This statement sets out how Apex Artificial Intelligence Limited complies with the UK GDPR and the Data Protection Act 2018 (and the EU GDPR where it applies), and how we protect personal data.
Who we are
Apex Artificial Intelligence Limited (“Apex AI”, “we”, “us”), a company registered in England and Wales (company number 17194741), registered office 167-169 Great Portland Street, 5th Floor, London, W1W 5PF. Contact: ash@apexaiuk.com.
Controller and processor roles
For our own website visitors and enquirers, we act as a controller. When we operate an AI receptionist or automation on behalf of a client, handling calls and data about that client's customers, we generally act as a processor on the client's instructions, under a data-processing agreement. The client remains the controller of their customers' data.
What we process and why
- Enquiry data you submit (name, work email, company, phone, message) to respond and arrange a demo.
- Call and interaction data (audio, transcripts, contact details, booking details) when our agents handle calls.
- Technical data (IP address, device and usage data) to deliver, secure and improve the site, and analytics where you consent.
Lawful bases
We rely on consent (form submissions and optional cookies), contract (providing services to clients), legitimate interests (running, securing and growing our business in a way that respects your rights), and legal obligation where applicable.
Sub-processors
We share personal data only with vetted providers who help us deliver the service, each bound by a data-processing agreement:
- Anthropic (Claude) – language model processing.
- Vapi – real-time voice call infrastructure.
- HighLevel (GoHighLevel / LeadConnector) – CRM, scheduling and messaging.
- Vercel – website hosting and delivery.
- Google – tag management and analytics, loaded only with your consent.
We do not sell personal data.
International transfers
Some providers process data outside the UK. Where they do, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement / Standard Contractual Clauses.
Retention
We keep personal data only as long as necessary for the purpose it was collected, or as required by a client agreement or by law, and then delete or anonymise it.
Your rights
You have the right to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent at any time. To exercise any of these, email ash@apexaiuk.com. If we process your data as a processor for one of our clients, we will direct your request to that client as the controller.
Security
We apply technical and organisational measures including encryption in transit and at rest, access controls and supplier due diligence.
Complaints
You can complain to the Information Commissioner’s Office (ICO) at ico.org.uk, though we would welcome the chance to resolve any concern first.
This document is provided as a general template and is not legal advice. Please have it reviewed against your specific circumstances before you rely on it.