention, and safeguards.
  • The right to correct inaccurate or incomplete personal data.
  • The right to request deletion of personal data.
  • The right to restrict or limit processing.
  • The right to object to certain processing.
  • The right to withdraw consent where processing is based on consent.
  • The right to data portability where applicable.
  • The right to object to direct marketing.
  • The right not to be subject to certain automated decisions where applicable.
  • The right to complain to a data protection authority or regulator.

These rights are not absolute. They may be subject to legal limits, identity verification, contractual obligations, security requirements, protection of third-party rights, legal claims, accounting requirements, or other lawful exceptions.

To exercise your rights, contact us using the details at the end of this policy. We may need to verify your identity before responding. If your request relates to data controlled by one of our customers, we may direct you to that customer or assist the customer in responding, depending on our role and the applicable agreement.

17. Requests Relating to Customer-Controlled Data

In many cases, APEX processes personal data on behalf of a customer. For example, if you are an employee, contractor, customer, supplier, student, patient, user, or business contact of one of our customers, and your data appears in an application we built, supported, hosted, or integrated, that customer is usually responsible for your privacy request.

In such cases, you should contact the customer directly. If you contact APEX, we may forward your request to the customer or provide reasonable assistance, but we may not be able to fulfill the request ourselves without the customer’s instructions.

We do not decide the customer’s lawful basis, user permissions, retention periods, internal access rules, or business purpose for customer-controlled data unless we have a separate role under the relevant agreement.

18. Marketing Communications

We may use business contact information to send marketing messages about our services, products, events, articles, case studies, offers, or updates. We will do this where permitted by law and, where required, with your consent.

You can unsubscribe from marketing emails at any time. After you unsubscribe, we may retain your email address on a suppression list to ensure that we respect your choice. Unsubscribing from marketing does not stop service-related communications.

We do not want our marketing to feel intrusive. Our goal is to communicate with people who have a genuine business interest in AI solutions, Oracle APEX, web development, mobile development, analytics, automation, SaaS platforms, or enterprise software.

19. Children’s Privacy

Our websites, products, and services are intended for business users and organizations. They are not directed to children. We do not knowingly collect personal data from children through our public websites or business services.

If you believe a child has provided personal data to us without appropriate consent, contact us and we will take reasonable steps to delete the information where required by law.

20. Sensitive Personal Data

We do not intentionally request sensitive personal data through our public websites, contact forms, sales forms, or general support channels. Sensitive data may include information relating to health, biometric identifiers, precise location, financial account details, government identifiers, race or ethnicity, religion, political opinions, criminal records, union membership, or other categories protected by law.

In some customer projects, sensitive data may exist in the customer’s systems. In those cases, the customer is responsible for determining whether processing is lawful and for implementing appropriate safeguards. APEX will process such data only according to the applicable agreement, documented instructions, and required safeguards.

Users should avoid placing sensitive personal data in prompts, support tickets, screenshots, logs, attachments, or sample datasets unless it is necessary, lawful, and approved through the correct secure channel.

21. Payment and Billing Data

Where we charge for products or services, we may process billing contact details, invoice information, purchase orders, tax details, subscription records, payment status, and related commercial information. Payments may be processed by third-party payment providers or banking partners. We do not intentionally store full payment card details unless a payment provider or lawful accounting system requires it and appropriate safeguards are in place.

Billing records may be retained for accounting, audit, tax, legal, and dispute purposes.

22. Recruitment and Contractor Data

If you apply for a job, contractor role, partnership, or freelance opportunity with APEX, we may process recruitment information such as your name, email, phone number, CV, portfolio, qualifications, experience, interview feedback, references, expected compensation, location, and work authorization information.

We use recruitment data to evaluate applications, conduct interviews, communicate with candidates, negotiate terms, prepare contracts, manage onboarding, and comply with legal obligations. We may retain candidate information for future opportunities where permitted by law or with your consent where required.

23. Support Tickets, Screenshots, and Logs

Support communications often contain technical details. When you submit a support request, you should remove unnecessary personal data, secrets, access tokens, credentials, private keys, financial data, health data, or confidential third-party information unless our support team specifically requests it through an approved secure channel.

We may use support tickets and logs to diagnose issues, reproduce bugs, improve documentation, train support personnel, identify product improvements, and maintain service quality. Access to support information is limited to personnel and service providers who need it for support, security, engineering, or operational purposes.

