Privacy Policy

Date d'entrée en vigueur : March 9, 2026

1. Data Controller

APOGEE SAS
32 Rue de Paris, 92100 Boulogne-Billancourt, France
DPO contact: hello@apogee.ad

2. Data Collected

  • Identification data: name, first name, email (via Meta OAuth)
  • Connection data: IP address, browser, approximate geolocation
  • Meta Ads data: ad accounts, campaigns, creatives, performance metrics (accessed via Meta tokens authorized by the user)
  • Payment data: managed by Stripe (Apogee does not store card numbers)
  • Usage data: pages visited, actions performed, files uploaded

3. Processing Purposes

  • Providing and improving the service
  • Account and billing management
  • Customer support
  • Usage analysis and product improvement
  • Marketing communications (with consent)

4. Legal Bases

  • Contract performance: service delivery
  • Legitimate interest: service improvement, security
  • Consent: marketing communications

5. Hosting and Subprocessors

Data is hosted in Europe:

  • Backend: Railway (europe-west4, Netherlands)
  • Frontend: Vercel (global CDN, EU data)
  • Database: Supabase (EU)
  • Payments: Stripe
  • Email marketing: ActiveCampaign
  • AI: Anthropic (Claude), Google (Gemini)
  • Notifications: Discord (webhooks)

6. Data Retention

  • Account data: retained for the duration of the subscription + 3 years after deletion
  • Connection data: 12 months
  • Billing data: 10 years (legal obligation)
  • Uploaded files: deleted 30 days after account deletion

7. User Rights

In accordance with GDPR, you have the following rights: access, rectification, deletion, portability, restriction, objection. Contact hello@apogee.ad.

Response time: 30 days.
Complaint to the CNIL: www.cnil.fr

8. Cookies

Apogee uses essential cookies for the operation of the service (authentication, preferences). No third-party advertising cookies.

9. Meta Tokens

The user authorizes Apogee to access their Meta Ads accounts via OAuth. Tokens are encrypted and stored in the database. The user can revoke access at any time from their Meta settings.

10. Security

Data is protected by: HTTPS encryption, encrypted OAuth tokens, per-user data isolation, access logging.

11. Transfers Outside the EU

Some subprocessors (Anthropic, Vercel CDN) may process data in the United States. These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs).

12. Amendments

This policy may be modified. Users will be notified by email.

Talk to Founder