ApexDrive Privacy Policy

Welcome to the ApexDrive Disk Service (hereinafter referred to as “This Service”). This Privacy Policy (hereinafter referred to as “This Policy”) is created by the ApexDrive operating entity (hereinafter referred to as “We”) and is designed to clearly inform you of our rules for managing the full lifecycle of user (hereinafter referred to as “You”) personal information, including the privacy rights collected, used, stored, transmitted, shared, disclosed, destroyed, and that you enjoy, while also clarifying the rights and obligations of both parties in privacy protection. This Policy applies to all your behavior in accessing and using this Service through any terminal device (including computer, mobile phone, tablet, etc.). Using this Service assumes that you have fully read, understood, and voluntarily accepted all the terms and conditions of this Policy. If you do not agree with this Policy, please do not register or use this Service.

1. Definition and Core Principles

1.1 Core Definitions

1.1.1 Personal Information

Means a collection of information that can individually or in combination with other information directly or indirectly identify a particular natural person, including but not limited to identity identifying information (e-mail address, account ID, etc.), device information, network information, usage behavior information, file metadata (not including the file content itself, except as required by law and regulations), etc.

1.1.2 Sensitive Personal Information

Referring to personal information that, once leaked, illegally provided or misused, may lead to a violation of a natural person‘s personal dignity or a risk to personal and property security, including biometric information, financial account information, precise location information, health and medical information, personal information of minors, etc., this Service will adopt enhanced protection measures for sensitive personal information.

1.1.3 Anonymizing/De-identifying Information

Anonymized information refers to information that cannot be identified as a specific natural person and cannot be recovered through technical processing; de-identified information refers to information that cannot be identified as a specific physical person through technical processing without the help of additional information. This type of information is not personal information, and we can freely use it for service optimization, data analysis, and other purposes.

1.1.4 File Metadata

Means the descriptive information that accompanies files you upload to the Service, including file name, size, format, time of creation, time of modification, saved path, etc., excluding core information such as file body, image content, video audio substance content, etc.

1.2 Core Principles of Privacy Protection

1.2.1 Minimum Required Principles

We collect only the minimum amount of personal information necessary to provide this service, and information beyond the necessary range will be collected separately with your explicit authorization.

1.2.2 Conscious Consent Principle

For activities such as collecting, using, and sharing personal information, we will fully inform you of the relevant purposes, scope, and methods, and proceed only after obtaining your explicit consent (except when required by law and regulations).

1.2.3 Security Protection Principles

Adopting international-leading technology and management measures, establish a full-process data security protection system to ensure that your personal information is not leaked, tampered with, lost, illegally accessed, or misused.

1.2.4 Principles of Autonomous Control

Giving you full control over your personal information, you can access, view, correct, delete your personal information, revoke authorization, or sign out of your account at any time. We will provide you with a convenient path to do so.

1.2.5 Transparent traceable principle

The entire process of processing personal information is public and transparent, and we will record information processing logs to ensure that each action is traceable, making it easier for you to inquire and review issues.

2. Scope and manner of collection of personal information

2.1 Personal Information You Proactively Provide

2.1.1 Account Registration and Authentication Information

When you register for an account with this service, you are required to provide your email address and your custom-set password for account creation, login authentication, and identification; if you choose to upgrade to an advanced account or use paid services, you may need to provide your name, contact information, payment account information, etc., as required by the service, for identity verification, order settlement, and service assurance.

2.1.2 Uploading and Storing Files and Metadata

The various types of files (documents, images, videos, audio, compressed packages, etc.) that you upload, store, and sync through the Service, as well as the accompanying file metadata, are used only to provide core services such as storage, sync, preview, and sharing. We do not actively analyze, extract, or use the file content for any other purpose (except as required by law or regulation or with your explicit consent).

2.1.3 Proactive Feedback and Communication

The information you provide when submitting inquiries, complaints, suggestions, or participating in our research and events through customer service channels (e-mail, online consultations, etc.), including your communication content, contact information, feedback, etc., is used to respond to your needs, optimize the service, and conduct events.