24. API Keys, Credentials, and Secrets

Customers and users should never send production passwords, private keys, API secrets, database credentials, or tokens through ordinary email, chat, public forms, or unapproved channels. Where credentials are needed for a project, they should be exchanged through secure methods agreed with the customer.

If we become aware that a credential has been exposed to us through an insecure channel, we may ask the customer to rotate or revoke it. Customers are responsible for managing credentials in their own systems and for revoking access when personnel, contractors, or integrations no longer require it.

25. Data Governance in Enterprise Projects

For enterprise and regulated projects, privacy should be addressed before development begins. We may recommend or support activities such as:

  • Data mapping.
  • Access control design.
  • Role and permission review.
  • Data minimization review.
  • Logging and audit design.
  • Retention planning.
  • Backup and recovery planning.
  • Integration risk review.
  • Security architecture review.
  • Privacy impact assessment support.
  • Documentation of processing activities.
  • Review of AI prompt and output handling.
  • Review of cross-border transfer requirements.

The exact governance activities depend on the customer’s industry, risk profile, deployment model, legal requirements, and internal policies.

26. Automated Decision-Making

Our products may include AI-assisted recommendations, analytics, summaries, dashboards, classifications, workflow suggestions, or automation features. These features are designed to support users, not to replace human judgment in high-impact decisions unless a customer has separately designed, validated, and governed such a workflow.

APEX does not intend its general business websites or standard product features to make legally significant decisions about individuals without human involvement. Customers should not use AI outputs to make decisions about employment, credit, healthcare, legal rights, eligibility, financial status, or similarly significant matters unless they have established a lawful basis, appropriate safeguards, human review, explainability, validation, and compliance controls.

27. Data Accuracy

We rely on customers, users, and business contacts to provide accurate information and to keep it updated. If you believe information we hold about you is inaccurate, contact us and we will take reasonable steps to correct it where appropriate.

For customer-controlled systems, the customer is usually responsible for correcting the underlying records. APEX may assist where required by contract.

28. Third-Party Integrations

Our products and projects may connect with third-party platforms, tools, databases, applications, cloud services, artificial intelligence providers, payment processors, identity providers, communication tools, analytics platforms, source code repositories, project management systems, and customer-owned APIs. These integrations are often necessary to deliver the functionality requested by customers, such as authentication, reporting, workflow automation, business intelligence, payment processing, email delivery, data synchronization, AI-assisted analysis, mobile notifications, or enterprise system integration.

When a customer enables, requests, or approves a third-party integration, data may be exchanged between APEX systems, the customer’s systems, and the relevant third-party provider. The exact data exchanged depends on the integration, the customer’s configuration, the permissions granted, and the purpose of the service.

For example, an integration may involve exchanging account identifiers, user roles, API tokens, metadata, database schema information, event logs, files, customer records, transaction data, support data, or other business information. In AI-enabled workflows, an integration may involve sending a user prompt, limited context, metadata, or output instructions to a third-party AI service, subject to the applicable product architecture and customer agreement.

Customers are responsible for confirming that any third-party integration they enable is authorized, lawful, properly configured, and appropriate for their internal policies. Customers should review the privacy policies, security documents, data processing terms, and contractual commitments of any third-party provider before enabling an integration.

APEX does not control the privacy or security practices of third-party services that are not operated by APEX. Once data is transmitted to a third-party provider under the customer’s instruction or through a customer-enabled integration, that provider may process the data under its own terms, privacy policy, data processing agreement, and security practices.

We encourage customers to apply least-privilege principles when configuring integrations. Service accounts, API keys, OAuth scopes, database users, and connector permissions should be limited to the minimum access required. Customers should avoid granting broad administrative access unless it is truly necessary for the service.

Customers should also periodically review active integrations, revoke unused tokens, rotate credentials, remove obsolete connectors, and verify that access rights still match the business purpose. If an integration is no longer needed, it should be disabled or removed.

Where APEX selects a third-party provider on behalf of a customer, we aim to choose providers that offer appropriate technical, organizational, contractual, and security safeguards. Where the customer selects or requires a specific provider, the customer is responsible for assessing that provider’s suitability unless otherwise agreed in writing.

29. Sub-Processors and Service Providers

To operate our business, deliver products, provide support, host infrastructure, send communications, secure systems, process payments, analyze product performance, and support customer projects, we may use trusted service providers and sub-processors.

