Last updated: June 17, 2026
This Privacy Policy explains how Apex Ecommerce Group LLC ("Apex", "we", "us", or "our") collects, uses, shares, and protects personal information when you use the Apex learning platform and mentorship program (the "Service"). It uses the same defined terms as our Terms of Service.
If you do not agree with this Policy, do not use the Service. For privacy questions or to exercise your rights, contact us at admin@apexecommerce.co.
The data controller responsible for your personal information is Apex Ecommerce Group LLC, located at United States. Contact: admin@apexecommerce.co. [IF REQUIRED FOR EU/UK MEMBERS: EU/UK REPRESENTATIVE (GDPR ART. 27) OR DPO DETAILS, PLACEHOLDER.]
We collect the categories of personal information below to provide the Service, secure your account and protect our content, communicate with you, and comply with law. We do not sell your personal information and do not "share" it for cross-context behavioral advertising. We retain information as described in Section 7. Details follow.
A. Discord account data (via OAuth login). When you log in with Discord, we receive your Discord ID, username/handle, avatar, and email address, and we verify that you hold the paid "Member" role in the Apex Discord server.
B. Identity and recovery data (optional). We may collect and verify an email address and a phone number (via an SMS one-time code) for account recovery, security, and accountability.
C. Learning and submission data. Watch/progress data (which lessons you've watched and your completion progress), homework files you upload, product-test journal entries and any files you upload to them, and mentor notes and messages exchanged about your submissions.
D. Security and anti-piracy telemetry. IP address, device and browser information, session information, and approximate location. These are personal data. We use them to secure your account, enforce the one-active-session rule, detect abuse, and power the per-user content watermark.
E. Watermark/identity embedded in content. To protect content and make it traceable, your Discord handle/identifier and a timestamp are embedded as a visible watermark into videos while you watch, and identifying information may be stamped onto downloadable resources/images. You acknowledge this when you sign up (see Terms, Section 6). The legal basis for this is in Section 4.
F. Communications. Messages you send us (for example, support requests) and our transactional emails to you.
We do not knowingly collect special-category/sensitive personal data, and you should not submit it in homework or journal entries. Certain data we collect (account log-in credentials and approximate geolocation) may be treated as "sensitive personal information" under some U.S. state laws; we use it only to provide and secure the Service, not to infer characteristics about you (see Section 9).
We use your information for the purposes below. Where the GDPR or UK GDPR applies, the legal basis is shown.
| Purpose | Examples | Legal basis (where GDPR/UK GDPR applies) |
|---|---|---|
| Provide the Service | Authenticate you via Discord, gate access by "Member" role, deliver lessons, store and review homework/journal entries, enable mentor feedback | Performance of a contract; legitimate interests |
| Content protection & traceability (watermark) | Embed your Discord handle/identifier and a timestamp into video playback and stamp downloadable resources so content is licensed to and traceable to you; investigate and act on leaks | Performance of a contract and our legitimate interest in protecting high-value intellectual property and our members; this is a condition of access, not optional consent |
| Account security & anti-piracy | Enforce one active session, detect/prevent fraud, abuse, sharing, and content theft, investigate violations | Legitimate interests (protecting our content, members, and business); legal obligation where applicable |
| Identity verification & recovery | Verified email and SMS one-time codes (transactional only, not marketing) | Performance of a contract; legitimate interests; consent where required |
| Communications | Send transactional emails (e.g., notifications, approvals, security alerts) and respond to support | Performance of a contract; legitimate interests |
| Improve the Service | Understand usage and fix problems | Legitimate interests |
| Legal & compliance | Enforce our Terms, comply with law, and establish/exercise/defend legal claims | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have weighed those interests against your privacy and minimized the data used to what is needed for security, anti-piracy, and providing the Service. You may object to legitimate-interests processing (Section 9), but objecting to processing that is essential to security or access may mean we can no longer safely provide the Service. Where we rely on consent (for example, where SMS verification requires it), you may withdraw it as described in Section 9.
Our anti-piracy and abuse controls (watermark traceability, the one-active-session rule, and security telemetry) help us detect possible violations and can lead to account suspension or termination. A human reviews enforcement decisions that have a significant effect on you, and you may contest a decision and request human review as described in the Terms (Section 13). [CONFIRM whether any termination/suspension is fully automated; if so, GDPR Art. 22 disclosures and a human-review right must be stated explicitly; see lawyer notes.]
We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are used under U.S. state privacy laws. The Service has no advertising network and no public, social, leaderboard, or member-to-member marketplace features. Because we do not sell or share, there is no sale/share to opt out of; we have no obligation to act on opt-out preference signals (such as Global Privacy Control) for that purpose, though we honor applicable rights as described in Section 9.
