Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains how Apex Reserve Group, LLC ("Apex," "we," "us") collects, uses, and protects your information when you use Apex Reserve Studio (the "Service"). We collect only what we need to run the Service, and we never sell your personal information.

01Information we collect

We collect three categories of information.

Information you provide directly

• Account information — your name, email address, firm name, and role.
• Reserve study data — property details, components, financials, projects, and other study content. This is your data; you own it.
• Brand assets — the logo, firm name, and color preferences you upload for PDF reports.
• Communications — emails or messages you send us about support, sales, or feedback.

Information collected automatically

• Usage data — pages visited, features used, timestamps. We use this to improve the product.
• Device information — browser type, IP address, operating system.
• Session cookies — a single signed cookie that keeps you logged in. We do not use tracking cookies.

Information from third parties

• Billing information — your name, billing address, the last four digits of your card, and your billing history (from Stripe). We never see or store your full card number.
• Email delivery status — bounces, deliverability metrics (from our email provider).

What we do not collect

We do not collect Social Security numbers, full bank account numbers, full credit card numbers, government-issued ID, or any health-information data regulated by HIPAA.

02How we use your information

• To provide and operate the Service — running your reserve studies, storing your data, generating PDFs.
• To process payments (through Stripe).
• To respond to your support and sales requests.
• To send service emails — account updates, billing reminders, security alerts.
• To improve the product, using anonymized aggregated data.
• To comply with applicable law and protect against fraud or misuse.

We do not use your data to train any AI models, sell to third parties, or for advertising.

03Sub-processors we share data with

To run the Service, we rely on a small set of service providers. Each is contractually required to handle your data securely and use it only to deliver services to us.

• Stripe, Inc. (payment processing) — billing information, transaction history.
• Supabase, Inc. (database hosting and authentication) — your account data and reserve study content, encrypted at rest.
• Vercel, Inc. (web hosting) — server logs and request metadata.
• Resend (transactional email) — recipient email addresses and message content.

We do not share your data with marketers, data brokers, advertisers, or social platforms.

04How long we keep your data

• While your account is active — we keep your data for as long as you use the Service.
• After cancellation — your data remains available for 90 days so you can reactivate without loss, then it is deleted.
• Billing records — kept for 7 years after cancellation, as required for tax and accounting purposes.
• Earlier deletion — available on request. Email privacy@apexreservestudio.com.

05Your rights

You have the right to:

• Access — request a copy of the data we hold about you.
• Correct — fix any inaccurate data.
• Delete — request earlier deletion of your account and data.
• Export — download your reserve studies and component data at any time.
• Object — opt out of certain uses, such as aggregated usage analysis.

Email privacy@apexreservestudio.com to exercise any of these rights. We respond within 30 days.

California residents have additional rights under the CCPA and CPRA, including the right to know what categories of personal information we collect and the right to opt out of any "sale" of personal information. We do not sell personal information.

Residents of the European Union and the United Kingdom have rights under the GDPR, including the right to lodge a complaint with their local data protection authority.

06Security

We follow industry-standard practices to protect your data.

• All connections to the Service use HTTPS (TLS encryption).
• Your data is encrypted at rest by our database provider.
• Each firm's data is logically isolated at the database level — other firms on the platform cannot access your data.
• Access to production systems is restricted to authorized personnel and logged for audit purposes.
• Optional support-access toggle: you control whether Apex support staff can view your firm for troubleshooting. It is off by default and auto-expires after 24 hours.

No system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify you in accordance with applicable law.

07Cookies

We use a single cookie — a signed session cookie — to keep you logged in. We do not use tracking cookies, advertising cookies, analytics pixels, or third-party tracking scripts inside the application.

The public marketing pages may load fonts from Google Fonts. No personal data is sent to Google; only standard browser request metadata.

08Children's data

The Service is built for professional reserve specialists and is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

09International data transfers

Apex Reserve Group, LLC is based in the United States, and our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

10Changes to this Privacy Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes, we will notify active users by email at least 30 days before the change takes effect.