1. The trial lifecycle
Every account starts the same way: 30 days free, no sales call. What you use on day one is what you keep if you convert.
| Day | State | What you see |
|---|---|---|
| 0 | Signup & onboarding | Tenant created. The wizard walks you through company, first location, first project, teammate invites. |
| 1-30 | Active trial | Full feature access. Integration-gated features (Cisco, MTR, Q-SYS, Logitech) show a "Schedule integration call" button. |
| 25 | Reminder #1 | Email: "Two weeks in. Here's how to keep going." |
| 28 | Reminder #2 | Email: "Your trial ends in 2 days. Convert, extend, or schedule a call." |
| 30 | Trial ends | Workspace flips to read-only grace mode. Banner: "Pick your path. Convert / extend / book integration call." |
| 31-60 | Grace period | Read-only. Data preserved. Click any path to restore write access. |
| 60 | Final notice | Email: "Workspace will be deleted in 30 days. Last chance to convert or export." |
| 90 | Permanent deletion | All tenant data, attachments, audit logs wiped from the primary database. |
| 120 | Backups purged | Encrypted backups rotated out. Tenant fully gone from APEX systems. |
Convert before day 90 and the workspace is yours to keep as a paid tenant, with the same protections and no expiry.
2. How your data is protected
Encryption
AES-256 at rest, TLS 1.2+ in transit
Data is encrypted at rest via full-disk/volume encryption on the database and attachment store. Every API call goes over TLS 1.2 or higher. Customer secrets are encrypted at rest and not stored in plaintext.
Tenancy
Per-tenant isolation, enforced in the database
Every row carries a tenant_id, and Postgres FORCE row-level security binds each request to its tenant. The database returns only your rows. The requireTenant middleware sets that boundary on every call.
Access
Only your invited users
APEX engineering has no routine access to tenant data. Support sessions require your explicit consent and are logged. Third parties get access only when you grant it.
Audit trail
Append-only
Every mutating action records who, when, the IP, and what they did, to an append-only log. Full before/after value diffs · coming soon, and one-click CSV export to your SIEM · coming soon.
Geography
US data centers
All customer data lives in US-based data centers at launch. EU / UK residency is on the roadmap. If it's a blocker for you today, talk to us.
Trackers
Zero in the product app
No GA, no Pixel, no LinkedIn, no Twitter, no session-replay. The signed-in app at /app ships no third-party scripts. Marketing pages use privacy-respecting analytics only.
3. Your rights
Right to export
Export your workspace, projects, users, partners, field ops, and locations as structured JSON from Administration → Export Workspace · coming soon. CSV output and audit-log export are coming soon.
Right to deletion
Request permanent deletion any time from Settings → Delete Workspace. It typically runs within 7 days for trial workspaces, and within 30 days for paid (in line with common GDPR / CCPA windows). After that, only encrypted backups remain, and those rotate out by day 30 post-deletion.
Right to know
See who in your tenant accessed what, and when, from the Audit log view. No third party touches your tenant without your explicit grant. Support sessions run through your consent flow.
4. Subprocessors
A short list of subprocessors runs the service:
- ·Cloudflare, CDN, WAF, edge DNS. US POPs in the routing path.
- ·PostgreSQL (self-hosted, US data center), primary application database.
- ·Object storage (S3-compatible, US region), attachment + document store · coming soon. Attachments are stored on the encrypted local disk today.
- ·Transactional email provider, sends invite, password reset, and trial reminder emails. Does not store customer workspace data.
We update this list whenever a subprocessor changes. Paid plans can subscribe to those notifications by email.
5. When you connect an integration
Plugins (Cisco Control Hub, Microsoft Graph / Teams Rooms, etc.) require explicit per-tenant OAuth consent before any external call happens. You see the scopes before you grant them. Every external API call lands in your audit trail with timestamp, endpoint, response code, and the user who initiated it. Revoke consent from Settings → Integrations → Disconnect.
We only pull from clouds you connect, and your manufacturer-cloud data stays inside your tenant.
6. Questions
Email [email protected] with any question on data handling, deletion, export, or compliance. For a specific legal review (SOC 2, GDPR DPA, custom MSA), email us and we'll walk through it.
Read further: the white paper covers the decisions behind the tenancy model. The technical reference goes deeper on the security posture. Or start your 30 days free and see it on your real data.