2.1.4 Third-Party Authorized Associate Information

If you choose to sign in to this Service through a third-party account (such as Google, Apple, Microsoft, etc.) associated with it, we will, with your authorization, obtain from the third party your account identification information (such as third-party account ID, email address), which is used to quickly create this Service account and sign-in authentication, without obtaining any other information from the third-party account (unless you authorize otherwise).

2.2 Automatically Collected Personal Information

2.2.1 Device and System Information

To ensure service compatibility and operational stability, we automatically collect information about terminal devices that you use with this service, including device model, operating system version, hardware configuration, device identifiers (such as IMEI, MAC address, UUID), system language, resolution, battery status, storage capacity, etc. We also collect information about device operational status, such as process startup, service fitness logs, etc., for troubleshooting technical issues.

2.2.2 Network and Connectivity Information

Automatically collect your network connection information, including IP address, network type (Wi-Fi, cellular network, etc.), network carrier, signal strength, connection speed, access point information, etc., to optimize network transport policy, ensure stability of file uploads and downloads, while identifying the approximate geographic area by IP address to match nearby server nodes for you.

2.2.3 Service usage behavior information

Throughout the process, behavioral data about your use of this service is recorded, including log-in/log-out times, log-in locations, activity logs (time of uploading, downloading, deleting, copying, moving, sharing files, objects, content), online preview duration, storage space usage, feature access frequency, preferences (such as default storage path, sync range), etc., for service optimization and personalized experience enhancement.

2.2.4 Caching and Logging Information

To improve service access speed, this service generates cached files on your terminal device. The cached content includes logs of common actions, file thumbnails, and more, which you can manually clear through device settings or features within this service. At the same time, our servers record service execution logs, including access requests, response status, error information, and more. The log information is regularly cleared and is used only for technical operations and security audits.

2.3 Delegated Collection and Indirect Acquisition of Information

2.3.1 Delegated Collection Scenario

We may commission third-party service providers (such as payment agencies, identity verification agencies) to collect necessary personal information. Such third parties may collect information only within the scope of the commission and strictly comply with this Policy and related contractual terms. We assume responsibility for monitoring third-party information collection activities.

2.3.2 Limitations on Indirect Access

Unless permitted by law and regulations or with your explicit consent, we will not actively obtain your personal information indirectly from third parties; if it is indeed necessary to obtain it, we will check the legitimacy of the information source and ensure compliance with relevant privacy protection regulations.

3. Purposes and Scenes of Use of Personal Information

3.1 Core Service Provision and Operation

3.1.1 Basic Service Support

Using account information, file data, device and network information collected, we provide you with core services such as disk storage, file synchronization, online preview, cross-device transfer, sharing collaboration, backup recovery and more, ensuring that the service runs properly.

3.1.2 Service Stability Guarantee

Based on device information, operation logs, network data, and more, monitor service health, troubleshoot system failures, network anomalies, device adaptation problems, and more, and promptly remediate and optimize to ensure service continuity.

3.1.3 Storage Resource Management

Alerts you when space is running low, clears redundant files, and optimizes storage resource allocation to improve storage efficiency based on your storage usage.

3.2 Account Security and Risk Prevention

3.2.1 Account Security Protection

Using data such as device information, login records, and network characteristics, establish anomalous behavior identification models. Pre-alert against risky behaviors such as out-of-place login, unfamiliar device login, and high-frequency operations. Take measures such as verification code verification, temporary account lock, and security alerts to prevent account theft and misuse risks.

3.2.2 Violation behavior checks

For documents or behaviors suspected of violating laws, violations of rights, and violations of service agreements, use the relevant information to conduct checks based on reasonable and necessary principles, take measures such as deleting documents, restricting account functionality, and logging out of accounts, to maintain service order and the legitimate interests of third parties.

3.3 Service Optimization and Personalized Experience

3.3.1 Service Experience Iteration

Based on behavioral data, user feedback, and more, analyze user needs and habits to optimize service interface design, operational processes, and feature layout to improve service usability; simultaneously develop new features, upgrade existing services such as intelligent file classification, quick search matches, personalized recommendations, and more to provide you with better experiences.

3.3.2 Network and Performance Optimization

Combine network connection information, transfer logs, and more to optimize the transfer protocol and node allocation for file uploads and downloads, improving transfer speed and stability. At the same time, adjust service execution parameters based on device performance to avoid over-utilizing device resources.

