Privacy Statement

Version 4.4 – August 2024


At Aptible, our core mission is to help teams protect data on the internet. As a result, our goal is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share your information, including your personal information, and the rights and choices you have about the ways in which you can help us protect your privacy.


This Privacy Statement explains:


  • What information do we collect, and why do we collect it.

  • How we use that information, and when we disclose it.

  • Your rights regarding that information, including how to access and update your information.

  • The steps we take to protect your information.


Scope: This Privacy Statement applies to the information that we obtain through your use of Aptible products and services, including our website (https://www.aptible.com), our Aptible Deploy and Aptible Comply platforms, social media, communications, and web-based tools (collectively, our "Services"). For a current list of the Services and vendors covered by this Privacy Statement, see our Subprocessor Directory.


This Privacy Statement does not apply to personal information arising from Aptible’s employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Statement also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.


Geography: Aptible is a U.S.-based company that offers our Services to domestic and international business customers. As a result, information that we collect, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third-party service providers in the U.S. and in other countries to the extent necessary to support Aptible’s business activities, and we may access personal information collected by our customers to support the Services that we provide to our customers. Thus, personal information may be transferred to and stored on servers located in the United States and in countries different from the country in which that information was initially collected. Similarly, the information we collect may be accessed by Aptible and our third-party service providers and business partners from countries other than the ones in which the information is stored. For more information about how we handle personal information from EU-based individuals, see below.


If you have any questions or concerns about this Privacy Statement or about our privacy or data security practices, please contact us at privacy@aptible.com.


What We Mean by Personal Information


For purposes of this Privacy Statement, "Personal Information" means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.


"Sensitive Personal Information" includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.


Individuals covered by this Privacy Policy should be aware that when we receive Sensitive Data from third parties, it is treated with the same level of protection as data we collect directly, acknowledging its sensitivity as recognized by the third party. As a Controller, we ensure that any third party acting as a Service Provider and processing data on our behalf is bound by a contract, reinforcing our privacy commitments and stipulating that such data is handled strictly according to our instructions and privacy standards.


Types of Personal Information that We Collect


  • Names

  • Physical address

  • Email addresses

  • Telephone numbers

  • Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.

  • User IDs and passwords

  • Personal information that you choose to share within our user communities, such as community.aptible.com

  • Payment card and financial account information

  • Identifiers of devices used to access our Services


Information that We Collect from and About You


Information that You Provide to Us Voluntarily


Account and Profile Information: We collect information about you and your company when you register for an account, create or modify your profile, and make purchases through our Services. The information we collect includes your name, username, address, email address, phone number, and payment card details. You may provide this information directly through our Services, or in some cases, another user (such as an account administrator) creating an account on your behalf may provide it. If you provide information (including personal information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their personal information as described in this Privacy Policy.


Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as HIPAA-protected health information, EU personal data, and other information such as source code or regulatory compliance materials. When we process HIPAA-protected health information or EU personal data on your behalf pursuant to a HIPAA business associate agreement or a GDPR data protection agreement, our use of that data is restricted by that agreement and limited solely to providing you with our Services and other ancillary functions as provided by law.


Other submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.


Information that We Collect Automatically When You Use Our Services


Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers (see our Subprocessor Directory), also collect and store analytics information when you use our Services to help us improve our Services.


Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies that we save to your computer or mobile device. See our Subprocessor Directory. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; and to count visits and understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with personal information you submit while on our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.


Information that We Collect from Other Sources


Information from third parties: We may obtain information, including personal information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from our direct marketing providers, product referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Statement. If we use this information to provide you with opportunities that we think may be of interest to you, you will have the ability to inform us that you do not wish to receive such offers, and you may unsubscribe from our marketing and other email communications by clicking on the link in the email, sending an e-mail to privacy@aptible.com, or accessing your user account and changing your distribution preferences.


Information provided by other individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about You. When one individual provides us with information (including personal information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of personal information as described in this Privacy Statement. Please contact us immediately at privacy@aptible.com if you become aware of an individual providing us with personal information about another individual without being authorized to do so, and we will act consistently with this Privacy Statement.


Information that We Receive About You From Our Customers


Our customers and their designated users use our Services, in particular Aptible Deploy, to develop, establish, implement, and maintain secure application and database deployment environments for processing sensitive data, including personal information and sensitive personal information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store personal information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.


Our customers and prospective customers are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of personal information, prior to providing that personal information to Aptible.


