Skip to main content
ApexMachina

Privacy Policy

Last updated: 2026-05-15

This policy describes how Apex Machina collects, uses and protects your personal data when you use the platform.

1. Data controller

Apex Machina — company currently being registered. The data controller is Thibault Husson, reachable at privacy@apexmachina.fr. This document will be updated once the Kbis is published.

2. Data collected

Account (email, name, hashed password), usage (actions performed, technical logs), billing (via Stripe, no direct storage of card numbers), content you create (lists, contacts, reports).

3. Purposes and legal bases

Contract performance (providing the service), legitimate interest (security, product improvement), consent (analytics, optional marketing). No processing on an undeclared third-party legal basis.

4. Retention periods

Account data: duration of the relationship + 3 years. Technical logs: 12 months. Invoices: 10 years (legal obligation). You can request early deletion at any time.

5. Recipients and subprocessors

Vercel (web hosting, EU/US), Supabase (database, Ireland EU), Stripe (payments, Ireland), n8n (automation, self-hosted EU), Apify (scraping, EU), OpenRouter, OpenAI and Anthropic (AI models, US with DPA). Each subprocessor is bound by a GDPR contract.

6. Transfers outside the EU

Transfers to the US (OpenAI, Anthropic) are covered by the European Commission's Standard Contractual Clauses. No raw data is sent to non-adequate destinations without appropriate safeguards.

7. Your rights

Access, rectification, erasure, objection, portability, restriction. To exercise these rights, contact privacy@apexmachina.fr. You can also lodge a complaint with the CNIL (cnil.fr).

8. Cookies

Technical cookies (session, CSRF): mandatory, no consent required. Analytics cookies (GA4): opt-in via consent banner, can be disabled any time.

9. Contact

For any question: privacy@apexmachina.fr. Maximum response time: 30 days.