3.3.3 Personalized notification push

Based on your preferences, usage behavior, etc., you can turn off unnecessary notifications in this service setting to receive service update notifications, feature alerts, saved alerts, etc.

3.4 Compliance and Compliance with Legal Obligations

3.4.1 Legal Compliance

Using, disclosing your personal information, fulfilling legal obligations such as information reporting, cooperating with investigations, and providing evidence under the legitimate requirements of laws and regulations, judicial authorities, and regulatory bodies.

3.4.2 Dispute resolution and rights

To resolve disputes between you and us, between you and other users, or to defend your legitimate interests, use relevant personal information, such as communication records, operation logs, etc., to the reasonably necessary extent.

3.5 Derived Use of Anonymous Data

3.5.1 Data analysis and research

After the personal information is anonymized and de-identified, it is used for data analysis, industry research, market research, and other activities. The resulting analysis results can be used for service optimization, business decisions, or sharing with partners (only providing anonymized data, not involving any personally identifiable information).

3.5.2 Product Iteration and Innovation

Based on anonymized data insights into user demand trends, used for new product research and development, existing product upgrades, driving service feature innovation and industry technology progress.

4. Storage and Protection Measures for Personal Information

4.1 Storage Management Specifications

4.1.1 Storage Location and Server Deployment

Your personal information and documents will be stored in encrypted servers in countries or regions compliant with international privacy protection standards (such as GDPR, CCPA, etc.), hosted by us independently operated or delegated to qualified third-party providers, all storage behaviors conforming to local laws and regulations as well as the terms of this Policy. We will not store your personal information in regions that have not obtained international privacy protection certifications.

4.1.2 Restriction and Disposal Rules

Your account information, file data and related personal information will be continuously stored during your use of this service; if you sign out of your account, we will use irreversible technology to completely delete all personal information and files within 180 days after completing the sign-out of your account (except for those required by law and regulations to be retained, have been anonymized or are used for dispute resolution). Personal information that exceeds the storage period will be regularly cleaned and destroyed to ensure that the data cannot be recovered.

4.1.3 Data Backup Policy

Use multi-region, multi-copy distributed backup technology to regularly back up your files and personal information. Backup data is also protected by encryption measures to prevent data loss due to hardware failures, natural disasters, cyber attacks, etc., ensuring data recovery.

4.2 End-to-End Security Measures

4.2.1 Data Transfer Security

The SSL/TLS 1.3 encrypted transfer protocol is used to encrypt personal information and files throughout the process of transmission, preventing data from being intercepted, tampered with, or stolen. At the same time, techniques such as segmentation transmission, verification code verification, and other techniques are used to ensure the integrity of the transmitted data.

4.2.2 Data Storage Security

The stored personal information and files are encrypted using the AES-256 encryption algorithm. File storage uses a shard encryption storage method, where each file shard corresponds to a separate key. Even if part of the shard is leaked, the entire file cannot be restored. At the same time, strict server access control is set up, allowing only authorized personnel to access the data within necessary limits.

4.2.3 Technical Protection Systems

Establish a well-developed technical defense architecture, including intrusion detection and defense systems (IDS/IPS), firewalls, data decryption systems, security audit systems, etc., to monitor risk behaviors such as cyber attacks and malicious access in real time, to intercept and alert in time; regularly conduct security vulnerability scanning, penetration testing, remediate potential security vulnerabilities, and keep the technical defense capabilities in sync with industry-leading levels.

4.2.4 Management and People Security

Establish a strict data security management system, clarify the data access rights and responsibilities of personnel in various positions, conduct background reviews, privacy protection training, and signing of confidentiality agreements for employees who access user personal information; implement operation logs throughout the process, conduct real-time audits for data access, modification, deletion, and other operations, and immediately pursue responsibility once violations are discovered.

4.2.5 Emergency Response Mechanisms

Develop a data security emergency response plan, establish rapid response processes, clarify emergency response steps, division of responsibility, and communication channels in the event of sudden events such as data leakage, loss, and tampering. When a security incident occurs, remediation measures will be taken immediately to reduce losses, and you and relevant regulators will be promptly notified as required by law and regulations.