These providers may process personal data only for authorized purposes and only according to our instructions, the applicable customer agreement, or their direct relationship with the customer. We require appropriate confidentiality, security, and data protection obligations from providers that process personal data on our behalf.

Service providers may include categories such as:

  • Cloud hosting and infrastructure providers.
  • Database, storage, backup, and monitoring providers.
  • Security, logging, authentication, and vulnerability management providers.
  • Email, messaging, communication, and support ticketing providers.
  • Payment, billing, accounting, and tax administration providers.
  • Analytics and product performance providers.
  • AI infrastructure, model, or automation providers, where applicable.
  • Development, quality assurance, and project delivery partners.
  • Legal, accounting, audit, insurance, and professional advisory firms.

Where we act as a processor for a customer, the use of sub-processors may be governed by the applicable data processing agreement. That agreement may include notification rights, objection rights, security commitments, transfer mechanisms, audit information, or other requirements.

We do not authorize our service providers to use customer data for their own unrelated purposes. However, some providers may process limited account, billing, telemetry, security, or diagnostic information as independent controllers where permitted by their own terms and applicable law.

Customers with strict sub-processor requirements should request the relevant contractual documentation before production use or before approving a project that involves personal data.

30. International Data Transfers

APEX may operate, support, develop, or host services across different countries. Our team, customers, hosting providers, support providers, infrastructure providers, and technology vendors may be located in more than one jurisdiction. As a result, personal data may be transferred to, stored in, or accessed from countries other than the country in which the data was originally collected.

Where international transfers occur, we use appropriate safeguards required by applicable law and contract. These safeguards may include data processing agreements, standard contractual clauses, transfer impact assessments, customer-approved hosting regions, encryption, access controls, confidentiality obligations, and technical restrictions on access.

For customer-controlled deployments, the customer agreement may define the hosting region, support access rules, backup location, data residency obligations, and cross-border transfer restrictions. Customers with strict residency or sovereignty requirements should confirm the deployment architecture, cloud region, support process, and sub-processor list before production use.

When APEX provides professional services for systems hosted in the customer’s own environment, the customer may control where the data is stored and who can access it. In those cases, APEX personnel may access the environment only as authorized by the customer and subject to the agreed security controls.

If a customer requires that certain data remain within a specific country or region, this requirement must be clearly documented in the contract, statement of work, data processing agreement, or deployment specification. Without a written residency requirement, we may use infrastructure and providers that support the practical delivery of the service while applying reasonable safeguards.

31. Data Security Measures

We use technical and organizational measures designed to protect personal data and customer data against unauthorized access, loss, misuse, alteration, disclosure, or destruction. The specific controls depend on the service, deployment model, customer requirements, sensitivity of the data, hosting environment, and risk profile.

Our security approach may include:

  • Encryption in transit using modern transport security protocols.
  • Encryption at rest where supported by the architecture and hosting environment.
  • Role-based access control and least-privilege permissions.
  • Strong authentication for administrative access.
  • Multi-factor authentication where appropriate.
  • Audit logging and activity monitoring.
  • Network security controls.
  • Secure software development practices.
  • Code review and controlled deployment processes.
  • Vulnerability management and patching.
  • Segregation of duties where practical.
  • Secure secret management.
  • Backup and recovery controls.
  • Incident response procedures.
  • Personnel confidentiality obligations.
  • Access reviews for sensitive systems.
  • Security reviews for high-risk integrations.

Some customer projects may use specific technologies such as AES-256-GCM encryption, TLS, Oracle Transparent Data Encryption, database row-level security, web application firewalls, API gateway controls, security headers, identity provider integration, or private networking. We only represent that a specific security measure applies where it is actually implemented in the relevant product, environment, or customer agreement.

Security is a shared responsibility. APEX is responsible for the systems, code, infrastructure, and processes under its control. Customers are responsible for their own users, credentials, permissions, identity providers, connected systems, configuration choices, data classification, internal policies, and compliance obligations.

No website, application, database, network, cloud environment, AI workflow, or integration can be guaranteed to be completely secure. However, we work to apply reasonable safeguards and to continuously improve our security practices as our products, services, and customer requirements evolve.

32. Customer Security Responsibilities

Customers play a critical role in protecting personal data and business data. In many projects, APEX provides the software, implementation, integration, or support, while the customer controls the users, permissions, connected systems, business rules, data classification, and operational environment.

