Privacy Policy

Effective Date: [Effective Date — pending DE Cert filing] · Apex Vault, Inc.

COUNSEL REVIEW NOTE 1: This Privacy Policy is structured for a B2B SaaS compliance-infrastructure product serving healthcare operators. Confirm scope: this governs data Apex Vault collects from its OWN website visitors and customer-account holders. Customer-side data flowing through the Apex Vault proxy is governed by the BAA + DPA between Apex Vault and each customer, not by this Policy.

01Who we are

Apex Vault, Inc. ("Apex Vault," "we," "us," or "our") is a Delaware corporation operating compliance proxy infrastructure for healthcare tracking technologies. This Privacy Policy describes how we handle personal information collected through our marketing website at apexvaultcompliance.com and through customer-facing interactions with our personnel.

This Policy does not govern customer data that flows through the Apex Vault sanitization proxy in the course of providing services to a customer. That data is governed by the Business Associate Agreement (BAA) and Data Processing Agreement (DPA) executed between Apex Vault and each customer.

02Information we collect

We collect personal information directly from individuals interacting with us. Specifically:

Contact information you provide: name, email address, business affiliation, and role, when you contact us, request a tier sheet, or schedule a demo.
Business communications: the content of email and other communications you send us.
Customer-account information: if your organization becomes an Apex Vault customer, the contact details of authorized signatories and operational points of contact.
Site usage information: standard server logs (IP, user agent, request timing) from your visits to apexvaultcompliance.com. We do not deploy third-party advertising trackers or analytics pixels on our own website.

COUNSEL REVIEW NOTE 2: Apex Vault does not run third-party tracking on its own site by deliberate brand discipline. Confirm whether this Policy should affirmatively state that fact (currently does in §02 last bullet). Some counsel prefer to omit affirmative claims about absence of tracking; others prefer to call it out as a deliberate posture.

03How we use information

We use the personal information described above to:

Respond to inquiries, deliver requested materials, and engage in pre-sales conversations.
Execute and administer customer contracts (MSA, BAA, DPA, Order Form).
Provide and operate the Apex Vault services consistent with each customer's executed agreements.
Communicate with you about your relationship with Apex Vault.
Maintain the security of our systems and prevent abuse.
Comply with applicable legal and regulatory obligations.

04Categories of recipients

We disclose personal information to the following categories of recipients, only as necessary to operate our business:

Cloud infrastructure provider hosting Apex Vault systems.
Email and productivity tools used for internal collaboration and external communication.
Transactional email service for operational notifications.
Payment processor for invoice handling and customer billing.
Customer relationship management platform for internal pipeline management.
Outside legal counsel and professional advisors when required for legal, compliance, or audit purposes.
Government authorities where compelled by law, subpoena, or court order.
Acquirers or successors in connection with a business transaction (merger, acquisition, or sale of assets).

A current subprocessor list, with specific named vendors, is available to Enterprise customers under MNDA. Email compliance@apexvaultcompliance.com to request it.

05Data retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Policy, including for legitimate business, security, abuse-prevention, and legal-hold purposes. Specific retention windows vary by data category and are governed by our internal retention policy and applicable law.

06Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, or destruction. Our security posture is described in detail at security.apexvaultcompliance.com.

07Your rights

Depending on the jurisdiction in which you reside, you may have rights to access, correct, delete, or restrict our processing of your personal information, and to object to certain uses or transfers. You may also have the right to portability of your data, and to withdraw consent where processing is based on consent.

To exercise these rights, email privacy@apexvaultcompliance.com. We will respond consistent with applicable law.

08Children

Apex Vault services are intended for B2B customers and their authorized personnel. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete it promptly.

09International transfers

Apex Vault is based in the United States. If you are accessing our services from outside the United States, you understand that your personal information may be transferred to and processed in the United States. We rely on appropriate safeguards consistent with applicable law for any international transfers of personal information.

10Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice consistent with applicable law. The "Effective Date" at the top of this Policy will reflect the most recent revision.

COUNSEL REVIEW NOTE 3: California, Virginia, Colorado, Connecticut, Utah, Texas, and other state comprehensive privacy laws require specific disclosures (categories of personal information collected, sources, purposes, third-party recipients, retention, rights). The §02–§07 structure above is designed to satisfy that framework but should be reviewed against the final list of states where Apex Vault has visitors, and against any state-specific addenda counsel wants to attach. Washington MHMDA has its own consumer-health-data disclosure regime — confirm whether Apex Vault is in scope as a "regulated entity" under MHMDA or only as a service provider to regulated entities.

11Contact us

Questions about this Privacy Policy, or requests to exercise rights, should be directed to:

Apex Vault, Inc.
privacy@apexvaultcompliance.com