Privacy Policy

‍

This Privacy Policy explains how Aptly, Inc. (“Aptly,” “we,” or “us”) collects, uses, shares, and protects personal information in connection with our cloud-based authority management platform and related services (“Services”).

By accessing or using the Services or our website, you agree to the practices described in this Privacy Policy. For customers with a signed Data Processing Agreement (“DPA”), the DPA governs our role as a processor of Customer Personal Data.

1. Scope

This Privacy Policy applies to:

• Visitors to our website at aptlydone.com
• Prospective customers and leads
• Users of the Aptly platform under a subscription agreement

This Policy does not apply to third-party services we do not control, including external websites or third-party integrations used by customers with Aptly.

2. Information We Collect

a. Information you provide to us:

• Name, email address, and contact details
• Organization and job title
• Login credentials and authentication data
• Customer Content submitted through the Aptly platform
• Support inquiries and form submissions

b. Information we collect automatically:

• IP address and device/browser type
• Usage logs and session activity
• Audit and access logs
• Data via cookies and similar technologies (see Section 7)

c. Information from third parties:

• Identity and provisioning data via SSO or SCIM
• Payment details via billing processors (e.g., Stripe)

3. How We Use Personal Information

We use personal information to:

• Provide and operate the Services
• Support account creation, login, and administration
• Respond to support and service requests
• Improve and secure our platform
• Comply with legal obligations or protect rights and safety

4. Legal Bases (for EEA/UK Residents)

Where required by law, we process personal information based on:

• Contractual necessity
• Legitimate business interests
• Consent (where applicable)
• Compliance with legal obligations

5. Sharing and Disclosure

We may share personal data with:

• Authorized subprocessors and infrastructure providers (see our Subprocessor List)
• Service providers acting on our behalf (e.g., email delivery, analytics)
• Legal authorities or regulators as required by law

We do not sell or rent your personal information. Where personal data is shared with third parties, we ensure appropriate safeguards are in place, and where applicable, the lawful basis for such sharing includes our legitimate interest in operating, supporting, and improving the Services. These interests include ensuring platform functionality, maintaining security, providing customer support, and fulfilling contractual obligations to users.

6. Data Security

We implement technical and organizational measures appropriate to the risks involved, including:

• Encryption in transit and at rest
• Role-based access control (RBAC)
• Activity logging and monitoring

For more information, please see our Security Policy.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve the functionality, performance, and user experience of our website and Services.

Cookies are small text files stored on your device that help us:

• Recognize repeat visitors and preferences
• Analyze how the website and platform are used
• Measure the effectiveness of our marketing efforts

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. If you choose to disable cookies, some features of the Services may not function as intended.

8. Third-Party Analytics

We use third-party analytics services, such as Google Analytics and Intercom, to understand how visitors use our website and platform. These services may use cookies and similar technologies to collect technical data such as device type, IP address (anonymized where possible), and browsing behavior.

We use this information to:

• Monitor platform performance
• Identify usage patterns and improve product functionality
• Tailor customer support and user experience

Where required by law, we obtain your consent to use non-essential cookies and analytics tracking.

9. International Data Transfers

We may process personal data outside of the jurisdiction where you reside. Where required, we rely on:

• Standard Contractual Clauses (SCCs)
• The UK Addendum or other lawful safeguards

Our platform is hosted in Microsoft Azure data centers in the United States and Europe.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access or receive a copy of your data
• Request correction or deletion
• Request the transfer of your personal data to another controller (data portability)
• Object to or restrict certain processing
• Withdraw your consent at any time, where processing is based on consent
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at privacy@aptlydone.com. We will respond as required by applicable law.

11. Data Retention

We retain personal data only as long as necessary for:

• The purposes described in this policy
• Compliance with legal obligations
• Execution of our contractual agreements

Data may be deleted upon termination of service, in accordance with our DPA or customer request.

12. Subject Access Requests

If you are a resident of the EEA, UK, or another jurisdiction that provides data access rights, you may submit a Subject Access Request (SAR) to access, rectify, or delete your personal information.

To make a request:

• Please complete our Subject Access Request Form (PDF)
• Submit it to privacy@aptlydone.com

We will acknowledge your request within 3 business days and respond within 30 calendar days, in accordance with GDPR. Additional identity verification may be required to process the request in accordance with our GDPR Compliance Policy. For GDPR-related data subject inquiries in the EU or UK, please see Section 15 for our local GDPR representative contact details.

13. Children’s Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children.

14. Contact Us

If you have questions about this Privacy Policy or how we handle personal data, please contact:

Aptly, Inc.
600 N Robinson Ave
Oklahoma City, OK 73102
privacy@aptlydone.com

15. EU and UK GDPR Representatives

If you are located in the European Union or the United Kingdom, you may contact our local GDPR representatives for matters related to the processing of your personal data under Article 27 of the GDPR or UK GDPR.

EU Representative
‍Instant EU GDPR Representative Ltd
Attn: Adam Brogden
Email: contact@gdprlocal.com
Tel: +353 15 549 700
Address: Office 2, 12A Lower Main Street, Lucan, Co. Dublin, K78 X5P8, Ireland
Submit EU GDPR request‍

UK Representative
GDPRLocal Ltd.
Attn: Adam Brogden
Email: contact@gdprlocal.com
Tel: +44 772 217 800
Address: 1st Floor Front Suite, 27–29 North Street, Brighton, BN1 1EB, United Kingdom
Submit UK GDPR request

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted at https://www.aptlydone.com/privacy-policy and reflected in the “Last updated” date above.