π Legal
GDPR Compliance Policy
Last updated: March 1, 2025 Β· Effective date: March 1, 2025 Β· Apex Creators
This policy applies to individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. If you are located in one of these regions, you have specific rights under the General Data Protection Regulation (GDPR) or equivalent laws. This page explains those rights and how we honor them.
Section 01
Who We Are β Data Controller
Under the GDPR, Apex Creators acts as the Data Controller for personal data collected through our website and services. This means we determine the purposes and means of processing your personal data.
If you have any questions about how we process your personal data or wish to exercise your rights, please contact us at the email above.
Section 02
What Data We Collect
We collect the following categories of personal data:
- Identity data: First name, last name, company name
- Contact data: Email address, phone number, website URL
- Financial data: Payment details processed via Stripe (we do not store full card numbers)
- Technical data: IP address, browser type, device info, cookies
- Usage data: Pages visited, time on site, referral source
- Communications data: Emails and messages you send us
- Booking data: Appointment date/time, calendar details
We collect only the minimum data necessary to provide our services. We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health information.
Section 03
Legal Bases for Processing
Under GDPR, we must have a valid legal basis for processing your personal data. The table below outlines the legal basis we rely on for each processing activity:
| Processing Activity |
Legal Basis |
| Booking and managing strategy calls |
Contract |
| Delivering AI ambassador services |
Contract |
| Processing payments |
Contract |
| Sending booking confirmations & reminders |
Contract |
| Sending marketing communications |
Consent |
| Website analytics & improvement |
Legitimate Interest |
| Fraud prevention & security |
Legitimate Interest |
| Tax and financial record-keeping |
Legal Obligation |
Section 04
Your GDPR Rights
If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR:
ποΈ
Right of Access
Request a copy of all personal data we hold about you.
βοΈ
Right to Rectification
Request correction of inaccurate or incomplete data.
ποΈ
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
βΈοΈ
Right to Restriction
Request that we limit processing of your data in certain cases.
π¦
Right to Portability
Receive your data in a structured, machine-readable format.
π«
Right to Object
Object to processing based on legitimate interests or for direct marketing.
β©οΈ
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
π€
Rights re: Automated Decisions
Not be subject to solely automated decisions with significant effects.
To exercise any of these rights, email us at hello@apexcreators.ai. We will respond within 30 days. We may need to verify your identity before processing your request.
Section 05
International Data Transfers
Apex Creators is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data will be transferred to and processed in the United States, which may not have the same level of data protection as your home country.
We ensure appropriate safeguards are in place for such transfers, including:
- Using third-party processors that comply with GDPR-equivalent standards (e.g., Stripe, Google, GoHighLevel)
- Standard Contractual Clauses (SCCs) where required
- Ensuring processors are certified under applicable data transfer frameworks
We only transfer data to countries or processors that provide an adequate level of protection for your personal information.
Section 06
Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy:
- Client and booking data: Up to 3 years after the last interaction
- Financial and payment records: 7 years (required under US tax law)
- Marketing data: Until you withdraw consent or unsubscribe
- Analytics data: Up to 26 months (Google Analytics default)
When data is no longer needed, it is securely deleted or anonymized.
Section 07
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
Our booking system (GoHighLevel) automates appointment scheduling and confirmation emails, but these processes do not involve decisions that significantly affect your rights or interests.
Section 08
How to Exercise Your Rights
To submit a GDPR-related request, please contact us using the details below. Your request should include:
- Your full name and email address
- The specific right you wish to exercise
- Any relevant details to help us identify your data
We will acknowledge your request within 72 hours and provide a full response within 30 days. In complex cases, we may extend this by an additional 60 days β we will inform you if this applies.
Section 09
Complaints & Supervisory Authority
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with your local data protection supervisory authority.
- EEA residents: Contact your country's data protection authority. A full list is available at edpb.europa.eu.
- UK residents: Contact the Information Commissioner's Office (ICO) at ico.org.uk.
- Swiss residents: Contact the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.
We encourage you to contact us first at hello@apexcreators.ai so we can try to resolve your concern directly.
Section 10
Changes to This Policy
We may update this GDPR policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify you by email where we hold your contact information.
Continued use of our services after changes are posted constitutes acceptance of the updated policy.