ApexStack
ProductsPricingContact
Sign inGet started
ProductsPricingContact

Legal

Data Processing Agreement.DataProcessingAgreement.

Last updated: June 29, 2026

Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between you (the "Controller") and Apex Stack (the "Processor") for the provision of our WordPress performance, security, and intelligence plugin services. This DPA sets out the terms under which we process personal data on your behalf in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Definitions

  • Controller — the entity that determines the purposes and means of processing personal data (you, the customer).
  • Processor — the entity that processes personal data on behalf of the Controller (Apex Stack).
  • Data Subject — an identified or identifiable natural person whose personal data is processed.
  • Personal Data — any information relating to a Data Subject.
  • Sub-processor — a third party engaged by the Processor to process personal data on behalf of the Controller.

Scope and Purpose of Processing

Apex Stack processes personal data solely to provide the services described in our Terms of Service. This includes processing site visitor analytics data, caching metadata, and security event logs as necessary to deliver Apex Insights, Apex Cache Pro, and Apex Security functionality.

Obligations of the Processor

As the Processor, Apex Stack agrees to:

  • Process personal data only on documented instructions from the Controller.
  • Ensure that persons authorized to process personal data are bound by confidentiality obligations.
  • Implement appropriate technical and organizational security measures to protect personal data.
  • Assist the Controller in responding to Data Subject rights requests.
  • Delete or return all personal data upon termination of the service agreement, at the Controller's choice.
  • Make available all information necessary to demonstrate compliance with these obligations.

Sub-processors

Apex Stack may engage Sub-processors to assist in providing our services. We will maintain a current list of Sub-processors and notify you of any changes at least 30 days in advance. You may object to a new Sub-processor by contacting us within that notice period. All Sub-processors are bound by data processing obligations no less protective than those in this DPA.

Data Subject Rights

We will assist you in fulfilling your obligations to respond to Data Subject requests, including requests for access, rectification, erasure, data portability, restriction of processing, and objection to processing. We will promptly notify you if we receive a request directly from a Data Subject.

Data Security Measures

Apex Stack implements and maintains appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest.
  • Access controls and authentication for all internal systems.
  • Regular security assessments and vulnerability scanning.
  • Employee security awareness training.
  • Incident response procedures and logging.

Data Breach Notification

In the event of a personal data breach, Apex Stack will notify the Controller without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, categories and approximate number of Data Subjects affected, likely consequences, and measures taken or proposed to address the breach.

Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.

Duration and Termination

This DPA remains in effect for the duration of your service agreement with Apex Stack. Upon termination, we will delete or return all personal data within 90 days, unless retention is required by applicable law. We will certify deletion upon request.

Audit Rights

The Controller has the right to audit Apex Stack's compliance with this DPA. Audits may be conducted by the Controller or an independent third-party auditor, subject to reasonable notice and confidentiality obligations. We will cooperate with and provide reasonable assistance for such audits.

Contact

For questions about this Data Processing Agreement or to exercise your rights, please reach out through our contact page.

ApexStack

Performance, intelligence, and security for WordPress — one bundle, one license, one account.

Products

  • Apex Cache Pro
  • Apex Insights
  • Apex Security

Documentation

  • Docs home
  • Apex Cache Pro
  • Apex Insights
  • Apex Security
  • Roadmap
  • Changelog

Company

  • Pricing
  • Contact

Account

  • Sign in
  • Get started
© 2026 Apex Stack. All rights reserved.
PrivacyTermsDPA
Private beta