Privacy Policy

Last Updated: June 10, 2025

This Privacy Policy explains how Aptly, Inc. (“Aptly,” “we,” or “us”) collects, uses, shares, and protects personal information in connection with our cloud-based authority management platform and related services (“Services”).

By accessing or using the Services or our website, you agree to the practices described in this Privacy Policy. For customers with a signed Data Processing Agreement (“DPA”), the DPA governs our role as a processor of Customer Personal Data.

1. Scope

This Privacy Policy applies to:

  • Visitors to our website at aptlydone.com
  • Prospective customers and leads
  • Users of the Aptly platform under a subscription agreement

This Policy does not apply to third-party services we do not control, including external websites or third-party integrations used by customers with Aptly.

2. Information We Collect

a. Information you provide to us:

  • Name, email address, and contact details
  • Organization and job title
  • Login credentials and authentication data
  • Customer Content submitted through the Aptly platform
  • Support inquiries and form submissions

b. Information we collect automatically:

  • IP address and device/browser type
  • Usage logs and session activity
  • Audit and access logs
  • Data via cookies and similar technologies (see Section 7)

c. Information from third parties:

  • Identity and provisioning data via SSO or SCIM
  • Payment details via billing processors (e.g., Stripe)

3. How We Use Personal Information

We use personal information to:

  • Provide and operate the Services
  • Support account creation, login, and administration
  • Respond to support and service requests
  • Improve and secure our platform
  • Comply with legal obligations or protect rights and safety

4. Legal Bases (for EEA/UK Residents)

Where required by law, we process personal information based on:

  • Contractual necessity
  • Legitimate business interests
  • Consent (where applicable)
  • Compliance with legal obligations

5. Sharing and Disclosure

We may share personal data with:

  • Authorized subprocessors and infrastructure providers (see our Subprocessor List)
  • Service providers acting on our behalf (e.g., email delivery, analytics)
  • Legal authorities or regulators as required by law

We do not sell or rent your personal information.

6. Data Security

We implement technical and organizational measures appropriate to the risks involved, including:

  • Encryption in transit and at rest
  • Role-based access control (RBAC)
  • Activity logging and monitoring

For more information, please see our Security Policy.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve the functionality, performance, and user experience of our website and Services.

Cookies are small text files stored on your device that help us:

  • Recognize repeat visitors and preferences
  • Analyze how the website and platform are used
  • Measure the effectiveness of our marketing efforts

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. If you choose to disable cookies, some features of the Services may not function as intended.

8. Third-Party Analytics

We use third-party analytics services, such as Google Analytics and Intercom, to understand how visitors use our website and platform. These services may use cookies and similar technologies to collect technical data such as device type, IP address (anonymized where possible), and browsing behavior.

We use this information to:

  • Monitor platform performance
  • Identify usage patterns and improve product functionality
  • Tailor customer support and user experience

Where required by law, we obtain your consent to use non-essential cookies and analytics tracking.

9. International Data Transfers

We may process personal data outside of the jurisdiction where you reside. Where required, we rely on:

  • Standard Contractual Clauses (SCCs)
  • The UK Addendum or other lawful safeguards

Our platform is hosted in Microsoft Azure data centers in the United States and Europe.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access or receive a copy of your data
  • Request correction or deletion
  • Object to or restrict certain processing
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us at [email protected]. We will respond as required by applicable law.

11. Data Retention

We retain personal data only as long as necessary for:

  • The purposes described in this policy
  • Compliance with legal obligations
  • Execution of our contractual agreements

Data may be deleted upon termination of service, in accordance with our DPA or customer request.

12. Children’s Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted at https://www.aptlydone.com/privacy-policy and reflected in the “Last updated” date above.

14. Contact Us

If you have questions about this Privacy Policy or how we handle personal data, please contact:

Aptly, Inc.
600 N Robinson Ave
Oklahoma City, OK 73102
[email protected]

Getting Decision Rights Right.

Learn MoreLogin
Product
Aptly OverviewDelegation of AuthoritySignatory ManagementIntegrations
Resources
BlogFAQHelp CenterPricing
Company
AboutServicesCareersTrust CenterContact
About Aptly
Aptly is transforming how enterprises manage decision authority. Its integrated suite of easy-to-use delegation and identity-based authority solutions streamline business operations, improve compliance and reduce risk.
Copyright Aptly, Inc. 2025  |  Legal  |  Terms  |  Privacy Policy