APaaS Assure
Log in Book a demo

Privacy Policy

Last updated: 20 May 2026. This policy explains how APaaS Application Packaging Services Ltd handles your personal data.

Draft notice. This privacy policy is a working draft intended for review by your legal counsel before publication. Replace placeholder details (registered address, company number, DPO contact) with your registered company information.

1. Who we are

APaaS Application Packaging Services Ltd ("we", "us", "our") is the data controller for the personal data we process in connection with this website and the APaaS Assure service. We are registered in England & Wales (company number to be added), with registered office at [registered address], Sheffield, UK.

For any questions about this policy or how we handle your data, email us at privacy@apaas.org.

2. What data we collect

Through this website

  • Contact form submissions. Name, email, company name and any message content you choose to send.
  • Usage data. Anonymised aggregate metrics about visits to the site (no third-party trackers, no advertising cookies).

Through the APaaS Assure platform

  • Customer estate data. Inventory information about your devices and applications — device hostname, OS, installed applications, version numbers, usage telemetry. Processed under instruction from our customer (you), who is the data controller for this data.
  • User account data. Email, name, role, login history, MFA settings. Used to deliver the service.

3. Lawful basis

We process personal data under one or more of the following lawful bases (UK GDPR Article 6):

  • Performance of a contract — delivery of the APaaS Assure service to customers we have a written agreement with.
  • Legitimate interests — responding to enquiries you initiate, improving the service, and protecting against fraud and abuse.
  • Consent — marketing emails (where applicable), which you can withdraw at any time.
  • Legal obligation — retaining accounting records, responding to lawful regulatory requests.

4. How we use your data

  • To respond to your enquiries and demo requests.
  • To deliver, secure and improve the APaaS Assure service.
  • To send service notifications (security alerts, status updates, billing).
  • To send occasional product updates and content if you have opted in.
  • To meet our legal and regulatory obligations.

We do not sell your personal data. We do not use it for advertising. We do not pass it to third parties for their own marketing.

5. Where your data is stored

All customer data and personal data is hosted in Microsoft Azure UK regions. We do not transfer customer data outside the UK. For limited corporate functions (email, support tooling) we use providers that may process data within the EEA under adequacy decisions or under Standard Contractual Clauses.

6. How long we keep data

  • Contact enquiries — 24 months from last contact.
  • Customer account data — for the duration of the contract plus 12 months for audit and dispute purposes.
  • Customer estate data — for the duration of the contract. Deleted within 30 days of contract termination, unless legally required to retain.
  • Audit logs — 24 months.
  • Financial records — 7 years (UK statutory minimum).

7. Your rights

Under UK GDPR you have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate data.
  • Request deletion ("right to be forgotten") subject to legitimate grounds for retention.
  • Request a portable copy of your data.
  • Object to or restrict our processing of your data.
  • Withdraw consent at any time where consent is the lawful basis.
  • Lodge a complaint with the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email privacy@apaas.org. We respond within one calendar month.

8. Cookies

This website uses only first-party functional cookies needed to operate. No analytics, no advertising trackers, no third-party cookies. The platform itself uses a single session cookie to maintain your login.

9. Changes to this policy

We will update this policy as needed. Material changes will be notified to customers by email at least 30 days before they take effect.