Apex Vision AI LLC — Privacy Policy
Effective Date: June 29, 2025 | Last Revised: December 3, 2025
Apex Vision AI LLC (“Apex Vision AI,” “we,” “our,” or “us“) respects your privacy and is committed to transparency. This Policy explains what we collect, why we collect it, how we protect it, and what choices you have. Capitalised terms not defined here have the meanings given in our Terms of Service.
Scope
This Policy applies to:
App
“Apex AI” iOS mobile application (available on the Apple App Store)
Extension
“AI Homework Helper – Apex Vision AI” Chrome Extension
APIs & Services
APIs & related services (collectively, the “Services”)
It does not apply to third-party sites or services you may access through links or integrations.
Data We Collect & Why
| Category | Examples | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Account Data | Name, email, hashed password, subscription tier | Create & manage account; support; invoices | Contract (Art 6 §1 b) |
| Payment Data | Last 4 card digits, payout tokens, transaction IDs (stored by Stripe/PayPal/Apple) | Process purchases & refunds; detect fraud | Contract; Legal obligation |
| Camera & Photo Library (iOS App) | Images captured via camera or selected from photo library | Analyze homework questions from photos; images are processed transiently and not stored | Consent (Art 6 §1 a) |
| Usage Data | IP (truncated), browser & OS, app/extension version, hashed prompt IDs, token counts | Rate-limiting; analytics; improve features | Legitimate interest (Art 6 §1 f) |
| Support Data | Emails, chat logs, error reports | Troubleshoot, answer questions | Legitimate interest |
| Cookies / Local Storage | Session JWT, cookie-banner flag, UI prefs | Keep you logged-in; remember settings | Consent (Art 6 §1 a) |
2.1 Transient Prompt & Answer Data
- Processed in memory only — Pasted questions and AI responses are discarded immediately after delivery.
- What we keep — An irreversible SHA-256 hash of the prompt + minimal metadata (timestamp, token count, user ID) for abuse detection and quota enforcement.
How We Use Data
- Operate & secure the Services.
- Improve models, UI, and infrastructure.
- Communicate—account notices, product updates, support replies.
- Comply with law—court orders, tax regulations, DMCA takedown requests.
- Enforce Terms—investigate fraud or academic-integrity violations.
We do not sell your personal data and we do not use it for credit decisions.
Sharing & Disclosure
| Recipient | Reason | Safeguards |
|---|---|---|
| Apple (App Store) | In-app purchase processing for iOS subscriptions | Apple’s App Store terms; we do not receive full payment card details |
| Stripe, PayPal | Billing & refunds (web/extension) | PCI-DSS compliance; tokenised cards |
| Google Cloud & Vercel | Secure hosting, backups | SOC 2 & ISO 27001; SCCs |
| OpenAI | LLM inference | Data-processing addendum; no training on prompts |
| Sentry, Plausible Analytics | Error logging & analytics | IP truncation; pseudonymised IDs |
| Authorities / litigants | Where required by law or to protect rights (e.g., DMCA) | Verified requests only |
We sign EU Standard Contractual Clauses (SCCs) or UK IDTA with all non-U.S. processors.
International Transfers
Apex Vision AI operates from the United States. For EEA/UK users, personal data is transferred under SCCs or the UK IDTA, plus encryption in transit and at rest.
Security
- TLS 1.3 encryption in transit
- AES-256 encryption at rest (hashed where feasible)
- Principle-of-least-privilege access controls
- Weekly vulnerability scans & annual penetration test
- 24 / 7 monitoring and alerting
No system is perfectly secure, but we use commercially reasonable safeguards.
Retention
| Data Type | Retention |
|---|---|
| Account & billing records | 2 years (tax & accounting) |
| Usage telemetry | 1 months, then aggregated |
| Support tickets | 2 year after closure |
| Cookies / local storage | Until expiry or user deletion |
You may delete your account at any time; personal data is purged within 30 days unless longer retention is required by law.
Your Rights
| Region | Rights & How to Exercise |
|---|---|
| EEA / UK (GDPR) | Access, rectification, erasure, restriction, portability, objection. Email [email protected]. You may complain to a supervisory authority. |
| California (CCPA/CPRA) | Right to know, delete, correct, and opt-out of “sale” or “sharing” of personal info. |
| Children | We do not knowingly collect data from anyone under 13. Parents may request deletion. |
We respond within 30 days (45 days for CCPA, extendable once).
Cookies & Tracking
- Essential cookies — login, fraud prevention (cannot be disabled).
- Analytics cookies — pseudonymised; banner opt-out available.
- No ad-tracking cookies or cross-site behavioural ads.
- We honour browser Do-Not-Track signals.
Automated Decision-Making
We do not engage in solely automated decisions that produce legal or similarly significant effects.
DMCA & Copyright Logs
If we receive a valid DMCA notice, we forward the minimal hashed identifiers necessary to locate the allegedly infringing prompt, remove it, and log the notice for 6 years as required by 17 U.S.C. §512.
Changes to This Policy
We’ll post changes here and, for material changes, email notify you at least 7 days before they take effect. Continued use after the effective date constitutes acceptance.
Contact
Apex Vision AI LLC
Short version: we minimise data, never sell it, and give you robust GDPR/CCPA rights. Questions? Email us!