Customers should:

  • Assign access only to users who need it.
  • Review administrator accounts regularly.
  • Use strong passwords and multi-factor authentication where available.
  • Avoid shared accounts where possible.
  • Rotate credentials and API keys periodically.
  • Remove access when employees, contractors, or vendors leave.
  • Restrict service accounts to the minimum permissions needed.
  • Avoid placing secrets in emails, tickets, screenshots, prompts, or chat messages.
  • Review connected integrations and revoke unused tokens.
  • Configure database permissions carefully.
  • Validate AI-generated outputs before business use.
  • Review logs and administrative activity where available.
  • Maintain internal privacy notices and lawful basis documentation.
  • Train users on safe handling of sensitive information.

For AI analytics and database-connected tools, customers should carefully define which schemas, tables, views, columns, reports, dashboards, or APIs are available to each user or workflow. Sensitive fields should be excluded, masked, restricted, or governed through database and application controls whenever possible.

APEX is not responsible for unauthorized access caused by customer misconfiguration, weak credentials, compromised customer accounts, excessive permissions, unsafe sharing of secrets, insecure customer networks, or third-party systems outside our control, except to the extent required by applicable law or contract.

33. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, contract, accounting rules, security needs, dispute resolution, backup practices, or legitimate business requirements.

Retention periods vary depending on the type of data and the context. Examples include:

  • Contact form submissions may be retained for sales, support, and relationship management.
  • Account information may be retained while the account remains active and for a reasonable period after termination.
  • Billing and tax records may be retained for legally required accounting periods.
  • Support tickets may be retained to provide continuity, troubleshoot recurring issues, and maintain service history.
  • Security logs may be retained for monitoring, investigation, compliance, and abuse prevention.
  • Product usage data may be retained to operate, secure, and improve the service.
  • Project documents may be retained according to the contract or statement of work.
  • Recruitment data may be retained for hiring administration and future opportunities where permitted.
  • Backups may remain for a limited time according to backup cycles and disaster recovery policies.

Where we process customer data under a customer agreement, that agreement may define specific retention, deletion, return, or export obligations. If the agreement contains a retention rule that differs from this public policy, the agreement will govern the relevant customer data.

Deletion from active systems may not immediately delete data from backup systems, disaster recovery storage, audit logs, or legally retained records. Backup copies are protected and are deleted or overwritten according to standard backup schedules unless earlier deletion is technically feasible and legally required.

34. Data Return, Export, and Deletion

Customers may request return, export, deletion, or transition assistance for customer data according to the applicable agreement and product capabilities. The available options may depend on the product, deployment model, data type, account status, technical architecture, and contractual terms.

For SaaS products, export functionality may be provided through the product interface, API, support process, or agreed migration procedure. For professional services projects, customer deliverables, source code, documentation, database scripts, configuration files, and deployment assets may be returned according to the statement of work.

Deletion may involve several layers, including:

  • Application records.
  • Database records.
  • File storage.
  • Object storage.
  • Logs and audit trails.
  • Support attachments.
  • Project repositories.
  • Backups.
  • Integration tokens.
  • API keys.
  • User accounts.
  • Workspace or tenant configuration.

If a customer requires a formal deletion certificate, the scope must be clearly defined. Any confirmation of deletion will apply only to the systems, data categories, and environments actually controlled by APEX and covered by the agreed deletion process. We will not claim deletion from customer systems, third-party systems, user devices, email inboxes, external backups, or environments outside our control unless that deletion has actually occurred and can reasonably be confirmed.

We may retain certain information after deletion if required for legal, tax, accounting, security, fraud prevention, dispute resolution, compliance, or legitimate business purposes.

35. Your Privacy Rights

Depending on your location and the laws that apply, you may have rights regarding your personal data. These rights may include:

  • The right to access personal data we hold about you.
  • The right to request correction of inaccurate or incomplete data.
  • The right to request deletion of personal data.
  • The right to restrict or limit processing.
  • The right to object to certain processing.
  • The right to withdraw consent where processing is based on consent.
  • The right to data portability where applicable.
  • The right to object to direct marketing.
  • The right to receive information about how we process your data.
  • The right to complain to a data protection authority or regulator.
  • Rights relating to certain automated decisions, where applicable.

These rights are not absolute. They may be subject to identity verification, legal exceptions, contractual obligations, protection of third-party rights, security requirements, legal claims, accounting obligations, or technical limitations.