5. Sharing, transfer, and disclosure of personal information

5.1 Sharing of Personal Information

5.1.1 Sharing with Third-party Service Providers

To provide a more complete service, we may share necessary personal information with third-party service providers, which include server hosting, payment processing, identity verification, technical operations, customer service, etc. We will rigorously screen partners, conduct a comprehensive assessment of their qualifications and privacy protection capabilities, sign formal cooperation agreements and confidentiality agreements, clarify their information use scope, security obligations, and non-compliance responsibilities, and monitor their information processing behavior throughout the process to ensure the security of your personal information.

5.1.2 Sharing with Affiliates

Provided it meets the purposes of this Policy and the requirements of law and regulation, your personal information may be shared with our affiliates for service coordination, account interconnection, security assurance and service optimization. Affiliates are required to strictly comply with the privacy protection standards stipulated in this Policy, and may not use the information beyond the authorized scope. If the affiliate changes the purpose of use of the information, they need to obtain your separate consent.

5.1.3 Sharing Based on User Authorization

With your explicit consent or authorization, we may share relevant personal information with the third parties you designate, such as disclosing files and sharing information to recipients when file sharing, authorizing third-party applications to access some of your service functions, and so on, within the scope of your authorization.

5.2 Transfer of Personal Information

5.2.1 Transfer Restrictions and Conditions

We will not transfer your personal information arbitrarily, unless there are corporate changes such as mergers, splits, acquisitions, asset transfers, and the transferring party and the transferred party must sign an information transfer agreement, clearly stating the privacy protection obligations of the transferred party, the transferred party must continue to comply with the requirements of this Policy and related laws and regulations, and if the transferred party changes the purpose of information processing, your consent must be obtained separately.

5.3 Disclosure of Personal Information

5.3.1 Legal Disclosure

When we are required to disclose your personal information due to mandatory requirements of law and regulations, judicial rulings, decrees or regulatory bodies, we will endeavor to limit the scope of disclosure to within the legal limits, protect your privacy rights and interests, and record the disclosure behavior.

5.3.2 Security and Protection Disclosure

To protect the personal and property security of you or others, maintain service order, or respond to emergency situations (such as hacking attacks, data leaks, major security incidents), we may disclose the relevant personal information to the extent reasonably necessary, take timely remedial measures, and notify the affected users.

5.3.3 Anonymous Disclosure of Information

You may freely disclose information that has been anonymized and de-identified after processing, such information does not involve personal identity, and disclosure behavior does not require your consent.

6. Your privacy rights and how to exercise them

6.1 Basic Privacy Rights

6.1.1 Access and View Rights

You have the right at any time to access and view your personal account information (email, account ID, preferences, etc.), usage records (login logs, operation logs, etc.), storage space usage and stored files through the account settings interface of this service, and we will provide you with a clear query path.

6.1.2 Correction and Supplementary Rights

If your personal information is incorrect, incomplete, or outdated, you can self-correct through the account settings interface (such as contact details, preferences), or send an email to the official contact email apexdrive.contact@gmail.com to request correction or supplementation. We will process and provide feedback within 30 business days after verifying your identity.

6.1.3 Right to Delete

You have the right to voluntarily delete personal information such as files, transaction records, etc. stored in this Service, and you can also request the deletion of account information (except for deletion of accounts). For information that cannot be deleted on your own, you can contact Customer Service to request deletion, and we will process it promptly after verification, except for those required by law and regulations to be retained.

6.1.4 Authorization of the Right to Revoke

You can revoke your authorization to collect, use, and share personal information at any time, such as revoking location information authorization, third-party account association authorization, notification push authorization, etc., via device settings or functions within this Service; upon revoking your authorization, we will stop collecting and using the relevant information, but this does not affect the legality of information processing previously based on authorization that has been completed.

6.1.5 Right to Unregister an Account

You have the right to request the cancellation of this service account. You can submit the cancellation request through the account settings interface, or contact customer service to assist with the cancellation. Before you cancel your account, we will remind you to back up your important files and information. After the cancellation of your account is complete, we will delete the relevant personal information in accordance with the agreement in this policy. After the cancellation of your account, it is irrecoverable.

