Smarter is here. Catch a first look at newCustomer AI
Sign up
Get a demo
Log in

PRIVACY POLICY

Last Updated: 05 December 2025

This Privacy Policy (“Policy”) describes how Apex Accelerator (“Apex Accelerator,” “we,” “us,” or “our”), the operator of the newCustomer.io platform (“newCustomer.io,” the “Platform,” or the “Service”), collects, uses, discloses, transfers, and protects personal information.

We are committed to protecting your privacy and complying with applicable privacy, security, and data protection laws in the United States and internationally, including:

  • U.S. Federal Trade Commission (FTC) Act

  • California Consumer Privacy Act (CCPA/CPRA)

  • Colorado CPA

  • Connecticut CTDPA

  • Utah UCPA

  • Virginia VCDPA

  • EU General Data Protection Regulation (GDPR)

  • UK GDPR

  • Swiss nFADP

  • EU–U.S. Data Privacy Framework (DPF)

  • UK Extension to the DPF

  • Swiss–U.S. DPF

By using https://www.newcustomer.io (“Website”) or any functionality of the Platform, you acknowledge that you have read and understood this Policy.

1. ABOUT APEX ACCELERATOR AND THIS POLICY

1.1 Who We Are

Apex Accelerator is a Wyoming-based company with its principal place of business at:

1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
United States

Apex Accelerator owns and operates the newCustomer.io Platform, a software-as-a-service (SaaS) system providing CRM, marketing automation, communications tools, and related capabilities to businesses.

1.2 Scope of This Policy

This Policy applies to all information collected from:

  • Users of the Platform

  • Visitors to the Website

  • Customers and prospective customers

  • Individuals who interact with our communications

  • Individuals whose information is processed by customers using the Platform

1.3 Data Controller and Data Processor Roles

Depending on context:

  • Apex Accelerator acts as a Data Controller for Personal Information collected directly through the Platform, Website, marketing operations, account registration, and support interactions.

  • Apex Accelerator acts as a Data Processor when our customers upload, store, or manage Personal Information through newCustomer.io (e.g., CRM contacts, leads, clients).

Customers act as Data Controllers for data they upload into newCustomer.io.

2. DEFINITIONS

For clarity and legal precision, the following definitions apply:

2.1 “Personal Information” / “Personal Data”

Any information relating to an identifiable individual, such as:

  • Name

  • Email address

  • Phone number

  • Identification numbers

  • Online identifiers (IP, device IDs)

  • Billing information

  • Geolocation (approximate)

  • Account credentials

  • User-generated content

  • Data uploaded by customers into the Platform

2.2 “Sensitive Personal Information”

Includes data revealing:

  • Health information

  • Biometric identifiers

  • Precise geolocation

  • Financial account access data

  • Government-issued identification

  • Racial or ethnic origin

  • Religious or philosophical beliefs

Apex Accelerator does not intentionally collect Sensitive Personal Information unless required for specific product functions and only with explicit consent.

2.3 “Processing”

Any operation performed on Personal Information, including:

  • Collection

  • Storage

  • Retrieval

  • Transmission

  • Analysis

  • Deletion

2.4 “Customer Data”

Data uploaded, transmitted, collected, or stored by customers or their end-users through the Platform.

2.5 “Cookies”

Small text files stored on devices to enable session management, analytics, and personalization.

2.6 “Sub-processors”

Third-party service providers engaged by Apex Accelerator to support operation of the Platform.

2.7 “DPF”

Data Privacy Framework, governing international transfers from the EU, UK, and Switzerland to the U.S.

3. INFORMATION WE COLLECT

We collect information in the following categories:

3.1 Information You Provide Directly

A. Account Registration

To create an account, we may collect:

  • Name, email address, phone number

  • Business name and contact details

  • Account credentials

  • Billing or payment information (processed via secure third-party providers)

B. Communications

When you contact us, we may collect:

  • Messages, ticket details, attachments

  • Email headers, metadata

  • Phone call logs or transcripts (for support purposes)

C. Form Submissions

You may provide information through:

  • Demo requests

  • Contact forms

  • Surveys

  • Event registrations

  • API integrations

D. Customer Content

Customers may upload Personal Information into the Platform, such as:

  • CRM contacts

  • Lead forms

  • Customer lists

  • Phone call records

  • SMS messages

  • Appointment data

  • Notes and tags

Customers are responsible for ensuring lawful collection of such data.