To exercise your rights, contact us using the details in the “Contact Us” section of this policy. We may ask you to provide information needed to verify your identity and locate the relevant data. If we cannot verify your identity, we may be unable to fulfill the request.

If your request relates to data controlled by one of our customers, we may direct you to that customer. Where APEX acts as a processor, we generally cannot delete, correct, export, or restrict customer-controlled data without the customer’s instruction.

36. Requests Involving Customer-Controlled Data

Many systems built, integrated, supported, or operated by APEX are controlled by our customers. This means the customer determines why the data is processed, who can access it, how long it is retained, what business purpose it serves, and what legal basis applies.

If you are an employee, contractor, supplier, customer, patient, student, citizen, member, or end user of one of our customers, and your personal data appears in a system that APEX built, supports, hosts, integrates, or maintains, the customer is usually the appropriate organization to contact regarding privacy rights.

When we receive a request relating to customer-controlled data, we may:

  • Refer you to the relevant customer.
  • Notify the customer of the request.
  • Assist the customer in responding where required by contract.
  • Follow the customer’s documented instructions.
  • Decline to act directly if we are not authorized to do so.

We do not independently decide whether customer-controlled data should be deleted, corrected, disclosed, restricted, or exported unless we have a separate legal role or contractual authority to make that decision.

37. Marketing Communications

We may use business contact information to send marketing communications about APEX services, products, events, articles, updates, case studies, webinars, offers, or industry insights. We do this where permitted by law and, where required, with consent.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or contacting us directly. After you unsubscribe, we may retain limited information on a suppression list to ensure that we respect your preference.

Unsubscribing from marketing emails does not stop service-related messages. We may still send important communications about your account, security, billing, support, product changes, contract matters, or service availability.

We aim to make our marketing relevant and respectful. We do not want to send unnecessary communications to people who have no interest in our products or services.

38. Cookies, Analytics, and Tracking Preferences

Our websites and digital services may use cookies, pixels, tags, local storage, software development kits, analytics tools, and similar technologies. These technologies help us operate the website, remember preferences, understand traffic, improve content, measure campaign performance, detect abuse, and secure user sessions.

Cookies may include:

  • Necessary cookies required for website operation and security.
  • Preference cookies that remember choices such as language or region.
  • Analytics cookies that help us understand website usage and performance.
  • Marketing cookies that help us measure campaigns or provide relevant content where allowed.

Where required by law, we will ask for consent before using non-essential cookies. You can control cookies through your browser settings and, where available, through our cookie banner or preference center.

If you disable cookies, some website or product features may not work correctly. Necessary cookies may still be used because they are required to provide core functionality, maintain security, or remember privacy choices.

39. Children’s Privacy

Our websites, products, and services are designed for businesses, professionals, developers, organizations, and enterprise users. They are not directed to children, and we do not knowingly collect personal data from children through our public websites or business services.

If you believe that a child has provided personal data to us without appropriate authorization, please contact us. If we confirm that we have collected such data in a manner not permitted by law, we will take reasonable steps to delete it.

Customers that use APEX-built or APEX-supported systems in contexts involving children, students, minors, or education-related records are responsible for ensuring that the system complies with applicable child privacy, education privacy, consent, notice, access control, and retention requirements.

40. Sensitive Personal Data

We do not intentionally request sensitive personal data through our public websites, contact forms, demo forms, marketing forms, or general support channels. Sensitive personal data may include information relating to health, biometrics, precise location, financial account details, government identifiers, racial or ethnic origin, religion, political opinions, union membership, criminal records, sexual life, or other protected categories under applicable law.

In some customer projects, sensitive data may exist in customer systems. For example, a customer’s application may contain employee records, medical information, financial data, government identifiers, payroll information, customer transactions, or regulated business records. In those cases, the customer is responsible for determining whether processing is lawful and for implementing appropriate safeguards.

Users should not place sensitive personal data in prompts, support tickets, screenshots, log files, test data, sample spreadsheets, chat messages, or project documents unless it is necessary, lawful, approved by the customer, and transmitted through an appropriate secure channel.

If sensitive data is accidentally provided to us, we may delete it, restrict access to it, request a replacement file, ask the customer to mask the data, or handle it according to the applicable agreement and legal requirements.

