Trust & Security

Confidentiality and NDAs

• Mutual NDA signed before any technical or financial discussion
• 3-year confidentiality term (extendable)
• Apex employees are bound by individual NDAs in their employment contracts
• Your firm's NDA accepted if you prefer your template
• Explicit data-handling clauses for any production data we may access

Data privacy and access controls

We follow least-privilege access. We get only the access we need to do the work — no more.

• Read-only access to analytics, ad accounts, CRMs whenever possible
• Write access only to the specific accounts we manage actively
• Your accounts stay yours: we never own ad accounts, analytics, or pixels
• SSO-only access wherever the client supports it
• 2FA required on all Apex employee access to client accounts
• Access revoked immediately on engagement end or team-member transition
• No production data stored on Apex laptops; everything stays in client systems

Advertising-platform compliance

Every channel has rules. We know them and ship compliant campaigns.

Healthcare advertising

We comply with platform-specific healthcare advertising restrictions on Google, Meta, and others. No PHI in tracking pixels, conservative ad copy, compliant landing pages. For US healthcare clients pursuing HIPAA, we work alongside your compliance team — we don't store PHI on Apex infrastructure.

Financial services advertising

Google and Meta have strict rules for financial services (no misleading claims, no get-rich-quick angles, lender disclosures). We comply with the rules and don't propose campaigns that would trigger account suspensions.

GDPR & privacy regulations

For UK and EU clients, we implement consent-mode tracking, GDPR-compliant data handling, and lawful-basis documentation. We don't store EU resident PII without explicit lawful basis.

Security practices

• Password managers (1Password) required for all team-member account storage
• Full-disk encryption mandated on all Apex laptops
• 2FA on every account and every client system
• Slack as primary comms — encrypted in transit and at rest
• Documentation in Notion / Google Workspace with role-based access
• Quarterly security training for all team members
• Incident response plan documented; we commit to 1 business-hour acknowledgment for security incidents

Intellectual Property

• All work product is yours on payment
• Ad creative, landing pages, content — IP assigns to you in the SOW
• We don't claim reusable components or generic boilerplate
• Case-study usage rights require your written approval (we ask explicitly, we don't assume)
• Pre-existing Apex IP (if any) is explicitly listed in the SOW with license terms

Insurance and bonding

Apex Marketings maintains professional indemnity insurance appropriate to the scope of engagements. Coverage levels are disclosed during contract negotiation upon request. We can add specific coverage for higher-value engagements on request.

Frequently Asked Questions

Will you sign our NDA?

Yes. We accept your firm's NDA when you prefer, and we have a standard mutual template if you don't.

Do you do background checks on team members?

Yes. Every Apex employee passes CNIC verification + reference checks + education verification at hire.

Can we audit you?

Yes. We welcome annual reviews of our security practices, account access, and data handling for engagements over USD 30K/year.

Where does our data live?

On your platforms (your Google Ads, your Meta Business Manager, your GA4, your CRM). We don't take production-data copies onto Apex hardware. Reporting dashboards are read-only views built in tools like Looker Studio.