3.2 Information Collected Automatically

We automatically collect information when you access the Platform, including:

A. Device Information

  • Device type (mobile, tablet, computer)

  • Operating system

  • Browser type and version

  • Screen resolution

B. Usage Data

  • IP address

  • Access times and dates

  • Session duration

  • Feature usage

  • Clickstream data

C. Cookies and Similar Technologies

Used for:

  • Authentication

  • Session tracking

  • Remembering user preferences

  • Analytics (e.g., Google Analytics)

  • Advertising (where allowed)

Details are provided in the Cookies Policy.

3.3 Information from Third Parties

We may receive Personal Information from:

A. Integration Partners

If you connect third-party tools (e.g., Google, Facebook, Stripe, Twilio), those services may share data according to their own policies.

B. Marketing and Advertising Partners

Such as:

  • Analytics providers

  • Data enrichment tools

  • Advertising networks

  • Retargeting platforms

C. Publicly Available Databases

Including business directories or social network details.

D. Customers Using the Platform

If your information was uploaded by a customer, that customer is the Data Controller.

4. PURPOSES FOR PROCESSING PERSONAL INFORMATION

Apex Accelerator processes Personal Information for the following purposes:

4.1 To Provide the Platform

Including:

  • Creating and managing user accounts

  • Enabling CRM, marketing automation, communications

  • Processing payments and subscriptions

  • Providing customer dashboards

  • Sending service-related notifications

4.2 To Improve the Platform

Including:

  • Testing and debugging

  • Developing new features

  • Conducting statistical analysis

  • Performing data modelling

  • Monitoring system performance

4.3 Communications and Support

We use Personal Information to:

  • Respond to inquiries

  • Provide onboarding or training

  • Send account updates

  • Resolve technical issues

4.4 Marketing and Advertising

Where permitted by law, we may:

  • Send newsletters

  • Provide promotional material

  • Show personalized ads

  • Segment audiences for relevance

You may opt out at any time.

4.5 Legal and Security Purposes

Including:

  • Fraud detection

  • Preventing misuse of the Platform

  • Compliance with legal obligations

  • Responding to government requests

  • Enforcing Terms of Service

5. LEGAL BASES FOR PROCESSING (GDPR/UK GDPR)

For users in the EEA, UK, and Switzerland, Apex Accelerator relies on the following legal bases:

5.1 Consent

Used for:

  • Marketing emails

  • Optional cookies

  • Voluntary form submissions

  • Certain integrations

5.2 Contract Performance

Processing required to:

  • Provide the Platform

  • Authenticate users

  • Deliver purchased features

  • Manage subscriptions

5.3 Legitimate Interests

Processing necessary for:

  • Platform security

  • Fraud prevention

  • Analytics and improvement

  • Internal administrative purposes

We balance these interests with your rights.

5.4 Legal Obligations

We may process data to comply with:

  • Tax rules

  • Government requests

  • Regulatory requirements

6. DATA RETENTION

We retain Personal Information only as long as necessary for the purposes described in this Policy or mandated by law.

Typical retention periods:

Data TypeRetention Period
Account dataFor the duration of the account + 2 years
CRM/customer dataDetermined by the customer (controller)
Marketing emailsUntil consent withdrawal or inactivity (24 months)
Logs & analytics12–24 months
Billing data7 years (legal obligation)
Backup data30–90 days

We may retain anonymized information indefinitely.

