APX

Privacy Policy

Last Updated: February 17, 2026

1. Introduction

Welcome to APX. This Privacy Policy explains how APX Security, Inc. ("APX," "we," "us," or "our") collects, uses, and discloses information about you when you access or use our website (apxlabs.ai), the Cipher AI pentesting service, and related services (collectively, the "Service").

By using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. This policy is incorporated into and is subject to the APX Terms and Conditions.

2. Information We Collect

We collect information in a few different ways to provide and improve our Service.

a) Information You Provide Directly to Us:

  • Account Information: When you register for an account, we collect information such as your name, email address, and password.
  • Payment Information: When you purchase an assessment, payment is processed by our third-party payment processor. We do not store your full credit card number on our servers.
  • Assessment Content: To perform security assessments, you provide us with target application URLs, API specifications, credentials, and other configuration ("Customer Content"). Any data generated or exfiltrated by Cipher during the course of an assessment (e.g., logs, database dumps, created user accounts) is also treated as Customer Content and is subject to the same isolation and deletion policies. You control what Customer Content you provide.
  • Assumption Feedback: During an assessment, you may review and provide feedback on assumptions Cipher makes about your application's business logic.
  • Communications: If you contact us directly for support or other inquiries, we may receive additional information about you, such as the contents of your message.

b) Information We Collect Automatically When You Use the Service:

  • Log and Usage Data: Like most websites and services, we automatically collect certain information when you access our Service. This may include your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and how you interacted with our website.
  • Cookies and Similar Technologies: We use cookies and similar technologies to help operate our Service, remember your settings and preferences, and understand how our users interact with the platform. You can control the use of cookies at the individual browser level.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To Perform Assessments: We use your Customer Content to run Cipher against your target application, generate findings, produce reports, and deliver assessment results.
  • To Improve Testing Capabilities: We use anonymized, aggregated metadata (e.g., "Attack Vector X failed against Framework Y") to improve Cipher's reasoning engine. We do not use your raw Customer Content, specific vulnerabilities found, or credentials to train models. Your specific application data is never used to improve the product for other customers.
  • To Process Payments: We use your payment information to process assessment purchases.
  • To Communicate With You: We may use your contact information to send you assessment notifications, service-related updates, security alerts, and support messages. We may also send you marketing communications, which you can opt out of at any time.
  • For Safety and Security: We use information to protect our Service and our users, prevent fraud and abuse, and enforce our Terms and Conditions.

4. Third-Party AI Services

Cipher is powered by frontier models from Anthropic and Google. Customer Content may be sent to these providers as part of assessment execution. We operate under enterprise agreements (Anthropic Zero-Retention, Google Cloud Data Governance) that explicitly prohibit them from training on your data.

For a full discussion of how your data flows through our AI infrastructure — and what we can and cannot guarantee — see our Security page.

5. How We Share Your Information

We do not sell your personal information. We may share the information we collect in the following limited circumstances:

  • With Service Providers: We work with third-party service providers to help us operate our Service, such as cloud hosting providers, LLM providers, payment processors, and customer support tools. These providers are given access to your information only as is reasonably necessary to perform their services for us and are obligated not to disclose or use it for any other purpose.
  • In Aggregated or Anonymized Form: We may share aggregated and anonymized information that cannot reasonably be used to identify you or your applications.
  • For Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
  • To Comply with the Law: We may disclose your information to a third party if we believe that disclosure is reasonably necessary to (a) comply with any applicable law, regulation, legal process, or governmental request, (b) enforce our agreements and policies, or (c) protect the security or integrity of the Service.

6. Data Security

Each assessment runs inside an isolated project. No data crosses project boundaries — your credentials, findings, and configuration are never visible to other projects, even your own.

We use commercially reasonable safeguards to protect your data. For a full discussion of our security architecture — including isolation, deletion, the AI supply chain, and what we can and cannot guarantee — see our Security page.

7. Data Retention and Deletion

Assessment Data: All project-specific data — including Customer Content, credentials, findings, reproducible exploits, and reports — is permanently deleted when the project is closed. For one-off assessments, this happens automatically when the assessment window expires. For ongoing integrations, data persists until you explicitly delete the project. Deletion is irreversible. You are responsible for downloading reports and deliverables before deletion.

Account Data: We retain your account information (name, email) for as long as your account is active. You may request deletion of your account at any time by contacting us at legal@apxlabs.ai.

Anonymized Patterns: We may retain anonymized, aggregated testing patterns indefinitely to improve the Service. These patterns do not contain your raw Customer Content or any information that could identify your specific application.

Legal Obligations: We may retain certain information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include the right to:

  • Access the personal information we hold about you.
  • Correct any inaccurate personal information.
  • Delete your personal information.
  • Opt-out of marketing communications by clicking the "unsubscribe" link in our emails.

You can exercise these rights by contacting us at the email address below. Please note that we may need to verify your identity before processing your request.

9. International Data Transfers

Your information will be transferred to, and processed in, the United States. By using the Service, you consent to the transfer of your information to the U.S. and the use and disclosure of your information as described in this Privacy Policy.

10. Children's Privacy

Our Service is not directed to individuals under 13 years of age, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website prior to the change becoming effective. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

APX Security, Inc.
legal@apxlabs.ai