In addition, our customers and prospective customers are also responsible for identifying, in the Services Agreement or in a related document (such as a HIPAA business associate agreement or GDPR data protection agreement), any additional requirements for protecting, accessing, and handling personal information in a particular matter that exceeds the reasonable, risk-based administrative, technical, and physical safeguards that Aptible would otherwise routinely implement, or that are inconsistent with the collection and use practices identified in this Privacy Statement.


Unlike the other collections of information described in this section, our agreements with customers include specific protections and limitations regarding our access to and use of personal information collected by customers, and we do not access, use, copy, retain, or aggregate that customer data except as stated in those agreements.


Why We Collect Information from and About You


We will not use your personal information for anything other than the following lawful purposes:


To establish and maintain contractual relationships with our customers:


  • To establish relationships with new customers

  • To fulfill our obligations to current customers

  • To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages

  • To enable individuals to access and use our Services


To comply with our legal obligations:


  • To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements

  • To demonstrate compliance with applicable privacy and data security laws and regulations, such as HIPAA, GDPR, EU-US DPF, UK Extension, and Swiss-US DPF.

  • To comply with incident monitoring, reporting, assessment, and notification requirements

  • To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law


To provide services and information that you request and consent to receive:


  • To provide customer service and support

  • To communicate with you, including responding to your comments, questions, and requests regarding our Services

  • To process and complete transactions, and send you related information, including purchase confirmations and invoices

  • To provide direct marketing, email, and other distributed information distribution


To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:


  • To administer, operate, maintain, and secure our website and Services

  • To monitor and analyze trends, usage, and activities in connection with our Services

  • To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities

  • To verify compliance with our internal policies and procedures

  • For accounting, recordkeeping, backup, and administrative purposes

  • To customize and improve the content of our communications, websites, and social media accounts

  • To educate and train our workforce in data protection and customer support

  • To provide, operate, maintain, improve, personalize, and promote our Services

  • To develop new products, services, features, and functionality

  • To market our products and services (first-party marketing only; we do not provide personal information for use in marketing any non-Aptible, third-party goods or services)


When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information, we will treat it in accordance with this Privacy Statement.


When and Why We Share or Disclose Personal Information


Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.


We may share your information in the following ways:


With your express consent: We will share your personal information with companies, organizations, or individuals outside of Aptible when we have your consent to do so.


When you choose to directly share your information while using our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.


When your account is accessed by your organization’s designated Aptible administrator: Your Aptible account owners and administrators may be able to:


  • Access information in and about your Aptible account;

  • Disclose, restrict, or access information that you have provided or that is made available to you when using your Aptible account, including your content; and

  • Control how your Aptible account may be configured, accessed, or deleted.


With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf, listed in our Subprocessor Directory. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services. We also work with third-party service providers to provide the cloud-based tools that our customers use to create their secure storage containers and securely store their sensitive information, including personal information.


When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals: We may disclose your information (including your personal information) to a third party if:


  • We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request;

  • To enforce our agreements, policies, and terms of service;

  • To protect the security or integrity of Aptible’s products and services;

  • To respond to an incident involving personal data for which Aptible has direct or indirect responsibility

  • To protect the property, rights, and safety of Aptible, our customers or the public from harm or illegal activities;

  • To respond to an emergency in which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or

  • To investigate and defend ourselves against any third-party claims or allegations.


As the result of a business transition: We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.


Sharing aggregate, anonymized, deidentified, or otherwise non-personal data: We may share aggregate, anonymized, deidentified, or otherwise non-personal information that does not directly or indirectly identify you and that cannot, with reasonable effort, be used to reidentify you in order to improve the overall experience of our Services. Such aggregated, anonymized, deidentified, or otherwise non-identifiable information is not personal information within the scope of this Privacy Statement.


Your Control Over Your Personal Information


  • You may decline to share certain personal information with us, in which case we may not be able to provide you with some of the features and functionality of our Services or fulfill your requests. For example, we need your email address to authenticate you and perform account services such as password resets, or to provide you with customer support.

  • You may decline to accept cookies, but that decision may affect the functionality and performance of our Services.

  • You may update or correct your personal information at any time by accessing the account settings page on the website or within our platform.

  • You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.


In addition to providing options to update or correct personal information, we fully acknowledge and facilitate the exercise of GDPR-related rights by the data subjects. These include:


  • The Right to Access: You may request information about and access to, the personal data that we collect from you.