7. HOW WE SHARE PERSONAL INFORMATION

Apex Accelerator may share Personal Information with:

7.1 Service Providers / Sub-processors

Examples include:

  • Hosting providers

  • Payment processors

  • SMS/email delivery partners

  • Data analytics tools

  • Customer support systems

  • Telephony providers

All sub-processors are contractually required to:

  • Protect Personal Information

  • Limit use to authorized purposes

  • Comply with security standards

7.2 Business Partners

For:

  • Co-marketing

  • Joint events

  • Integration support

  • Research collaborations

Users may be provided additional terms when participating.

7.3 Advertising Partners

Only where legally permitted, including:

  • Ad measurement

  • Personalization

  • Retargeting

Apex Accelerator does not sell Personal Information for monetary value.

7.4 Corporate Transactions

In the event of:

  • Merger

  • Acquisition

  • Sale of assets

  • Bankruptcy

Personal Information may be transferred.

7.5 Legal and Compliance

We may disclose information to:

  • Government authorities

  • Law enforcement

  • Courts

  • Regulatory bodies

Only where legally required or necessary to protect rights.

 

8. INTERNATIONAL DATA TRANSFERS

Apex Accelerator is based in the United States and may transfer Personal Information to:

  • The United States

  • Countries within the European Economic Area (EEA)

  • The United Kingdom

  • Switzerland

  • Other jurisdictions where sub-processors operate

We take steps to ensure such transfers comply with applicable laws, including:

8.1 Data Privacy Framework (DPF) Participation

Apex Accelerator participates in:

  • EU–U.S. Data Privacy Framework (EU–U.S. DPF)

  • UK Extension to the EU–U.S. DPF

  • Swiss–U.S. Data Privacy Framework (Swiss–U.S. DPF)

We commit to the following DPF Principles:

  • Notice

  • Choice

  • Accountability for onward transfer

  • Security

  • Data integrity and purpose limitation

  • Access

  • Recourse, enforcement, and liability

Our compliance with the DPF is subject to oversight by the U.S. Federal Trade Commission (FTC).

More information about the DPF is available at:
https://www.dataprivacyframework.gov/

8.2 Onward Transfers to Third Parties

When we transfer Personal Information to third parties (sub-processors or partners), we ensure they:

  • Maintain equivalent privacy protections

  • Process information only for authorized purposes

  • Enter into legally required contractual obligations

  • Provide adequate security measures

8.3 Transfers Based on Other Mechanisms (Non-DPF Countries)

For data originating in regions not covered by the DPF, transfers may rely on:

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Addendum (IDTA)

  • Swiss contractual clauses

  • Appropriate safeguards as permitted by law

  • Explicit consent

9. SECURITY MEASURES

We implement industry-standard administrative, organizational, and technical safeguards to protect Personal Information.

These measures include:

9.1 Administrative Safeguards

  • Employee confidentiality agreements

  • Limited access to Personal Information on a need-to-know basis

  • Regular privacy and security training

  • Vendor risk management

9.2 Technical Safeguards

  • Encryption in transit (TLS)

  • Encryption at rest for key components

  • Access controls and authentication

  • Network firewalls

  • Secure API design

  • Multi-factor authentication (MFA) options

  • Intrusion detection and prevention systems

9.3 Organizational Safeguards

  • Formal security policies

  • Business continuity and disaster recovery plans

  • Regular penetration testing

  • System monitoring and auditing

  • Data minimization procedures

No method of transmission over the internet is 100% secure. You must also take precautions to protect your account (e.g., using strong passwords).

10. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have rights regarding your Personal Information.

10.1 U.S. STATE PRIVACY RIGHTS

California Privacy Rights (CCPA/CPRA)

California residents may have rights to:

  • Know what Personal Information is collected

  • Access specific pieces of Personal Information

  • Correct inaccurate information

  • Delete Personal Information

  • Opt out of sale or sharing of Personal Information

  • Limit use of sensitive Personal Information

  • Be free from retaliation

Apex Accelerator does not sell Personal Information for monetary compensation.

Requests may be submitted using the contact details in Section 16.

