ApusNest LogoAPUS NEST

Privacy Policy

Last Updated: October 26, 2025

1. Introduction

Welcome to APUS NEST (the "Service"), operated by APUS DATA Mateusz Jerzyk ("APUS DATA," "we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Market Basket Analysis (MBA) and Analytics services, website (apusnest.com), and related tools (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

For the purpose of the General Data Protection Regulation (GDPR) and other relevant data protection laws, the Data Controller is:

APUS DATA Mateusz Jerzyk

VAT ID: PL5140344860

ul. Olsztyńska 42a/8

51-423 Wrocław, Poland

Email: hello@apusnest.com

Data Protection Officer (DPO): Mateusz Jerzyk (Contact via hello@apusnest.com)

3. Information We Collect

We may collect the following types of information:

Personal Identification Information:

  • Email address (for account creation/login, communication, receiving reports).
  • Name (Optional, provided during signup or billing).

Payment and Subscription Information:

  • We use Stripe for processing One-Time Payments and recurring Subscription payments.
  • We do not directly collect or store your full credit card details. Stripe handles this securely.
  • We receive transaction confirmations, identifiers (like Stripe Customer ID and Subscription ID), subscription status (e.g., active, canceled), and current billing period end dates from Stripe to manage your account and access level.

User-Provided Data ("User Data"):

  • Uploaded E-commerce Data (for MBA): Order data (Order IDs, Product details, Quantities, Prices, Timestamps) uploaded via CSV file for generating MBA Reports. We strongly recommend anonymizing customer PII before upload.
  • Connected Analytics Data (for Analytics Dashboard): E-commerce performance data (revenue, transactions, users, sessions, traffic sources, etc.) accessed via read-only connection to your Google Analytics 4 property, solely for display on your dashboard and generating related AI insights.

Important Note on User Data: This uploaded data may potentially contain personal data related to your customers if not properly anonymized. We strongly recommend removing or anonymizing any direct customer identifiers (like names, addresses, emails) before uploading. We process the uploaded data solely to generate your requested Report and are not responsible for the sensitivity of the data you choose to upload.

Usage Data:

Information about how you access and use our website and Service, including: IP address, Browser type, Operating system, Pages visited, Time spent on pages, Interaction patterns, Error logs. This helps us improve the Service and ensure security.

Cookies and Tracking Technologies:

We use cookies and similar tracking technologies to track activity on our Service. See Section 10 for more details.

4. How We Use Your Information (Legal Basis)

We use the collected information for various purposes, relying on the following legal bases under GDPR:

To Provide and Maintain the Service (Contractual Necessity - Art. 6(1)(b) GDPR):

  • Processing your User Data (CSV or GA) to generate Reports and populate the Analytics Dashboard.
  • Managing your account, subscription status, and access to features based on your plan.
  • Providing customer support (using your email).
  • Processing One-Time Payments and Subscription payments via Stripe.

To Improve Our Service (Legitimate Interests - Art. 6(1)(f) GDPR):

  • Analyzing Usage Data to understand how users interact with our Service, identify areas for improvement, and enhance user experience.
  • Using anonymized and aggregated data derived from User Data (excluding Google API data) to improve our AI models. **Information received from Google APIs is explicitly excluded from this practice** and handled per the Google API Policy (Section 5).
  • Monitoring the Service for security purposes and preventing fraud.

To Communicate With You (Contractual Necessity / Legitimate Interests / Consent - Art. 6(1)(a, b, f) GDPR):

  • Responding to your inquiries and support requests via email.
  • Sending important service-related notices (e.g., updates to Terms or Policy, security alerts, subscription billing notifications).
  • Sending marketing communications or newsletters if you have opted-in. You can opt-out at any time.

To Comply with Legal Obligations (Legal Obligation - Art. 6(1)(c) GDPR):

Fulfilling legal requirements, such as responding to lawful requests from public authorities or meeting tax and accounting obligations.

5. Compliance with Google API Services User Data Policy

APUS NEST's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use: The data obtained from the Google Analytics API is used solely to provide and improve the user-facing features of the APUS NEST service visible to you. Specifically, this data populates your Analytics dashboard. It will not be used for other purposes like transferring/selling to third parties, advertising, or training generalized AI models.

  • Transferring or selling the data to third parties.
  • Using the data for advertising purposes.
  • Training generalized artificial intelligence or machine learning models.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., Stripe for payments, hosting providers, analytics tools, email delivery services) under strict confidentiality and data processing agreements.
  • Legal Requirements: If required by law or in response to valid legal requests (e.g., court orders, government requests).
  • Business Transfers: In connection with a merger, acquisition, or asset sale, subject to confidentiality agreements.
  • With Your Consent: For any other purpose with your explicit consent.

We do not share your raw, identifiable Uploaded E-commerce Data or connected Google Analytics data with third parties, except as necessary with infrastructure providers under strict confidentiality for Service provision.

7. Data Security

We implement appropriate technical and organizational security measures (including encryption, access controls) designed to protect your personal information. However, no internet transmission or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information only for as long as necessary for the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • Account Information (Email, Name): Retained while your account is active, then as required for legal obligations.
  • Subscription Data (Stripe IDs, Status): Retained while your subscription is active and for a necessary period afterwards for financial records and compliance (e.g., 7 years for tax purposes).
  • Uploaded E-commerce Data (CSV for MBA): Raw data is retained briefly (e.g., up to 7 days) post-report generation for support, then securely deleted. Maintain your own copies.
  • Connected Analytics Data (GA): We cache GA data temporarily (e.g., up to 24 hours) to improve dashboard performance. We do not store historical GA data long-term beyond this cache. Disconnecting GA removes associated tokens.
  • Anonymized Data for Improvement (Non-GA): May be retained longer as it does not identify individuals.
  • Usage Data & Logs: Retained for a limited period (e.g., up to 12 months) for security and analysis.

9. International Data Transfers

Your information may be processed by us or our service providers outside the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards (like Standard Contractual Clauses or adequacy decisions) are in place to protect your data according to GDPR standards. Our primary operations are in Poland/EU.

10. Cookies and Tracking Technologies

We use cookies and similar technologies. Essential cookies are used based on legitimate interest. Performance and functionality cookies are used based on your consent, which you can manage via our cookie banner or your browser settings. Blocking essential cookies may affect site functionality.

11. Your Data Protection Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to access, rectify, erase, restrict, object to processing, and port your personal data. You can also withdraw consent and lodge a complaint with your local data protection authority or the Polish DPA (UODO): https://uodo.gov.pl/

12. How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at hello@apusnest.com. We will respond to your request within one month.

13. Children's Privacy

Our Service is not for children under 18. We do not knowingly collect data from children under 18. If you believe we have, please contact us so we can remove it.

14. Changes to This Privacy Policy

We may update this policy from time to time. Changes are effective when posted on this page. We will update the "Last Updated" date and may provide additional notice for material changes. Please review this policy periodically.

15. Contact Us

If you have questions about this Privacy Policy, please use the following details:

APUS DATA Mateusz Jerzyk

Email: hello@apusnest.com

ApusNest LogoAPUS NEST
Free Tools
Features
Company
Resources
Made with `ღ´ around the world by © 2025 APUS NEST