  • The Right to Object: You may opt out of receiving promotional communications from Aptible by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.The Right to Be Forgotten: You may request that we delete information that we have collected about you.

  • The Right to Data Portability: You may ask us for a copy of the information that we collected from you.


To exercise any of these options, or for additional information about our privacy and data security practices, contact us at privacy@aptible.com.


Security


Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, Aptible is following best practices, employing a variety of organizational, technical, and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with.


To that end, we manage our data protection program consistent with SOC 2, HITRUST, and applicable legal and regulatory requirements such as HIPAA and GDPR. The subsequent information is available for review in our Trust Center:


  • Aptible’s HITRUST CSF stand-alone certification letter.

  • Aptible’s current SOC 2 Type 2 report and HITRUST CSF Validated Assessment Report are available under NDA to customers only

  • Latest Penetration Test Report


Please see our Security Policy for more details.


Aptible protects personal information under its control, and requires its service providers (see our Subprocessor Directory) to also protect against, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.


If you have concerns about the security of your information with Aptible, please contact us immediately at security@aptible.com to report an issue.


Consent Management


We adhere to the GDPR's stringent consent requirements for our direct Customers and Users. Consent is requested in a clear, affirmative manner, separate from other terms and conditions. It's specific, informed, and unambiguous. Data subjects have the right to withdraw their consent at any time, and it's as easy to withdraw consent as it is to give it.


Data Minimization 


We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. We regularly review our data collection practices to ensure that only the necessary data is being collected and processed.


Data Retention


We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose or anonymize that information.


Children’s Privacy


Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at privacy@aptible.com.


Your Privacy Rights


Personal Data Requests


Just as we have our rights and obligations to process your personal information, you also have certain rights to process your personal data. These rights include:


  • Right of access: In compliance with Article 15 of the GDPR, we would like to inform you that you have the right to ascertain if we process your personal data. If so, we respect your right to request access to it. We will provide you with comprehensive information regarding the purpose of processing, the categories of personal data, and the recipients or categories of recipients to whom your personal data may have been disclosed. However, it is important to note that this right is not absolute, and the privacy rights of others may limit your access. In addition, if you require additional copies of your personal data, we may need to apply a reasonable fee based on administrative costs.

  • Right to rectification: As stipulated under Article 16 of the General Data Protection Regulation (GDPR), we would like to inform you that you have the right to request rectification of any inaccurate personal data we may have on record. Moreover, depending on the purposes of the processing, it is also within your right to request the completion of any incomplete personal data, in accordance with GDPR regulations, by means of providing a supplementary statement. We are committed to ensuring that your personal data is accurate and up-to-date, and we will take prompt action to fulfill any such requests in a timely and respectful manner.

  • Right to erasure (right to be forgotten): As per the regulations outlined in Article 17 of GDPR, we would like to inform you that you have the right to request the deletion of your personal data. We would like to respectfully note, however, that in certain circumstances, we may need to retain your personal data if it is deemed necessary for:

  • fulfilling our legal obligation;

  • archival, historical, or scientific research or statistical purposes; or

  • determination, exercise, or defense of our legal claims.

  • Right to restriction of processing: As per Article 18 of the General Data Protection Regulation (GDPR), we would like to inform you that you have the right to request that we limit the processing of your personal data. We hold your privacy in the highest regard and want to ensure that we comply with all relevant laws and regulations. This means that, in the event that you make such a request, your personal data will be labeled accordingly and we will only process it for specific purposes that are in line with the law.

  • Right to personal data portability: In accordance with Art. 20 GDPR, we would like to inform you that you hold the right to receive a copy of your personal data that we possess in a structured, commonly used, and machine-readable format. Moreover, you may also request us to transfer this data to an organization of your choice. We acknowledge your right to access your personal data and are committed to ensuring that we comply with the GDPR's requirements in this regard.

  • Right to object: If you have previously granted consent for the processing of your personal data in accordance with Article 7 III of GDPR, we would like to inform you that you hold the right to withdraw your consent at any point in time. We would like to request that you submit a written declaration of revocation, which can be delivered via email or fax. We respect your decision and will promptly cease processing your personal data upon receiving your written revocation.


Your Choices


You may opt out of your Personal Data being shared with third parties, except when the third party is a Service Provider working under our instruction contractually required to protect your Personal Data.


We also provide you the option to opt-out when Personal Data might be used for purposes significantly different from those initially collected or approved by the individual. Opting out may influence the provision of our Services and our interaction with individuals.