Colorado, Connecticut, Utah, and Virginia

Residents may have similar rights to:

  • Access

  • Correction

  • Deletion

  • Opt out of targeted advertising

  • Opt out of certain profiling

  • Appeal denied requests

We will respond to these requests as required by applicable laws.

10.2 EUROPEAN PRIVACY RIGHTS (GDPR & UK GDPR)

Users in the European Economic Area (EEA), United Kingdom, and Switzerland may exercise the following rights:

Right of Access

Request confirmation about whether we process your Personal Information and obtain a copy.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten”)

Request deletion of Personal Information, subject to legal exceptions.

Right to Restrict Processing

Request limited use of your data under certain conditions.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to:

  • Processing based on legitimate interests

  • Direct marketing

Right to Withdraw Consent

You may withdraw consent at any time.

Right to Lodge a Complaint

With your local Data Protection Authority.

Article 27 Representatives

For the EU and UK:
Apex Accelerator’s GDPR Representative is:

Ads and Ventures – Europe OÜ
Narva maantee 5
Tallinn 10117
Estonia
Email: [Insert Representative Contact Email]

11. CUSTOMER DATA PROCESSED VIA THE PLATFORM

11.1 Customer as Data Controller

When customers use newCustomer.io to store or manage Personal Information (e.g., CRM contacts, leads), the customer is the Data Controller.

Apex Accelerator:

  • Acts strictly as a Data Processor

  • Processes Customer Data only according to customer instructions

  • Does not use Customer Data for its own purposes

  • Implements appropriate technical and organizational safeguards

11.2 Data Processing Agreement (DPA)

A DPA is available for customers who require it for GDPR, UK GDPR, nFADP, or similar frameworks.

11.3 Customer Responsibilities

Customers are responsible for:

  • Obtaining valid consent

  • Lawful collection of Personal Information

  • Providing required notices

  • Managing consumer rights requests

  • Ensuring uploads comply with privacy and marketing laws

11.4 Prohibited Use of Sensitive Personal Information

Customers may not upload:

  • Health data (unless compliant)

  • Government identifiers

  • Biometric data

  • Special category data without appropriate legal basis

11.5 Data Deletion

Upon:

  • Customer request

  • Subscription expiration

  • Account closure

We delete or securely anonymize Customer Data per retention schedules.

12. USE OF COOKIES AND SIMILAR TECHNOLOGIES

newCustomer.io uses cookies for:

12.1 Essential Cookies

Required for:

  • Login

  • Authentication

  • Session management

12.2 Performance and Analytics Cookies

Used to:

  • Improve user experience

  • Analyze usage trends

  • Measure engagement

Examples: Google Analytics, server logs.

12.3 Advertising Cookies

Where permitted, used for:

  • Personalization

  • Retargeting

  • Attribution

Users may adjust cookie preferences via browser settings or cookie banners where required.

For more details, see the Cookies Policy.

13. THIRD-PARTY INTEGRATIONS

The Platform allows integrations with third-party services such as:

  • Google

  • Facebook / Meta

  • Stripe

  • Twilio

  • Zoom

  • YouTube

  • Email marketing platforms

  • Calendar and scheduling tools

13.1 YouTube API Services

If you connect YouTube:

13.2 Third-Party Responsibility

Apex Accelerator is not responsible for:

  • Third-party privacy practices

  • Data handling outside newCustomer.io

  • Information disclosed directly to third parties by the user

14. AUTOMATED DECISION-MAKING

We may use automated systems for:

  • Spam detection

  • Fraud prevention

  • Marketing segmentation

  • Contact scoring

We do not use automated decision-making that results in legal or similarly significant effects without human oversight.

15. BEHAVIORAL ADVERTISING AND ANALYTICS

15.1 Analytics Providers

We use tools such as:

  • Google Analytics

  • Mixpanel

  • Server-side metrics

  • Aggregated product analytics

15.2 Advertising Platforms

If permitted by law, we may share hashed or anonymized identifiers with:

  • Meta (Facebook)

  • Google Ads

  • LinkedIn

  • Other ad networks

15.3 Opt-Out Options

Users can:

  • Adjust cookie settings

  • Use browser privacy tools

  • Submit do-not-share requests (where required by law)

16. HOW TO EXERCISE YOUR RIGHTS

You may submit privacy requests in the following ways:

Email: privacy@newcustomer.io

Mail:

Apex Accelerator – Privacy Department
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
United States

We may request verification of identity before responding.

