Privacy Policy

1. Introduction

Apogee, Inc. ("Apogee," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our legislative intelligence platform and services.

2. Information We Collect

Information You Provide

• Account Information: Name, email address, organization name, job title
• Payment Information: Billing address, payment method details (processed by our payment provider)
• Communications: Messages you send us, support requests, feedback
• Usage Preferences: Dashboard settings, alert preferences, saved searches

Information Collected Automatically

• Log Data: IP address, browser type, pages visited, time and date of visits
• API Usage: API calls, queries, response times for service optimization
• Device Information: Operating system, device type, unique device identifiers

Information We Infer About Your Organization

When you sign up, we use your email domain to identify your organization. For known domain patterns (such as .gov or .edu), classification is instant. For other domains, we use AI (AWS Bedrock) to identify your organization's name and type (for example, nonprofit, law firm, advocacy group, or government agency). We may also collect publicly available information about your organization from web sources to better personalize your experience.

This information helps us determine your pricing tier, personalize your briefings, and provide relevant legislative intelligence from your first interaction. You can view and correct this information in your account profile at any time.

Conversation Insights and Memory

Our platform includes a Memory feature that captures your preferences, focus areas, and policy interests from your conversations to improve future interactions. We extract structured signals from your usage - such as topics you research, committees you track, and the types of deliverables you generate - to personalize briefings and recommendations.

We store these extracted signals (topics, entities, preferences), not raw conversation content. You can view, edit, and delete your stored memories at any time through the Memory page in your account.

Information We Do Not Collect

• We do not access your AI provider accounts (Claude, ChatGPT, etc.)
• We do not collect classified or sensitive government information
• We do not sell or share your personal information, conversation data, or behavioral signals with third parties

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Services
• Process payments and manage your subscription
• Send you important updates about the Services
• Respond to your requests and provide customer support
• Monitor and analyze usage patterns to improve our platform
• Personalize your experience: Your organization type, stated interests, and conversation history are used to personalize daily briefings, recommendations, and the intelligence we surface to you
• Determine pricing: Your organization type (inferred from your email domain) determines which pricing tier applies to your account
• Improve briefing relevance: We use aggregate (not individual) usage patterns across our user base to identify trending topics and improve the quality of intelligence we deliver
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Information Sharing

We may share your information with:

• Service Providers: Third parties who help us operate our Services (hosting, payment processing, analytics)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS) and at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Secure cloud infrastructure (AWS)

While we strive to protect your information, no method of transmission over the Internet is 100% secure.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. After account termination, we may retain certain information as required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

7. Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data
• Export your data in a portable format
• Opt out of certain data processing
• Withdraw consent where processing is based on consent

To exercise these rights, contact us through our contact form.

8. Cookies, Tracking, and Session Recording

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Understand how you use our Services
• Improve our platform

We use PostHog for product analytics and session recording. Session recordings capture how you navigate our web dashboard and chat interface to help us identify usability issues and improve the experience. We take the following measures to protect your privacy in recordings:

• All text you type into input fields is masked and never recorded
• All chat message content (queries and AI responses) is masked in recordings
• Analytics data is routed through our own subdomain (z.apog.ai) rather than directly to PostHog
• Session data is associated only with your account - not sold or shared with third parties

You can control cookies through your browser settings. Disabling certain cookies may affect functionality of the Services.

9. Third-Party Services and Subprocessors

Our Services integrate with the following third-party services. Each has its own privacy policy:

• PostHog - Product analytics and session recording (posthog.com/privacy)
• AWS - Cloud infrastructure, AI processing via Bedrock (aws.amazon.com/privacy)
• Stripe - Payment processing (stripe.com/privacy)

We are not responsible for the privacy practices of third parties. We only work with subprocessors who provide sufficient guarantees of data protection.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. By using our Services, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and to request deletion. Contact us through our contact form to exercise these rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Services. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Please use our contact form or reach out through your account dashboard.
Address: Apogee, Inc.