For Sensitive Data, as a Controller, we require explicit, affirmative consent (opt-in) for sharing or using this data for purposes beyond its original collection or approved uses unless an exception in the Sensitive Data Supplemental Principle applies.


As a Processor, we support our customers in adhering to the Choice Principle, ensuring compliance and respect for individual data preferences.


Please note that to protect personal information, we may verify your identity by a method appropriate to the type of request you are making. You are entitled to exercise the rights described above free from discrimination.


We will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.


To exercise any of these options, for additional information about our privacy and data security practices, or to otherwise opt out of the sharing of your personal data or contact information, contact us at privacy@aptible.com.


To unsubscribe from our Communications


When you register for an account, we will use your name and email address to send periodic emails to you of both promotional and transactional nature. Out of respect for your privacy, you may choose to stop receiving promotional emails by following the unsubscribe instructions included in these emails, or you can contact us at privacy@aptible.com


California Privacy Rights


California Civil Code Section 1798.83 permits Aptible customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at privacy@aptible.com.


State Specific Privacy Laws and Regulations


This section (this “Supplemental Notice”) applies only to information collected about consumers in the following states: (1) California, (2) Colorado, (3) Connecticut, (4) Nevada, (5) Utah, and (6) Virginia and describes our practices regarding the collection, use, and disclosure of PII and provides instructions for submitting data subject requests. Some apply only to consumers of particular states. In those instances, we have indicated that such language applies only to those consumers.


To the extent terms used in this Supplemental Notice are defined terms under the applicable US State Privacy Law, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the state statutes, the definitions applicable to you are those provided in the statute for the state in which you are a consumer. For example, if you are a Virginia consumer, terms used in this Supplemental Notice that are defined terms in the VCDPA shall have the meanings afforded to them in the VCDPA as this Supplemental Notice applies to you.


1. Supplemental Notice for California Residents. This Supplemental Notice for California residents only applies to our processing of personal information that is subject to the California “Shine the Light” law which permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. Further, California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of PII to other entities for their direct marketing purposes in the preceding calendar year. We do not distribute your PII to other entities for their own direct marketing purposes.  


2. Supplemental Notice for Colorado Residents. The Colorado Privacy Act provides Colorado residents with the following rights: (i) the right to opt out of the processing of personal data concerning the consumer; (ii) the right to confirm whether a business is processing personal data concerning the consumer and to access the consumer's personal data; (iii) the right to correct inaccurate personal data collected from the consumer; (iv) the right to delete personal data concerning the consumer; (v) the right to restrict a business’s ability to process PII about the consumer, specifically to opt-out of processing for profiling/targeted advertising purposes; (vi) a prohibition against a business making certain decisions about a consumer based solely on an automated process without human input; and (vii) the right to data portability.  When exercising the right to access personal data, a consumer has the right to obtain the personal data in a portable, and to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hinderance. A consumer may exercise this right no more than two (2) times per calendar year. 


3. Supplemental Notice for Connecticut Residents. The Connecticut Data Privacy Act provides Connecticut residents with the following rights: (i) the right to confirm whether a business is processing personal data concerning the consumer and to access the consumer's personal data; (ii) the right to request that incorrect or outdated personal information be corrected but not deleted; (iii) the right to delete personal data concerning the consumer; (iv) the right to restrict a business’s ability to process sensitive data about the consumer- specifically to opt-out of processing for profiling/ targeted advertising purposes; (v) the right to request personal information about the consumer be disclosed in a common file format; (vi) the right to opt out of the sale of personal information about the consumer to third parties; and (vii) prohibition against a business making certain decisions about a consumer based solely on an automated process without human input.


4. Supplemental Notice for Nevada Residents. We generally do not disclose or share personal information for profit. If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. To exercise this right, if applicable, you or your authorized representative may submit a request to privacy@aptible.com. If you have any questions, please contact us at privacy@aptible.com and we will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) business days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.


5. Supplemental Notice for Utah Residents. The Utah Consumer Privacy Act provides Utah residents with the following rights: (i) the right to confirm whether a business is processing personal data concerning the consumer and to access the consumer's personal data; (ii) the right to delete personal data concerning the consumer; (iii) the right to restrict a business’s ability to process sensitive data about the consumer- specifically to opt-out of processing for profiling/ targeted advertising purposes; (iv) the right to request personal information about the consumer be disclosed in a common file format; and (v) the right to request to opt out of the sale of personal information about the consumer to third parties.


