Privacy Policy

Last updated: May 2026

This Privacy Policy explains how ApexSpark (“we”, “us”) collects, uses, shares and protects your personal data when you use our marketing site (apexspark.co.uk) and the ApexSpark Electrical Contractor Platform (the “Service”). It is written to comply with the UK GDPR and the Data Protection Act 2018.

Who we are

ApexSpark is the data controller for the personal data we collect about you directly — for example, when you sign up, contact us, or use the Service. For data that you upload into the Service about your customers, engineers and jobs, you are the data controller and we act as your data processor under our Terms and Conditions.

Contact us about anything in this policy at hello@apexgo.co.uk.

What we collect

• Account information: your name, work email address, company name and subdomain when you sign up.
• Billing information: subscription tier, billing email, and a Stripe customer ID. We do not see or store your full card number.
• Communications: any messages you send us by email or in-app, and our replies.
• Usage data: IP address, browser type, pages visited, time of access and similar technical information — collected from server logs and used to keep the Service secure and reliable.
• Cookies and local storage: see our Cookie Policy.
• Customer data: anything you choose to put into the Service — jobs, plots, certificates, materials, customer details, photos, signatures. You control this data; we process it on your behalf.

Why we use it (lawful basis)

• Contract performance — to provide the Service to you, take payment, send transactional emails (account verification, receipts, password resets, in-app notifications).
• Legitimate interests — to keep the Service secure, prevent fraud, improve features, diagnose technical issues, and to occasionally contact existing customers about product changes or related services.
• Legal obligation — to keep accounting records, respond to lawful requests from authorities, and to fulfil our obligations as a data controller and processor.
• Consent — for any marketing emails to prospects who are not existing customers, and for non-essential cookies. You can withdraw consent at any time.

Who we share data with

We use a small number of third-party processors to deliver the Service. Each is bound by a data processing agreement and reasonable security obligations.

• Stripe, Inc. — processes subscription payments and stores billing information. Stripe is based in the United States and is certified under the EU–US Data Privacy Framework and equivalent UK arrangements. See stripe.com/privacy.
• Resend — sends transactional emails (signup confirmations, password resets, in-app notifications). Resend processes the recipient address and message contents only to deliver email.
• Our hosting provider — runs the servers that host the Service. Data is stored on infrastructure located in the United Kingdom and the European Union.

We do not sell personal data to third parties and we do not use customer data to train AI models.

International transfers

Some processors (notably Stripe) may transfer personal data outside the UK. Where they do, we rely on recognised safeguards such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses, and certifications under the UK-US Data Bridge.

How long we keep it

• Account and customer data — for as long as your account is active, plus a short grace period after cancellation so you can export.
• Billing records — for at least 7 years, as required by UK tax law.
• Server logs — up to 90 days for security and diagnostics.
• Marketing contact data — until you unsubscribe or ask us to delete it.

Your rights

Under UK GDPR you have the right to:

• Access a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your personal data, subject to legal retention obligations.
• Portability — receive your data in a structured, machine-readable format and transfer it to another service.
• Restriction — ask us to limit how we use your data while we resolve a query.
• Object to processing based on legitimate interests, including direct marketing.
• Withdraw consent at any time where we rely on consent.

Send any rights request to hello@apexgo.co.uk. We will respond within one month, in line with UK GDPR timelines.

Cookies

We use a small number of strictly necessary cookies to keep you signed in, plus local storage for non-essential UI preferences like the in-app tour completion state. Full detail is in our Cookie Policy.

Children

The Service is intended for use by adult electrical contractors and their employees. It is not directed at children under 18, and we do not knowingly collect data about children. If you believe a child has provided us with personal data, please contact us so we can delete it.

Security

We take reasonable technical and organisational measures to protect personal data, including encryption in transit (HTTPS), access controls, password hashing, regular backups, and a least-privilege approach to administrative access. No system is perfectly secure; we will notify you and the ICO of any qualifying personal data breach within the timeframes set out in law.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email and by an in-app notice. The “Last updated” date at the top will always reflect the current version.

How to complain

If you are unhappy with how we have handled your personal data, please contact us first — we will do our best to put it right. You also have the right to lodge a complaint with the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint.

Contact

Email: hello@apexgo.co.uk. Please mark any data-protection enquiries “Privacy” in the subject line so we can route them quickly.