6.1.6 Right to Objection

If you believe that our processing of your personal information violates this policy or the requirements of law and regulation, or there is an unreasonable use, you can raise an objection to us. We will adjust the processing method or stop the related behavior promptly after verification, and provide feedback on the processing results.

6.2 Considerations on exercising your rights

6.2.1 Identity Verification Requirements

To ensure the security of your account, when exercising the above rights, we may require you to perform identity verification (such as email verification codes, answering security questions, etc.), verification through which your application can be processed later.

6.2.2 Impact Description

The withdrawal of certain core service authorizations (such as account information authorizations) or the signing out of an account may result in you not being able to use all or some of the functionality of this Service normally, with the consequences at your own risk.

6.2.3 Processing Time Limits

For your rights exercise applications, apart from self-service operations that can be completed immediately, manually processed applications will be completed and feedback given within 30 working days. If complex situations require extended processing time, we will notify you in advance of the duration and reason for the extension.

7. Privacy Notice for Third-Party Services and Links

7.1 Third-party service integration

7.1.1 Scope of Third-Party Services

This Service may integrate plugins, tools, and functional modules (such as third-party login, payment services, etc.) provided by third parties, and such services are operated independently by third parties whose privacy policies and service terms are independent of this Policy.

7.1.2 Responsibility and Risk Remarks

When you use third-party services, you should personally review their privacy policies and service terms, and carefully authorize third parties to access your information; any privacy disclosure, damage to rights resulting from third-party services will be the responsibility of the third party, we do not assume any collateral responsibility, but will do our best to assist you in defending your rights.

7.2 Third-party link hopping

7.2.1 Link Provision and Remarks

This Service may contain links to third-party websites and applications. We only provide the convenience of the links and are not responsible for the content, security, and privacy policies of third-party websites and applications, nor do we endorse any actions or information of third-party parties.

7.2.2 Access Recommendations

When you access third-party links, you should make your own judgment on their security and legality, carefully provide personal information, and we will not be responsible for any losses caused by your access to third-party links.

8. Privacy Protection for Special Groups

8.1 Privacy Protection for Minors

8.1.1 Applicability and Consent Requirements

Minors under 16 years of age who use this service need the consent of their legal guardian (parent or other guardian) and provide the necessary information on their behalf to register an account. The guardian should fulfill parental responsibilities and monitor the behavior of minors using this service. We do not actively collect additional personal information from minors. If the guardian discovers that the information of the minors has been improperly collected, they can contact us to delete it. We will process it immediately after verification.

8.1.2 Information Restrictions for Minors

When minors use this service, they are not allowed to upload or share sensitive personal information involving themselves or others. We will appropriately restrict the functionality of the minor account to prevent the risk of privacy disclosure. If we discover any irregular behavior in the minor account, we will promptly notify the guardian and take appropriate measures.

8.2 Protection of Other Special Groups

8.2.1 Protection of Vulnerable Groups

For vulnerable groups such as elderly people and people with disabilities, we will provide easier pathways for the exercise of privacy rights, such as simplifying operational processes, providing human assistance, and so on, ensuring that their privacy rights are not violated.

9. Policy Updates and Notification Mechanisms

9.1 Policy Update Rules

9.1.1 Update Triggering Conditions

We may revise this Policy due to changes in laws and regulations, upgrades in international privacy protection standards, iterations in service functionality, changes in user needs, and other reasons. The revised Policy will be more conducive to protecting your privacy rights and interests without reducing the original protection standards.

9.1.2 Update Process and Disclosures

After updating this Policy, we will notify you through pop-ups within this Service, official emails, website announcements, etc., clearly informing you of the content of the update, the effective time, and the reason for the revision; at the same time, the revised Policy will be published publicly on the official website of this Service, in prominent locations on the client side, for a period of not less than 7 natural days.

9.2 Effectiveness and Acceptance

9.2.1 Effective Time

The Policy takes effect when you read and agree to this Policy and use the Software. After the Policy takes effect, your continued use of these Services is considered as if you have fully read, understood, and agreed to the new Policy. If you do not agree to the new Policy, you should immediately stop using these Services and sign out of your account.

