Privacy Policy

Effective Date: October 20, 2025

Data Processing Architecture and Technology Development

APAS® Cloud ensures that all client data is processed exclusively on HIPAA-compliant servers located in the United States. The proprietary technology powering APAS® Cloud is developed by Accelerated Performance Attribution Systems (APAS) Ltd. in Cyprus, where our research and development team creates and maintains our advanced data processing systems and algorithms. While all R&D occurs in Cyprus, all client data is processed and stored exclusively in the United States to ensure full compliance with healthcare privacy regulations.

APAS Ltd. ("we," "our," or "us") operates APAS® Cloud, a comprehensive HIPAA-compliant attribution system for high-spending organizations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Legal Grounds for Data Processing

Processing of your personal information (any information which may potentially allow your identification with reasonable means) is necessary for:

The performance of our contractual obligations towards you and providing you with our services
Protection of our legitimate interests
Compliance with legal and financial regulatory obligations to which we are subject

When you use our website, you consent to the collection, storage, use, disclosure, and other uses of your personal information as described in this Privacy Policy. We encourage our users to carefully read this Privacy Policy and use it to make informed decisions.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

Schedule a demo or consultation
Subscribe to our newsletter
Contact us via email or forms
Create an account or use our services

This may include: name, email address, company name, phone number, and any other information you choose to provide.

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing actions, including:

IP address and geolocation data
Browser type and version
Device information
Pages viewed and time spent on pages
Referral source and click data
Attribution identifiers (apasid, apasclid)

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our services
Process your requests and communications
Send you technical notices and updates
Respond to your comments and questions
Analyze usage trends and improve our services
Detect, prevent, and address technical issues
Comply with legal obligations

3. Attribution Tracking

APAS® Cloud uses advanced attribution tracking to understand visitor behavior and conversion touchpoints. We:

Generate unique identifiers (apasid, apasclid) stored in your browser's local storage
Capture URL parameters including UTM codes and click IDs
Track visitor sessions and form submissions
Store attribution data for analysis and reporting

This data helps us better understand marketing effectiveness and optimize conversion paths.

4. Cookies and Tracking Technologies

We use privacy-focused technology to understand how visitors use our website and improve their experience.

We use a single first-party session cookie for continuity, ensuring your experience remains consistent as you navigate our site. Beyond this essential cookie, we rely on local browser storage that keeps your information on your device—it never follows you to other websites. Our website analytics do not collect any personal health information, medical conditions, or treatment interests through your browsing activity.

The only data gathered by our analytics includes general usage patterns such as pages visited, time spent on site, and how you navigate our services. This helps us make our website easier to use and ensures important resources are easy to find.

Your privacy is paramount—we do not sell, share, or transfer any visitor information to third parties, advertising networks, or data brokers. When you arrive from an advertisement, advertising conversions are tracked anonymously without scripts or personal information.

All our technology partners, including Cloudflare and PostHog, have signed Business Associate Agreements (BAAs) to ensure strict security and HIPAA-compliant handling of any data. You can clear your data in your local storage anytime through your browser settings, giving you complete control over your information.

5. Data Sharing and Disclosure

We may share your information with:

Service Providers: Third-party companies that perform services on our behalf
Analytics Partners: PostHog for product/web analytics
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with a merger, sale, or acquisition

We do not sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored personal information
Receive a copy of personal information you directly volunteer to us in a structured, commonly used, and machine-readable format
Request rectification of your personal information that is in our control
Request erasure of your personal information
Object to the processing of personal information by us
Request to restrict processing of your personal information by us
Lodge a complaint with a supervisory authority

Please note that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements.

To exercise these rights, please contact our Data Protection Officer using the details in the Contact section below.

9. International Data Transfers

While our technology is developed in Cyprus, all client data is processed and stored exclusively on HIPAA-compliant servers in the United States. For European Economic Area (EEA) users, we transfer data only to countries approved by the European Commission as providing adequate levels of data protection, or we enter into legal agreements ensuring an adequate level of data protection.

10. Children's Privacy

We understand the importance of protecting children's privacy, especially in an online environment. Our services are not designed for or directed at children. Under no circumstances shall we allow use of our services by minors. We do not knowingly collect personal information from minors. If a parent or guardian becomes aware that their child has provided us with personal information without consent, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer:

Privacy Officer: Lesley Van De Mortel
Email: Lez@apas.cloud
Phone: +357 943 27221
Address: APAS Ltd., Onisiforou Center, 2nd floor, Agios Theodoros, 8011 Paphos, Cyprus