Response Timeframes:

  • 45 days for U.S. state privacy laws

  • 30 days for GDPR/UK GDPR (extensions possible)

Appeals:

Where legally required (e.g., Colorado, Virginia), you may appeal a denied request.

 

17. DATA PRIVACY FRAMEWORK (DPF) — RECOURSE, ENFORCEMENT & LIABILITY

Apex Accelerator complies with:

  • EU–U.S. Data Privacy Framework (DPF)

  • UK Extension to the EU–U.S. DPF

  • Swiss–U.S. Data Privacy Framework (Swiss–U.S. DPF)

17.1 Verification & Compliance

We:

  • Conduct periodic internal compliance assessments

  • Maintain appropriate safeguards for Personal Information

  • Ensure onward transfers meet DPF requirements

  • Maintain accountability for all sub-processors

17.2 Complaint Resolution Process

Individuals from the EU, UK, or Switzerland may submit privacy complaints to:

privacy@newcustomer.io

We will respond within 45 days.

If unresolved, you may seek free independent dispute resolution via:

JAMS Mediation & Arbitration

https://www.jamsadr.com/eu-us-data-privacy-framework

17.3 Binding Arbitration

If disputes cannot be resolved through JAMS, and meet the DPF criteria, individuals may invoke binding arbitration through the DPF Panel.

17.4 Onward Transfer Liability

When Personal Information is transferred to a third party, Apex Accelerator remains liable under the DPF unless:

  • Apex Accelerator proves it is not responsible for the event giving rise to the damage

  • The third party meets DPF equivalent standards

17.5 Enforcement

Apex Accelerator is subject to oversight by the U.S. Federal Trade Commission (FTC) regarding DPF compliance.

18. RETENTION, DELETION, AND ANONYMIZATION POLICIES

We follow strict retention schedules designed to meet:

  • Legal requirements

  • Security best practices

  • Business operational needs

18.1 Standard Retention Schedule

Data CategoryRetention PeriodNotes
Account & profile dataFor duration of account + 2 yearsDeleted after closure unless needed for compliance
Customer Data (CRM, contacts, messages)Controlled by customerDeleted upon customer instruction
Payment & billing records7 yearsRequired by IRS & financial laws
Analytics & logs12–24 monthsAggregated or anonymized thereafter
Backups30–90 daysAutomatically cycled
Marketing communicationsUntil opt-out or 24 months of inactivityRetained only with consent
Contractual records7–10 yearsLegal protection

18.2 Anonymization

Once data is anonymized:

  • It is no longer considered Personal Information

  • It may be retained indefinitely

  • It may be used for research, analytics, or improving the Platform

18.3 Right to Request Deletion

Users may:

  • Request erasure

  • Request anonymization

  • Request cessation of processing

Based on jurisdictional rights (GDPR, CCPA, etc.).

Some exceptions apply (legal obligations, fraud prevention, billing records).

19. CHILDREN’S PRIVACY

The Platform is not intended for children under 16.

We do not knowingly:

  • Collect

  • Process

  • Store

information from anyone under age 16.

If such data is discovered, it is deleted promptly.

Parents or guardians may contact us to request removal.

20. FINANCIAL INFORMATION & PAYMENT PROCESSING

Apex Accelerator does not store full payment card details.

Payments may be processed by:

  • Stripe

  • Other PCI-DSS compliant processors

We may store:

  • Last 4 digits of the card

  • Billing address

  • Transaction identifiers

These are stored securely and only used for:

  • Fraud prevention

  • Subscription management

  • Compliance with financial regulations

21. TELEPHONY, SMS, AND COMMUNICATIONS DATA

If you use communication features:

21.1 Call Logs & Recordings

We may process:

  • Call duration

  • Numbers dialed

  • Metadata

  • Recordings (if enabled)

Customers must comply with applicable consent recording laws (e.g., two-party consent states, EU directives).