9.2.2 Historical Version Preservation

We will maintain the historical version of this Policy, and you can consult the past version through the official website of this service to understand the trajectory of policy changes.

10. Disclaimer

10.1 Disclaimer from Irresistible and External Risks

10.1.1 Irresistible Circumstances

We do not assume any liability for breach of contract, but we will do our best to take remedial measures to reduce the damage and to notify you promptly if your personal information is leaked, lost, altered, or if this service is interrupted or cannot be used due to irresistible forces or external factors such as natural disasters, war, terrorist activities, network disruptions, hacking attacks, virus infections, third-party service failures, regulatory policy adjustments, etc.

10.1.2 Disclaimer for Third Party Behavior

We will not take responsibility for any privacy damage resulting from a third party‘s illegal access, abuse of your personal information, or third-party services, but we will help you pursue liability with the third party and provide the necessary documentary evidence.

10.2 Disclaimer for User Error and Voluntary Behavior

10.2.1 User Error Scenario

You are solely responsible for the privacy damage, account security risk, or legal liability resulting from your own misdeeds such as leaking your account password, authorizing third parties to illegally use this service, disclosing personal information to others on your own initiative, uploading illegal and unlawful documents, misconduct, etc.

10.2.2 Disclaimer for voluntary sharing

If you share files or information with third parties through this Service, you bear the risk of information disclosure, infringement, etc., resulting from this, and we are not responsible.

10.3 Technical Limitations and Reasonable Deviations Disclaimer

10.3.1 Description of Technical Limitations

Although we have adopted comprehensive security protection measures, the current technological level cannot completely eliminate all privacy security risks. If information security incidents are caused by technological limitations, we will not assume additional responsibility after fulfilling reasonable attention obligations and remedial measures.

10.3.2 Disclaimer for Service Optimization Biases

Based on user behavior data for personalized recommendations, service optimization, etc., there may be some bias. We do not guarantee that the recommendation results and optimization effects completely meet your expectations. Such situations do not constitute breach of contract.

11. Dispute Resolution and Legal Applicability

11.1 Dispute resolution

11.1.1 Negotiation Priority

Any disputes arising from this policy should first be resolved through friendly negotiations between the parties. Negotiations can be communicated through the official contact email apexdrive.contact@gmail.com, and we will try our best to reach a consensus solution with you.

11.1.2 Arbitration resolution

If negotiations fail, any party has the right to apply for arbitration to the International Chamber of Commerce’s International Arbitration Council (ICC), which is binding on both parties, and the arbitration fees are borne by the losing party (except as otherwise stipulated).

11.2 Applicability of Law

11.2.1 Applicable Law Choices

The establishment, enforcement, implementation, interpretation and dispute resolution of this Policy are governed by Singapore law (excluding its conflicting law rules), and if Singapore law conflicts with the International General Privacy Protection Principles, regulations that are more conducive to protecting the privacy rights of users will be prioritized.

12. Contact and Supplementary Rules

12.1 Privacy-Related Contact Methods

12.1.1 Official Consultation and Complaint Channels

If you have any privacy-related inquiries, complaints, suggestions, or need to exercise your privacy rights, request data export/delete, please email to our official contact email:apexdrive.contact@gmail.com. We will review and provide feedback on the processing results within 30 business days.

12.1.2 Privacy Protection Officer

We set up a dedicated Privacy Protection Officer, who is responsible for coordinating personal information protection work and supervising the implementation of this Policy. If you need to contact the Privacy Protection Officer, you can do so through the email note “To the Privacy Protection Officer” above.

12.2 Appendix

12.2.1 Policy Effectiveness

This Policy constitutes the complete agreement between you and us regarding the protection of personal information, replacing any previous verbal or written agreement reached by both parties regarding privacy protection. This Policy does not suffice, and applicable laws and regulations as well as other service terms of this Service apply.

12.2.2 Part of the Terms Is Invalid

If any provision of this Policy is deemed invalid or unenforceable by the competent authority without affecting the effectiveness of the other provisions, the other provisions should continue to be enforced, and the invalid provision will be replaced by the legally valid provision closest to the original intention.

12.2.3 Effective Date

This Policy is effective from the date of application release.