6. Supplemental Notice for Virginia Residents. The Consumer Data Protection Act provides Virginia residents with the following rights: (a) the right to confirm whether or not a controller is processing the consumer's personal data and to access such personal data; (b) the right to delete personal data provided by or obtained about the consumer; (c) the right to obtain a copy of the consumer's personal data that the consumer previously provided to the business in a portable and, to the extent technically feasible, readily usable format; (d) the right to opt out of the processing of the personal data for purposes of: (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer; and (vi) the right to restrict a business’s ability to process personal information about the consumer, specifically to opt-out of processing for profiling/targeted advertising purposes.


Disclosure for Colorado, Virginia, Utah, and Connecticut Consumers: Unless specifically stated, we do not sell or share PII to third parties for their own use. However, we may share or process one or more of the above categories of personal information with our Partners in arrangements for purposes of targeted advertising, as the terms “sell,” “share,” “process,” and “targeted advertising” are defined in the CPA, VCDPA, UCPA, and CTDPA. In these arrangements, use of the information we share is limited by policies, contracts or similar restrictions.


Cross-border Data Transfers, EU-US, UK, and Swiss Data Privacy Framework Compliance


Aptible complies with the Data Privacy Framework as set forth by the U.S. Department of Commerce and has certified to the U.S. Department of Commerce that it adheres to the DPF principles. For transfers of personal data from the EEA, United Kingdom, or Switzerland to the United States, Aptible agrees to process such personal data in accordance with the DPF and to maintain its certification of compliance with the DPF during the term of the Agreement. Aptible will provide prompt notice to the Customer if it withdraws from the DPF. If the DPF is invalidated as a lawful transfer mechanism of personal data to the United States, or if a transfer of personal data from the EEA, United Kingdom, or Switzerland is to a territory that has not been recognized by the relevant data protection authorities as providing an adequate level of protection for Personal Data according to Data Protection Laws and Regulations, Aptible agrees to process such Personal Data in compliance with the Standard Contractual Clauses as detailed in the Data Processing Addendum  


To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.


Accountability


Aptible's responsibility for personal data it receives in the United States and then passes to a third party is outlined in the Data Privacy Frameworks Principles. Specifically, Aptible is accountable and liable according to these Principles if its third-party agents process the personal data in a way that contradicts the Principles, unless Aptible can demonstrate that it was not at fault for the incident causing the harm.


Dispute Resolution


Where a privacy complaint or dispute cannot be resolved through our internal processes, we have agreed to participate in the Data Privacy Framework (DPF) Dispute Resolution Procedure.


Subject to the terms of the VeraSafe Data Privacy Framework (DPF) Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework (DPF) Dispute Resolution Procedure, please submit the required information here: Submit a Dispute Concerning a VeraSafe Participant


Binding Arbitration


If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Data Protection Framework’s  “Recourse, Enforcement and Liability Principle” and Annex I of the Data Protection Framework.


U.S. Regulatory Oversight


Aptible is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.


Information for International Users


The core Aptible Deploy and Aptible Comply APIs are hosted in the United States. You may choose to run Deploy stacks in non-U.S. regions, such as the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law. Please note that when you use the core Deploy and Comply APIs, you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.


Changes to this Privacy Statement


We may change this Privacy Statement from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Statement, and, in some cases, where appropriate, we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification). Your continued use of our Services after the revised Statement has become effective indicates that you have read, understood, and agreed to the current version of this Statement.


Contact Information


Please contact us with any questions or comments about this Statement, your personal information, our use and disclosure practices, exercising your rights regarding your data, to opt out of sharing your Personal Data, or your consent choices by email at privacy@aptible.com.


Our Data Protection Officer(DPO) is:


Mat Steinlin


privacy@aptible.com


European Union Representative


Aptible has appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data.


To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.


Alternatively, VeraSafe can be contacted at:


VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland


VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
The Netherlands


VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1, 11002
Czech Republic

548 Market St #75826 San Francisco, CA 94104

© 2024. All rights reserved. Privacy Policy

548 Market St #75826 San Francisco, CA 94104

© 2024. All rights reserved. Privacy Policy

548 Market St #75826 San Francisco, CA 94104

© 2024. All rights reserved. Privacy Policy

548 Market St #75826 San Francisco, CA 94104

© 2024. All rights reserved. Privacy Policy