Privacy Policy

1. Scope

This Privacy Policy applies to information we collect through:

• Our website.
• Aptic accounts and workspaces.
• Aptic software, applications, reports, dashboards, workflows, and automations.
• AI-assisted tools and outputs.
• Consulting, managed services, implementation, analytics, strategy, marketing, operations, finance-related analysis, and automation support.
• Sales, support, onboarding, and customer communications.
• Connected third-party services and integrations.

This Privacy Policy does not apply to third-party websites, platforms, tools, or services that we do not control.

2. Information We Collect

We collect information in several ways.

2.1 Information You Provide

We may collect information you provide directly, including:

• Name, email address, phone number, company name, job title, and contact details.
• Account login information and workspace information.
• Billing, subscription, payment, and transaction-related information.
• Messages, support requests, sales inquiries, feedback, forms, survey responses, and communications.
• Business goals, assumptions, strategy documents, operating plans, launch plans, projections, tasks, decisions, approvals, and workspace preferences.
• Documents, spreadsheets, reports, website content, marketing materials, business plans, financial materials, operational information, customer information, and other content you upload or provide.

2.2 Information from Connected Services

If you connect third-party services, we may collect information from those services based on the permissions you grant.

Connected services may include advertising platforms, analytics tools, search tools, websites, financial systems, operational systems, customer systems, project management tools, cloud services, email tools, automation platforms, or governance/control systems.

Depending on your configuration, this information may include:

• Advertising campaign data.
• Website and analytics data.
• Conversion, traffic, attribution, and event data.
• Search performance data.
• Website crawl data.
• Financial metrics, expenses, revenue, margin, unit economics, cash-flow, or budget information.
• Operational metrics, inventory, fulfillment, refund, support, vendor, or process data.
• Tasks, approvals, decisions, projects, messages, and workflow information.
• Account metadata, permissions, logs, and connection status.

2.3 Information Collected Automatically

When you visit our website or use our services, we may automatically collect:

• IP address, device identifiers, browser type, operating system, device type, and approximate location.
• Pages viewed, links clicked, referring URLs, session activity, timestamps, and usage events.
• Log data, diagnostics, error reports, performance data, uptime data, and security events.
• Cookie, pixel, local storage, and similar tracking information.

2.4 AI, Automation, and Consulting Data

Aptic may collect and process information related to AI-assisted services, automation, consulting, managed services, and business actions, including:

• Prompts, instructions, questions, and user requests.
• Business context used to generate outputs.
• AI-generated reports, recommendations, summaries, projections, tasks, and analyses.
• Deterministic check results, signals, issues, opportunities, data gaps, and measurements.
• Human consultant notes, reviews, edits, recommendations, and service-delivery records.
• Approval decisions, denial reasons, delegated authority settings, action logs, and execution records.
• Quality evaluations, confidence scores, feedback, and calibration records.
• Audit logs, workflow logs, integration logs, and security logs.

3. Customer Data

“Customer Data” means business information, documents, account data, connected service data, personal information, confidential information, and other content provided to Aptic by or on behalf of a customer.

You retain ownership of Customer Data. We process Customer Data to provide, secure, support, maintain, and improve the services, and to perform the services you request.

If you provide Customer Data that includes personal information about your customers, employees, contractors, users, vendors, or other individuals, you are responsible for providing required notices, obtaining required consents, and ensuring you have a valid legal basis to provide that information to Aptic.

4. How We Use Information

We may use information to:

• Provide, operate, maintain, secure, and improve the services.
• Create and manage accounts, workspaces, reports, dashboards, recommendations, tasks, decisions, approvals, workflows, and automations.
• Deliver consulting, managed services, implementation, strategy, marketing, operations, finance-related analysis, and automation support.
• Analyze business data and generate insights, reports, recommendations, projections, tasks, action plans, and measurements.
• Prepare, route, approve, execute, monitor, and audit authorized actions.
• Provide human review, quality review, troubleshooting, and customer support.
• Verify permissions, enforce approval settings, maintain audit trails, and prevent unauthorized activity.
• Monitor security, detect abuse, debug errors, and maintain service reliability.
• Process payments, manage billing, and administer subscriptions.
• Send administrative messages, account notices, security notices, product updates, service communications, and marketing communications.
• Evaluate and improve product quality, model behavior, workflows, templates, prompts, and service delivery.
• Measure usage, adoption, customer outcomes, service quality, and business impact.
• Comply with legal obligations, enforce agreements, and protect rights, safety, property, and security.

