Privacy Policy
This policy explains how Apex Web processes your personal data when you use apexweb.hu or contact us. Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR).
Effective: 13 June 2026. This is the current Privacy Policy of Apex Web. Questions: info@apexweb.hu.
1. Controller identity
Name: Tokár Ádám sole trader (egyéni vállalkozó)
Address: 5700 Gyula, Szőlős utca 4/1, Hungary
Tax number: 92003747-1-24
Email: info@apexweb.hu
Phone: +36 30 241 1366
2. Data collected and purposes
We only process data you provide directly or data generated by your use of the site.
- Contact and quote requests: name, email address, phone number, message content. Purpose: responding to your enquiry and providing a quote. Legal basis: pre-contractual steps or consent.
- AI chatbot conversations: messages and contact details shared with the chatbot. Purpose: answering your questions and facilitating contact. Legal basis: consent.
- Analytics and measurement: anonymised or pseudonymised usage data (pages viewed, device type). Purpose: site improvement. Legal basis: consent (managed via cookie settings).
3. Retention
Contact and enquiry data is retained for a maximum of 2 years, after which it is deleted unless a business relationship exists and applicable law requires longer retention (for example, accounting records).
4. Data processors
We use the following sub-processors to operate our services. Each processor accesses only the data necessary for its specific task.
| Processor | Role and location |
|---|---|
| Netlify, Inc. | Hosting and form processing. USA, with EU transfer safeguards (SCC). |
| Supabase | Database and backend (leads, conversations, bookings). EU region (Frankfurt). |
| OpenAI | AI language model for chatbot and voice assistant responses. USA, EU transfer safeguards (SCC / DPF). |
| Vapi | Voice infrastructure (call handling for the AI receptionist). USA, EU transfer safeguards. |
| ElevenLabs | Text-to-speech (TTS) for the voice assistant. USA, EU transfer safeguards. |
| Telnyx | Telephony (inbound and outbound call routing). USA / EU. |
| Soniox | Speech-to-text (STT, converting call audio to text). USA. |
| Resend | Transactional email notifications. USA / EU. |
| Google LLC | Analytics (Google Analytics GA4) and tag management (GTM). USA, EU transfer safeguards. |
| Meta Platforms, Inc. | Advertising measurement (Facebook Pixel). USA, EU transfer safeguards. |
| TikTok Technology Limited | Advertising measurement (TikTok Pixel). EU (Ireland) / USA. |
| Stripe | Payment processing (subscriptions). USA / EU, PCI-DSS. |
4b. Controller vs. processor roles
Apex Web as controller: Apex Web acts as data controller for data relating to its own website visitors and client accounts.
Apex Web as processor: Apex Web acts as data processor for end-user data (patients, guests, enquirers) collected through chatbots and voice assistants deployed on behalf of its clients (for example, a dental practice or restaurant). In those cases the client is the controller. Detailed terms are set out in the Data Processing Agreement at apexweb.hu/en/dpa.
EU AI Act transparency: The AI always discloses that it is not a human.
5. Cookies
The site uses strictly necessary cookies and, with your consent, analytics and advertising cookies. You can change your cookie preferences at any time via the consent banner on the home page.
6. Your rights
Under GDPR you have the right to: access your data (including a copy), rectification, erasure, restriction of processing, data portability, and withdrawal of consent. To exercise any right, contact us at the email address above. We will respond within a reasonable period.
7. Supervisory authority
If you believe your data has been processed unlawfully, you may lodge a complaint with the Hungarian supervisory authority: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), naih.hu, 1055 Budapest, Falk Miksa utca 9-11. You may also contact the supervisory authority in your country of residence.