41. AI Outputs, Human Review, and Business Decisions

AI-assisted tools can help users generate reports, summaries, charts, SQL, dashboards, recommendations, classifications, workflow actions, or explanations. However, AI outputs may be incomplete, inaccurate, outdated, biased, or unsuitable for a particular business context.

Users and customers are responsible for reviewing AI-generated outputs before relying on them for important decisions. This is especially important for decisions involving finance, legal rights, employment, healthcare, compliance, taxation, credit, eligibility, safety, or other high-impact matters.

APEX products and services are intended to support human decision-making, not to replace professional judgment. Unless separately agreed, validated, and governed in writing, our AI-assisted features should not be used as the sole basis for legally significant or similarly important decisions about individuals.

Customers should establish appropriate review processes, access controls, validation rules, output testing, user training, and governance procedures before deploying AI features in production.

42. Automated Decision-Making

APEX does not intend its general websites or standard product features to make legally significant automated decisions about individuals without human involvement. Some products may include automation features, workflow suggestions, analytics classifications, or AI-generated recommendations, but these are generally designed to assist users.

If a customer designs or configures an APEX-supported system to make automated decisions, the customer is responsible for ensuring that the system complies with applicable law. This may include providing notices, obtaining consent where required, allowing human review, validating accuracy, preventing unfair bias, documenting the logic involved, and giving individuals the rights required by law.

APEX may assist customers with implementation, but the customer remains responsible for the business purpose, legal basis, governance model, and operational use of the automated decision workflow unless otherwise agreed in writing.

43. Payment and Billing Information

When customers purchase products or services, we may process billing contact details, invoice information, tax details, purchase orders, payment status, subscription information, contract records, and related commercial information.

Payments may be processed through banks, payment gateways, accounting systems, or other financial service providers. These providers may process payment information under their own terms and legal obligations.

We do not intentionally collect or store full payment card details on our own systems unless specifically required and protected through appropriate controls. Billing and accounting records may be retained for tax, audit, legal, financial reporting, and dispute purposes.

44. Recruitment, Contractors, and Business Partners

If you apply for a role, contractor position, partnership, freelance opportunity, or supplier relationship with APEX, we may process information such as your name, contact details, CV, portfolio, work history, qualifications, references, interview notes, compensation expectations, availability, location, and communications with us.

We use this information to evaluate applications, conduct interviews, communicate with candidates, negotiate terms, prepare contracts, manage onboarding, and comply with legal obligations. We may retain candidate or partner information for future opportunities where permitted by law or where you have agreed.

If you provide references or third-party information, you should ensure that you are authorized to share that information.

45. Business Transfers and Corporate Changes

If APEX is involved in a merger, acquisition, investment, financing, restructuring, sale of assets, transfer of product lines, joint venture, or similar transaction, personal data may be disclosed, reviewed, transferred, or otherwise processed as part of the transaction.

In such cases, we will use reasonable measures to protect personal data and require appropriate confidentiality commitments from parties involved in the transaction. If the transaction results in a material change to how personal data is handled, we will provide notice where required by law.

46. Legal Requests, Compliance, and Protection of Rights

We may disclose personal data where we believe it is necessary to comply with applicable law, regulation, court order, subpoena, government request, regulatory inquiry, or other legal process.

We may also disclose or process personal data where necessary to:

  • Enforce contracts or terms of service.
  • Protect the rights, property, or safety of APEX, customers, users, employees, or others.
  • Investigate fraud, abuse, misuse, or security incidents.
  • Prevent unauthorized access or malicious activity.
  • Collect amounts owed.
  • Defend against legal claims.
  • Protect confidential information and intellectual property.
  • Comply with audit, tax, accounting, or regulatory obligations.

Where legally permitted and appropriate, we may notify affected customers before disclosing customer-controlled data in response to legal requests.

47. Security Incidents and Breach Notification

We maintain procedures to identify, investigate, escalate, contain, and respond to suspected security incidents. If we determine that a personal data breach has occurred, we will take appropriate action based on the nature of the incident, the data involved, the affected systems, the risk to individuals, our contractual role, and applicable legal requirements.

Our response may include containment, investigation, forensic review, remediation, credential rotation, patching, customer communication, regulator notification, user notification, and improvements to security controls.

Where we act as a processor, we will notify the relevant customer according to the applicable data processing agreement so the customer can assess its own notification obligations. Where we act as a controller and notification is required by law, we will notify affected individuals, regulators, or other parties within the required timeframe.