21.2 SMS & Email Data

We may process:

  • Sender & recipient details

  • Message content

  • Delivery status

  • Metadata

Customers are responsible for compliance with:

  • TCPA

  • CAN-SPAM

  • GDPR consent rules

  • Local telemarketing regulations

22. SUB-PROCESSOR DISCLOSURE

Apex Accelerator uses sub-processors for:

  • Hosting and storage

  • Telephony and SMS

  • Email delivery

  • Analytics

  • Customer support

  • Payment processing

  • Security monitoring

A current list of sub-processors will be maintained upon request or posted on our website.

Each sub-processor is required to:

  • Sign data protection agreements

  • Implement adequate security measures

  • Limit processing to authorized purposes

23. DATA BREACH RESPONSE

Apex Accelerator follows established incident response protocols.

23.1 If a Data Breach Occurs

We will:

  1. Investigate the incident immediately

  2. Contain and mitigate the breach

  3. Assess affected systems and data

  4. Notify affected parties when required by law

  5. Inform applicable regulators (where required)

  6. Take corrective measures to prevent recurrence

23.2 Notification Timeframes

  • GDPR: without undue delay, within 72 hours when required

  • U.S. state laws: as required (varies by jurisdiction)

  • DPF: consistent with Principles

24. DO-NOT-TRACK SIGNALS (DNT)

The Platform does not currently respond to DNT signals because:

  • No uniform industry standard exists

  • DNT lacks consistent legal definition

Users may still manage tracking preferences via cookie banners or browser settings.

25. AUTOMATED DECISION-MAKING (DETAILED)

Apex Accelerator may use automated systems for:

  • Fraud detection

  • Abuse prevention

  • Communications routing

  • Attribution modeling

  • Audience segmentation

What We Do NOT Do

We do NOT engage in:

  • Automated decisions with legal effects

  • Automated hiring, credit, or lending assessments

  • Automated eligibility decisions

Human oversight is always available.

26. POLICY UPDATES (VERSIONING & CHANGE CONTROL)

We may update this Policy from time to time to reflect:

  • Changes in law

  • Platform enhancements

  • New integrations

  • Updated security standards

26.1 How We Notify Users

We may notify you via:

  • Email

  • Dashboard notices

  • Posting a revised version with updated “Last Updated” date

26.2 Continued Use Constitutes Acceptance

By continuing to use the Platform after updates, you accept the revised Policy.

27. DISPUTE RESOLUTION & GOVERNING LAW

27.1 Governing Law

This Policy is governed by the laws of the State of Wyoming, excluding conflict-of-law rules, and applicable federal laws of the United States.

27.2 Arbitration Clause

Except where prohibited, disputes will be resolved via binding arbitration, unless:

  • The matter falls under DPF arbitration rules

  • Another method is required for GDPR data subjects

  • A different mechanism is agreed by both parties

27.3 Venue

For matters requiring litigation (rare), venue is:

Sheridan County, Wyoming, USA.

28. CONTACT INFORMATION

📩 General Privacy Inquiries

privacy@newcustomer.io

📬 Mailing Address

Apex Accelerator
ATTN: Privacy Department
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
United States

🇪🇺 GDPR & UK GDPR Representative (Article 27)

Ads and Ventures – Europe OÜ
Narva maantee 5
10117 Tallinn
Estonia
Email: support@adsadnventures.com

🛡️ DPF Complaint Resolution

If your concern is unresolved, EU, UK, and Swiss individuals may contact:

JAMS Mediation, Arbitration & ADR Services
https://www.jamsadr.com/eu-us-data-privacy-framework

29. FINAL STATEMENT

This Privacy Policy provides a comprehensive explanation of how Apex Accelerator processes Personal Information through the newCustomer.io Platform. By using the Platform, you acknowledge and agree to the terms described herein.