Legal · Last reviewed 2026-06-10
Data Processing Agreement
When you use ApexGEO to monitor and audit your brands, ApexGEO processes personal data on your behalf. This page summarises the roles and terms; a countersigned Data Processing Agreement (DPA) is available on request and is recommended for customers with GDPR or POPIA obligations.
Roles
For data you submit to the platform, you are the data controller and ApexGEO is the data processor. ApexGEO processes that data only to provide the service and only on your documented instructions, as set out in the DPA and the Terms of Service.
What the DPA covers
- Subject matter, duration, nature, and purpose of processing
- Categories of data subjects and personal data
- Confidentiality and security obligations (GDPR Art. 28, 32)
- Use of sub-processors and the right to object to changes
- Assistance with data-subject requests and breach notification
- International transfer mechanisms (SCCs where applicable)
- Deletion or return of personal data at the end of the service
Attribution beacon (visitor data)
If you install our first-party attribution beacon (apex-beacon.js) on your site, ApexGEO processes your visitors' data as your processor — a landing path, referrer host, any UTM tags, and a rotating first-party identifier, with the IP redacted to a /24 (IPv4) or /48 (IPv6) block and never stored raw. The beacon runs only after a visitor consents and honours Do-Not-Track and Global Privacy Control. As the controller for that data, you must disclose it in your own privacy notice and obtain consent; raw hits are deleted after 90 days and on erasure of your account. These terms are covered by the same DPA.
Sub-processors & privacy
The infrastructure and AI providers ApexGEO relies on are listed, with the data each handles, in the Trust Center. How we collect, use, retain, and delete personal data — including retention windows and your deletion rights under GDPR Art. 17 and POPIA s24 — is described in the Privacy Policy.
Request a signed DPA
Email [email protected] (or [email protected]) with your legal entity name and the signatory's details, and we will send our standard DPA for countersignature. We can review reasonable amendments for enterprise agreements.
This page is a summary, not the agreement itself, and does not by itself create a binding DPA. The countersigned DPA governs.