Privacy Policy

Introduction

This Privacy Policy describes how Apoth3osis ("we," "us," or "our") collects, uses, and shares information when you use our services and platform.

Information Collection

We collect information that you provide directly to us, including but not limited to:

• Account information (email, name, password)
• Payment and transaction information
• Communications and support requests
• Usage data and analytics
• Device and technical information

Use of Information

We may use your information for any purpose, including:

• Providing and improving our services
• Processing transactions and payments
• Communications and customer support
• Analytics, research, and development
• Security and fraud prevention
• Compliance with legal obligations

Sharing of Information

We may share your information with:

• Our affiliates and related companies
• Service providers and business partners
• Third parties with your consent
• Legal authorities when required by law
• Other parties in connection with business transfers or transactions

Data Ownership and Rights

All information collected through our platform becomes the property of Apoth3osis. We retain all rights to use, modify, and distribute such information as we see fit, subject to applicable law.

Data Security

While we implement reasonable security measures, we cannot guarantee the security of your information. You use our services at your own risk.

IAOM Licensed-Distribution Records

When you sign up for an account in order to access Covered Software under the IAOM Commercial License Addendum v1, the following information is collected and retained as part of the IAOM licensed-distribution record:

• Identity: full legal name, email address (verified), and the OAuth provider used (if applicable)
• Postal address: street address, city, state/region, postal code, and country — required for service of legal notice under Addendum §5.2
• Organization & intended use: employer/institution and self-attested usage tier (academic, personal, small business, enterprise, unsure) — required to route IAOM's tier-management workflow
• Optional fields: role/title, country of operation if different from address, phone number
• License acceptance event: the SHA-256 hash of the exact Addendum text shown at click time, the URL of that text, the timestamp, your IP address, your user-agent string, and (best-effort) your IP-derived country
• Access audit log: for every gated action (download, marketplace activity, license-version change), we log the action, resource identifier, timestamp, IP address, user-agent, and the license version hash in effect at that time

Lawful basis: legitimate interest in license enforcement; contractual necessity in connection with the audit rights expressly granted under Addendum §1.3; regulatory obligation for serving legal notice under §5.2.

Retention: profile fields are retained while your account is active. License acceptance events are retained indefinitely as evidentiary records and survive account deletion (the user identifier is severed via SHA-256 hash so the fact of acceptance survives without your identity attached, except where a specific dispute requires identification). Access audit log entries are retained for seven (7) years to align with the audit window in Addendum §1.3(c).

Right to deletion (carve-out). You may request deletion of your profile fields (name, postal address, organization, role, intended use, country of operation, phone) at any time. License acceptance records and access audit log entries cannot be deleted but their user-identifier field will be severed via irreversible hash on request, preserving the evidentiary record without the identity. Email IAOM@apoth3osis.io with the subject line "Profile deletion request."

Download rate limits. The public/small-business tier permits up to 5 downloads per rolling 24 hours, 15 per 7 days, and 30 per 30 days. These limits are a soft enforcement signal and are derived from the access audit log. Exceeding them does not change the §1.1 royalty obligation, which triggers at actual USD $1,000,000 Gross Revenue per Product regardless of download volume.

Storage posture. License acceptance records are stored append-only and are not modified by application code after insertion. Cluster-level encryption-at-rest is provided by our database host (MongoDB Atlas). Application-layer field-level encryption for the most sensitive fields (postal address, phone) is on our roadmap and will be enabled prior to the public-facing onboarding rollout (this is an explicit deferred item, not a present claim).

Changes to This Policy

We may update this Privacy Policy at any time without notice. Continued use of our services constitutes acceptance of any changes.

Contact

For questions about this Privacy Policy, contact us at admin@apoth3osis.io