5. Human Review and Service Delivery

Aptic services may involve review by authorized Aptic employees, contractors, consultants, analysts, operators, support personnel, and service providers.

These individuals may access Customer Data, workspace information, connected account data, AI outputs, reports, recommendations, approvals, tasks, action logs, communications, and related information as needed for legitimate business purposes, including:

• Providing consulting and managed services.
• Reviewing and improving recommendations.
• Preparing or performing authorized actions.
• Supporting customers.
• Troubleshooting issues.
• Conducting quality review.
• Maintaining security and compliance.
• Auditing service performance.
• Improving Aptic’s services.

We use access controls and internal policies designed to limit access to people who need it for authorized purposes.

6. AI Model and Training Practices

Aptic may use internal AI systems, third-party AI model providers, deterministic workflows, analytics tools, and automation systems to provide the services.

Unless we separately disclose otherwise or obtain your consent:

• We do not sell Customer Data.
• We do not use your non-public Customer Data to train public foundation models.
• We do not permit third-party AI model providers to use your non-public Customer Data to train their public models, where provider settings and contracts allow such restriction.
• We may use Customer Data to generate outputs, provide services, troubleshoot, secure the platform, monitor quality, and improve your workspace experience.
• We may use aggregated, de-identified, or anonymized information to improve Aptic’s services, provided it does not identify you or your business.

You should not submit highly sensitive information unless the service expressly supports it and you have the required authority and legal basis.

7. Sensitive Information

Aptic is designed primarily for business use. Unless expressly supported by the service or agreed in writing, you should not provide:

• Social Security numbers, government identification numbers, or passport numbers.
• Payment card numbers or bank login credentials.
• Protected health information.
• Children’s personal information.
• Biometric identifiers.
• Highly sensitive employment, legal, immigration, medical, or financial information.
• Passwords, secrets, private keys, or credentials that are not requested through a secure credential flow.

If you provide sensitive information, you represent that you have the required rights, consents, notices, and legal basis to do so.

8. How We Share Information

We may share information as described below.

8.1 Service Providers

We may share information with vendors and service providers that help us operate the services, including hosting providers, cloud infrastructure providers, database providers, AI model providers, analytics providers, security providers, payment processors, email providers, customer support tools, logging providers, and other operational vendors.

These providers may process information on our behalf subject to contractual, technical, or operational restrictions.

8.2 Aptic Personnel

We may share information with Aptic employees, contractors, consultants, analysts, operators, and other authorized personnel as needed to provide, support, secure, audit, and improve the services.

8.3 Connected Services

When you connect third-party services, we may send information to or receive information from those services based on your configuration, permissions, instructions, approvals, and requested actions.

8.4 Workspace Users

Information in a workspace may be visible to the workspace owner, administrators, authorized users, and other users invited to the workspace.

Workspace owners and administrators may be able to access user activity, connected data, reports, recommendations, tasks, approvals, decisions, action logs, and other workspace information.

8.5 Legal, Safety, and Compliance

We may disclose information if we believe it is necessary to comply with law, legal process, government requests, regulatory requests, security obligations, fraud prevention, enforcement of agreements, or protection of rights, safety, property, or security.

8.6 Business Transfers

If Aptic is involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, information may be transferred as part of that transaction.

8.7 With Your Consent or Direction

We may share information with your consent or at your direction.

9. Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to:

• Operate the website and services.
• Remember preferences.
• Secure sessions.
• Analyze usage.
• Improve performance.
• Support marketing.
• Measure campaigns.
• Understand website activity.

You can control cookies through your browser settings. Some features may not work properly if cookies are disabled.

If we use analytics, advertising, retargeting, or similar technologies that require notice or consent, we will provide appropriate notices and choices where required by law.

10. Data Retention

We retain information for as long as reasonably necessary to provide the services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, support backups, preserve audit logs, prevent fraud, and operate our business.

Retention periods may vary depending on:

• The type of information.
• Customer settings.
• Service Order requirements.
• Legal and compliance obligations.
• Security and audit needs.
• Backup and disaster recovery practices.
• Whether the information is part of business records, action logs, approvals, or evidence records.

You may request deletion of certain information, subject to legal, security, contractual, operational, and backup limitations.

11. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. These may include access controls, encryption, credential protection, logging, monitoring, security reviews, and vendor controls.

No method of transmission or storage is completely secure. You are responsible for maintaining the security of your accounts, devices, passwords, API keys, connected services, user permissions, and workspace access.

12. International Data Transfers

Aptic may process and store information in the United States and other countries where we or our service providers operate. These countries may have privacy laws different from those in your jurisdiction.

Where required, we use appropriate safeguards for international transfers.

13. Your Choices and Rights

Depending on where you live, you may have rights regarding your personal information, such as the right to:

• Access personal information we have about you.
• Correct inaccurate personal information.
• Delete personal information.
• Obtain a copy of personal information.
• Opt out of certain processing, such as targeted advertising, sale, sharing, or profiling where applicable.
• Limit certain uses of sensitive personal information where applicable.
• Withdraw consent where processing is based on consent.
• Appeal a decision regarding a privacy request where applicable.

To exercise privacy rights, contact us at [Insert privacy email]. We may need to verify your identity before fulfilling your request.

These rights may be limited by applicable law, security needs, legal obligations, contractual obligations, business records, and the nature of the information.

14. California Privacy Notice

If the California Consumer Privacy Act, as amended, applies to Aptic, California residents may have additional rights.

Categories of Personal Information We May Collect

We may collect the following categories of personal information:

• Identifiers, such as name, email address, IP address, account identifiers, and contact information.
• Commercial information, such as subscription, billing, payment, service history, and transaction-related information.
• Internet or electronic network activity, such as website usage, log data, device data, session activity, and interaction data.
• Professional or employment-related information, such as company name, role, title, and business contact details.
• Geolocation information, such as approximate location inferred from IP address.
• Inferences, such as preferences, product usage patterns, business interests, recommendations, or service needs.
• Sensitive personal information, only if you provide it or configure the service to process it.
• Customer records and business contact information.
• Audio, electronic, or similar information if you communicate with us through recorded calls, video meetings, or similar channels.

Sources

We may collect personal information from you, your company, workspace users, connected services, service providers, cookies, analytics tools, business partners, and public or commercially available sources.

Purposes

We use personal information for the purposes described in this Privacy Policy, including providing services, consulting, managed services, security, support, analytics, billing, communications, product improvement, legal compliance, and enforcement.

Disclosure

We may disclose personal information to service providers, Aptic Personnel, connected services, workspace users, legal authorities, professional advisers, and business transaction parties as described in this Privacy Policy.

Sale or Sharing

We do not sell personal information for money. We do not knowingly sell or share personal information of consumers under 16.

If we use advertising, analytics, or tracking technologies that are considered “selling” or “sharing” under California law, we will provide the required notice and opt-out mechanism.

California Rights

California residents may have the right to know, access, correct, delete, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights.

To exercise rights, contact us at [Insert privacy email].

15. Business Customer Data and Processor/Service Provider Role

Aptic primarily provides services to businesses and organizations.

When Aptic processes personal information on behalf of a business customer, Aptic may act as a service provider, processor, or similar role under applicable privacy laws. In that case, the business customer is responsible for determining the purposes and means of processing, providing required notices, obtaining required consents, and responding to individual privacy requests unless otherwise agreed in writing.

If you are an individual associated with one of our customers and have questions about information processed in that customer’s workspace, please contact that customer directly.

16. Children’s Privacy

Our services are intended for business users and are not directed to children under 13. We do not knowingly collect personal information from children under 13.

If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.

17. Email and Communications

We may send you service-related messages, security notices, account notices, billing notices, product updates, and marketing communications.

You may opt out of marketing emails by using the unsubscribe link or contacting us. You may still receive transactional, security, legal, billing, or service-related communications.

18. Do Not Track and Global Privacy Signals

Some browsers offer “Do Not Track” signals. Because there is no common industry standard for these signals, we do not currently respond to them.

Where legally required, we will honor recognized opt-out preference signals, such as Global Privacy Control, for applicable processing.

19. Third-Party Links and Services

Our website and services may link to third-party websites, platforms, tools, or services. We are not responsible for the privacy practices, policies, content, or security of third parties.

Your use of third-party services is governed by their privacy policies and terms.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a new “Last Updated” date.

If changes are material, we may provide additional notice. Your continued use of the services after the updated Privacy Policy becomes effective means you acknowledge the updated policy.