We share personal information only as needed to run the Service, with the following recipients:
| Provider | Role | Data involved |
|---|---|---|
| Discord | Login/identity and community | Discord ID, username, avatar, email, role/membership |
| Supabase | Database, file storage, and authentication | Account data, progress, homework and journal files, messages, security telemetry |
| VdoCipher | DRM-protected video hosting and per-user watermarking | Your Discord handle/identifier and a timestamp (transmitted so they can be burned into the video you watch), plus playback/session data |
| Vercel | Web/application hosting | Technical and request data needed to serve the app |
| Sentry | Error tracking and performance monitoring | Diagnostic error and performance data, configured to exclude IP addresses and personal data |
| Resend | Transactional email delivery | Email address and message content for notifications |
| [SMS/OTP PROVIDER, PLACEHOLDER] | Phone-number verification via SMS | Phone number and one-time verification messages |
These providers process data on our behalf under agreements that restrict their use of it. We may also disclose information (a) to comply with law, legal process, or government requests; (b) to enforce our Terms and protect our rights, content, members, and safety (including investigating and acting on content theft or account sharing, and supporting takedown notices using the watermark identifier); and (c) in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
We maintain the list of providers above and will update this Policy and provide reasonable notice before adding a new processor or materially changing how an existing one handles your data.
We and our providers (including Supabase, Discord, VdoCipher, Vercel, Resend, and the SMS provider) may process and store your information in countries other than where you live, including the United States. These countries may have data-protection laws different from yours. For transfers out of the EEA, UK, or Switzerland, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (with the UK International Data Transfer Addendum or Swiss equivalent where applicable) and supplementary measures. Contact us for a copy of the relevant safeguards.
Depending on where you live, you may have rights to:
For California residents (CCPA/CPRA) and residents of other U.S. states with similar laws: you have rights to know, access, correct, and delete your personal information, to limit the use of sensitive personal information, and to not receive discriminatory treatment for exercising these rights. For transparency:
As noted in Section 6, we do not sell or "share" personal information for cross-context behavioral advertising.
To exercise any right, contact us at admin@apexecommerce.co. We will verify your request (typically using your Discord identity and/or verified email/phone) and respond within the time required by law. You may use an authorized agent where the law allows.
We keep personal information for as long as your account is active and as needed to provide the Service, and afterward as needed to comply with legal, tax, and accounting obligations, enforce our Terms and resolve disputes, and maintain security records and investigate content theft or abuse. We use the following categories and criteria:
| Data category | Retention approach |
|---|---|
| Account & Discord profile data | For the life of the account, then [X, PLACEHOLDER] after a deletion request |
| Homework/journal files & messages | [X, PLACEHOLDER] |
| Security & anti-piracy telemetry (IP, device, session, approximate location) and leak-investigation records | [X, PLACEHOLDER], retained as needed to investigate and act on abuse |
| Soft-deleted/deactivated records held in a hidden/locked state | No longer than [X, PLACEHOLDER], after which they are anonymized or hard-deleted |
| Backups | Purged on our normal [X-day, PLACEHOLDER] backup cycle |
The Service supports data export and soft-deletion: when an account is deleted or deactivated, we retain certain records in a hidden/locked state (for example, to preserve homework and journal history, prevent account "resurrection," and meet legal and security needs) rather than always hard-deleting immediately, subject to the maximums above. We delete or anonymize personal information when it is no longer needed for these purposes. [CONFIRM SPECIFIC RETENTION PERIODS; see decisions list.]
We use technical and organizational measures designed to protect your information, including private (non-public) file storage with short-lived signed access links, access controls, DRM and per-user watermarking for video content, the one-active-session rule, and server-side permission checks. Staff with access to member data use additional protections such as two-factor authentication. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law (for example, where the GDPR applies, notifying the supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay).
The Service uses only essential cookies and similar local/session storage that are strictly necessary to run it, including:
These are set when you log in and expire on logout or after [SESSION LIFETIME, PLACEHOLDER]. We use no advertising, analytics, or third-party tracking cookies. You can control cookies through your browser settings, but disabling essential storage may prevent the Service from working. [IF ANY NON-ESSENTIAL/ANALYTICS COOKIES ARE ADDED LATER, UPDATE THIS SECTION AND ADD A CONSENT BANNER WHERE REQUIRED.]
The Service is not directed to children under 13, and Discord itself requires users to be at least 13. If you are under 18 (or the age of majority where you live), you may use the Service only with a parent or legal guardian's consent, as described in our Terms. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13 (or under any minimum age required by law), we will hard-delete it (not place it in soft-deletion/retention) and terminate the account. If you believe a child has provided us information, contact us at admin@apexecommerce.co.
We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and provide reasonable notice through the Service or the Discord server. Your continued use of the Service after changes take effect means you accept the updated Policy.
Apex Ecommerce Group LLC United States Email: admin@apexecommerce.co Or reach us through the designated Discord support channel.