Back to HomeApexIQ Logo
Trust Center

Data Processing Addendum (DPA) - Request Page

Last updated: January 20, 2025

ApexIQ ("ApexIQ", "we", "us") supports customer privacy and data protection requirements through contractual and technical controls. For customers who require a Data Processing Addendum ("DPA"), we can provide a DPA for review and signature as part of onboarding or procurement. This page explains when a DPA applies, what it covers, and how to request it.

1. When a DPA Applies

A DPA is typically required when:

ApexIQ processes personal data on behalf of the Customer as part of providing products or services.

The customer is subject to privacy or data protection regulations (e.g., GDPR, UK GDPR, or similar).

The customer's internal security or procurement policy requires a DPA for vendors handling personal data.

In many B2B engagements, the customer acts as the "controller" and ApexIQ acts as a "processor."

2. What Our DPA Covers (High-Level)

Our DPA generally includes:

Roles and responsibilities (controller/processor)
Processing instructions (data is processed only to deliver agreed services)
Confidentiality and security measures (technical and organizational safeguards)
Subprocessors (use of vetted third parties and flow-down obligations)
Data retention and deletion (aligned to contract)
Assistance for data subject requests
Breach notification commitments
Cross-border transfer safeguards

3. Subprocessors & AI Model Providers

ApexIQ may use subprocessors (e.g., cloud hosting and AI model providers) to deliver services. A list is available on the Subprocessors page

For tighter controls, we can support (scope-dependent):

Customer-approved model provider selection

Choose which AI model providers are used for your data

Reduced logging/restricted retention

Configure minimal data logging and retention policies

Dedicated or private environments

Isolated infrastructure for enhanced data separation

On-prem/local deployments

Deploy on your infrastructure where feasible

4. What We Need From You (For DPA Issuance)

To issue the correct DPA version, we typically need:

Customer legal entity name and registered address

Primary contact (legal/procurement)

Product/Services in scope

Deployment type (SaaS / dedicated / driven)

Any region-specific requirements (EU, UK, Middle East, etc.)

Subprocessor restrictions, if any

5. How to Request a DPA

Email Request

Send your DPA request to our legal and compliance team:

Email: contact@apexiq.ai
Subject: DPA Request

Please include:

  • Your company name
  • Product/service you're evaluating
  • Expected go-live timeline
  • Specific compliance requirements (e.g., GDPR, data residency)

Typical turnaround: We aim to provide a DPA draft within 3-5 business days of receiving a complete request. Complex or custom requirements may require additional time.

6. Related Documents

For comprehensive information about our privacy and security practices, please review these related documents:

Privacy Policy
Terms of Service (SaaS / Products)
Security & Trust
Subprocessors

Transparency: ApexIQ is committed to transparency in data processing. Requesting our DPA is the first step in formalizing our mutual data protection obligations. Thank you for your trust in ApexIQ's commitment to security and privacy.