Not every security event is a personal data breach. We assess incidents based on evidence, risk, data exposure, system impact, and applicable law.

48. Regional Privacy Considerations

APEX may serve customers and users in the United Arab Emirates, Egypt, Saudi Arabia, the European Economic Area, the United Kingdom, the United States, and other regions. Privacy obligations may differ depending on the location of the individual, the location of the customer, the type of data, the sector, the deployment model, and the role of APEX.

Where the EU General Data Protection Regulation or UK data protection laws apply, individuals may have rights such as access, rectification, erasure, restriction, portability, objection, and rights relating to certain automated decisions.

Where UAE, Egyptian, Saudi, or other regional privacy laws apply, individuals may have similar rights and organizations may have obligations relating to transparency, consent, lawful basis, data security, breach notification, cross-border transfers, and contracts with processors.

This Privacy Policy provides a general notice. It does not describe every legal requirement in every country. Customers operating in regulated industries or processing sensitive data should obtain legal advice and ensure that their deployment, contracts, notices, consents, retention rules, and operating procedures comply with applicable law.

49. Data Processing Agreements

Where APEX processes personal data on behalf of a customer, the customer may require a data processing agreement or privacy addendum. Such agreements may define:

  • The subject matter of processing.
  • The duration of processing.
  • The nature and purpose of processing.
  • The categories of personal data.
  • The categories of data subjects.
  • Customer instructions.
  • Confidentiality obligations.
  • Security measures.
  • Sub-processor rules.
  • International transfer mechanisms.
  • Assistance with privacy rights requests.
  • Breach notification requirements.
  • Return or deletion of data.
  • Audit and compliance information.

Where a signed data processing agreement conflicts with this public Privacy Policy, the signed agreement will control for the relevant customer data.

50. Product-Specific Terms and Documentation

Some APEX products or services may have additional privacy, security, or data handling documentation. This may include product terms, security whitepapers, deployment guides, data processing addenda, support policies, AI usage terms, acceptable use policies, service level agreements, or customer-specific statements of work.

If a product-specific document provides more detailed information for a particular service, that document should be read together with this Privacy Policy. If there is a conflict, the order of priority will usually be the signed customer agreement first, then any applicable data processing agreement or product-specific terms, then this public Privacy Policy, unless the agreement says otherwise.

Customers should review product-specific documentation before connecting production systems, enabling AI features, processing sensitive data, or deploying integrations that involve regulated information.

51. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our products, services, legal requirements, security practices, business operations, or data handling activities.

When we make material changes, we will update the “Last Updated” date and, where appropriate, provide notice through our website, product interface, customer communication, or other reasonable method.

The updated policy will apply from the effective date stated in the policy or, if no date is stated, from the date it is published. Your continued use of our websites, products, or services after the policy is updated means that the updated policy applies to future processing, unless applicable law requires a different process.

We encourage customers and users to review this Privacy Policy periodically.

52. Contact Us

If you have questions about this Privacy Policy, want to exercise privacy rights, need to submit a privacy request, or want to discuss a data processing agreement, please contact us:

APEX Experts AI Solutions Website: https://apexexperts.net Email: info@apexexperts.net Locations: Alexandria, Egypt and Dubai, United Arab Emirates

For product-specific support, customers may also use the support channels listed in the relevant product portal, onboarding documentation, customer agreement, or service desk.

53. Plain-English Summary

We collect personal data when you contact us, visit our websites, use our products, request support, work with us on a project, or communicate with our team. We use that data to provide services, communicate with you, secure our systems, improve our products, manage our business, and comply with legal obligations.

We do not want unnecessary personal data. We do not sell personal data as our business model. We do not use customer confidential data to train general AI models unless the customer clearly agrees in writing. We use security controls appropriate to the service, the architecture, and the risk.

Because we build AI, Oracle APEX, web, mobile, analytics, automation, and enterprise systems, privacy depends on both our safeguards and the customer’s configuration. Customers should apply least privilege, restrict sensitive data, review integrations, protect credentials, and validate AI outputs before relying on them.

If you have a privacy question, contact us at info@apexexperts.net.

خبراء ابكس لحلول الذكاء الاصطناعي
APEX Experts
AI SOLUTIONS
APEX EXPERTS AI SOLUTIONS • OFFICIAL SEAL • REGISTERED •أبيكس إكسبرتس لحلول الذكاء الاصطناعي • الختم الرسمي •