Privacy Policy

1. Who We Are

ApexFlash is operated by MindVault-AI, based in the Netherlands. We are the data controller for your personal data processed through this Service.

Contact: support@apexflash.pro

2. What Data We Collect

Via Telegram Bot (@ApexFlashBot):

• Telegram user ID and username
• Commands and interactions with the bot
• Subscription tier and referral data
• Encrypted wallet data (if you use the wallet feature)
• Trading activity through the bot

Via Website (apexflash.pro):

• Standard web analytics (page views, referrer, device type)
• Email address (only if you voluntarily provide it)
• No cookies for tracking — we respect your privacy

Via Gumroad (payments):

• Payment processing is handled entirely by Gumroad
• We receive: your email, subscription status, and payment confirmation
• We do NOT receive or store: credit card numbers, bank details, or billing addresses

3. Why We Collect Data (Legal Basis)

• Contract performance: To provide you with the Service, process subscriptions, and deliver alerts
• Legitimate interest: To improve the Service, prevent abuse, and send relevant updates
• Consent: For optional marketing communications (you can opt out at any time)

4. How We Use Your Data

• Deliver whale alerts and trading intelligence
• Manage your subscription and premium features
• Process referral rewards
• Provide customer support
• Improve and optimize the Service
• Prevent fraud and abuse
• Comply with legal obligations

5. Data Sharing

We do NOT sell your data. We may share data with:

• Gumroad: Payment processing
• Telegram: Bot communication (via Telegram API)
• Render: Hosting infrastructure
• Law enforcement: Only when legally required

We do not share your data with advertisers, data brokers, or any other third parties.

6. Data Security

• Wallet data is encrypted using Fernet symmetric encryption
• All connections use HTTPS/TLS encryption
• Automated backups every 2 hours
• Access to user data is restricted to authorized personnel only

While we implement reasonable security measures, no system is 100% secure. You acknowledge that you provide data at your own risk.

7. Data Retention

• Account data: Retained while your account is active
• Trading history: Retained for 12 months, then anonymized
• Payment records: Retained as required by Dutch tax law (7 years)
• After account deletion: Personal data removed within 30 days (except legal obligations)

8. Your Rights (GDPR)

Under EU/EEA law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Objection: Object to processing based on legitimate interest
• Withdraw consent: At any time, without affecting prior processing

To exercise any of these rights, contact support@apexflash.pro. We will respond within 30 days.

9. Cookies

We do not use tracking cookies. We may use essential cookies for website functionality only. No third-party advertising or analytics cookies are used.

10. International Data Transfers

Your data may be processed on servers located outside the EU (our hosting is on Render, which uses US-based infrastructure). We ensure appropriate safeguards are in place as required by GDPR.

11. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided data to us, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use after changes constitutes acceptance.

13. Complaints

If you believe we have violated your privacy rights, you may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

14. Contact

Questions about your privacy? Contact us at support@apexflash.pro