APEX

Privacy Policy

Effective date: June 14, 2026 · Last updated: June 14, 2026

This Privacy Policy explains how AAA Designs LLC ("AAA Designs," "we," "us," or "our"), a Wyoming limited liability company, collects, uses, and protects information when you use APEX (the "Service") at apexcommand.app and related pages. By using APEX, you agree to the practices described here. If you do not agree, do not use the Service.

1. Who this applies to

This policy applies to anyone who creates an APEX account, connects a third-party service to APEX, or otherwise uses the Service.

2. The information we collect

Information you give us directly.

Account information: your name, email address, and a password. We never store your password in plain text — it is hashed using a strong, salted algorithm (scrypt).
Profile and setup information: the assistant name, goal, honorific, agent names, and any background details you enter during setup.
Content you provide: notes, documents, and files you upload to your knowledge base; messages and commands you give APEX; and items you place in your approval queue.

Information from services you connect (only with your permission). If you connect a third-party account such as Google, APEX accesses only the data needed for the features you request. Depending on the scopes you authorize this may include:

Gmail: reading message content and metadata to triage, summarize, and draft replies; and, only with your explicit per-action approval, sending or modifying messages.
Google Calendar: reading events to prepare your briefings; and, only with your explicit per-action approval, creating or updating events.
Other connectors you enable, limited to the data each feature requires.

You authorize these connections on the provider's own screen. APEX never sees or stores your third-party passwords. You can disconnect any service at any time from the Connections page, which revokes APEX's access going forward.

Information we collect automatically. Basic usage data (request counts and activity needed to operate the Service and prevent abuse), technical/log data (IP address, timestamps, error logs, used for security and debugging), and a small number of strictly necessary cookies — a secure, HttpOnly session cookie to keep you logged in and a CSRF-protection cookie. We do not use advertising or cross-site tracking cookies.

3. Google user data — Limited Use

APEX's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Google user data only to provide and improve the user-facing features you request inside APEX.
We do not use Google user data for advertising.
We do not sell Google user data, and we do not transfer it to others except as needed to provide or improve user-facing features, to comply with applicable law, or as part of a merger or acquisition.
We do not allow humans to read your Google user data unless you give specific consent, it is necessary for security or to comply with law, or the data is aggregated and anonymized for internal operations.

4. How we use information

We use the information above to create and manage your account and authenticate you; operate the assistant and its agents; execute actions only after you approve them (APEX never sends, deletes, or changes anything in a connected account without your per-action approval); maintain security and prevent abuse; debug and improve reliability; communicate with you about the Service; and comply with legal obligations. We do not sell your personal information.

5. AI processing and our service providers

To generate responses and perform tasks, APEX sends the necessary content to trusted third-party providers that process data on our behalf: AI model providers (such as OpenAI and Anthropic) and text-to-speech providers to generate text and voice, and hosting/infrastructure providers (such as Render) to run the Service and store data. Under their applicable API terms, these AI providers process data to return a result to us and do not use API-submitted content to train their models. We send only what is needed to perform your request, and we share data with these providers only to operate the Service. A current list of subprocessors is available on request. We may also disclose information if required by law, to protect our rights or others' safety, or in connection with a merger or acquisition.

6. How we protect your data

We apply layered, industry-standard security, including encryption in transit (HTTPS/TLS) and encryption at rest for sensitive items such as connected-service access tokens (AES-256-GCM); hashed passwords (scrypt) and hashed session identifiers; secure cookies (HttpOnly, SameSite, Secure) and CSRF protection; rate limiting and abuse controls; and per-user data isolation with least-privilege access. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify affected users and authorities as required by law.

7. Data retention and deletion

We retain your account and content while your account is active. You can reset your APEX at any time (wiping your notes, schedule, approvals, connections, and agent names while keeping your login) or delete your account entirely from Settings, which removes your workspace and stored connected-service tokens. After deletion, residual copies may persist briefly in backups or logs and are purged on our normal cycle (target: within 30 days). Disconnecting a third-party service revokes our ongoing access; for Google you can also revoke access via your Google Account permissions.

8. Your privacy rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. Most of these you can exercise directly in the app (Settings → reset or delete). For anything else, contact us and we will respond as required by law.

EU/UK (GDPR): our legal bases are your consent (for connected services), performance of our contract with you, and our legitimate interests (security, abuse prevention, improvement). You may complain to your local supervisory authority.
California (CCPA/CPRA): you have the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information as defined under California law.

9. International data transfers

We are based in the United States and process data there and with U.S.-based providers. If you access APEX from outside the U.S., your information will be transferred to and processed in the U.S. and other countries, which may have different data-protection laws. Where required, we rely on appropriate safeguards for such transfers.

10. Children

APEX is not directed to children. You must be at least 16 years old (or the age of digital consent in your country) to use the Service. We do not knowingly collect data from children under that age; if we learn we have, we will delete it.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, notify you in the app or by email. Continued use after changes means you accept the updated policy.

12. Contact us

AAA Designs LLC
30 N Gould St, Ste R
Sheridan, WY 82801, United States
Email: support@apexcommand.app