Contact us
Start for free

Apollo
Privacy Policy

Apollo GraphQL Privacy Policy

Last updated: May 14, 2026

Apollo Graph, Inc., dba Apollo GraphQL ("Apollo," "we," "us," or "our") provides GraphOS, developer tools, documentation, websites, events, and related services. This Privacy Policy explains how we collect, use, disclose, and protect personal information.

This Privacy Policy applies to Apollo websites, documentation, marketing pages, events, sales and support interactions, Apollo-operated services, and Apollo developer tools to the extent they collect personal information or connect to Apollo-operated services. When Apollo processes customer content, customer graph data, or other data on behalf of a customer under an applicable agreement, Apollo processes that data as a service provider or processor under that agreement and any applicable data processing terms.

Information We Collect

We collect information you provide directly, such as contact details, account registration information, information used to authenticate your account (such as multi-factor authentication tokens, single-sign-on identifiers, and login session data), billing and administrative information, event registration information, communications with us, support requests, survey responses, feedback, and marketing preferences.

We collect information about your use of our websites and services, including IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, features used, approximate location derived from IP address, cookie and local storage identifiers, consent preferences, Global Privacy Control or similar opt-out preference signals where detected, and interactions with our websites, documentation, emails, ads, forms, and product interfaces.

We may collect information from third-party sources, including business contact databases, enrichment providers, advertising and analytics partners, event platforms, social media platforms, customer relationship management systems, resellers, partners, and publicly available sources. This information may include business contact information, employer or organization, job title, professional interests, account or company attributes, engagement signals, and similar business or marketing information.

We may collect product and developer-tool telemetry, including product version, feature or command usage, configuration and environment information, performance and diagnostic information, error reports, organization or account identifiers, graph references, schema metadata, deployment information, client environment details, operating system, system architecture, cloud provider or platform, CPU characteristics, memory allocation, and similar technical or usage information.

Apollo does not collect end-user query payloads, query response bodies, or the content of customer GraphQL schemas beyond structural metadata through product telemetry, except as expressly described in product documentation or agreed in writing.

For Free Plan and similar offerings, when users connect Apollo components or developer tools to GraphOS Studio, Apollo may collect enhanced telemetry that may include hashed account identifiers, email domain information, schema metadata, deployment information, client environment details, product configuration, feature adoption, performance timing, aggregated error reports, and usage signals. Apollo uses this telemetry to provide dashboards and insights, identify feature adoption and performance trends, support customer success, prioritize outreach to organizations and business contacts, generate aggregated insights, and improve Apollo products. Apollo does not use Free Plan telemetry to collect end-user query payloads. Free Plan users may opt out of enhanced telemetry by disconnecting affected components from GraphOS Studio, removing the applicable GraphOS API key, or using available product controls described in the documentation.

Graph references, schema metadata, deployment URLs, organization names, paths, descriptive identifiers, and similar technical fields may include personal information or customer-confidential information if users choose to include that information in those fields. Apollo may process this information for the purposes described in this Privacy Policy and may use product analytics providers, such as Amplitude, to support those purposes.

Cookies and Similar Technologies

Apollo uses cookies, pixels, tags, SDKs, local storage, and similar technologies to operate our websites and services, remember preferences, measure performance, understand product usage, support forms and events, and conduct advertising where permitted.

These technologies may include web and product analytics, such as Amplitude and Google Analytics; advertising and conversion measurement, such as Google Ads, Meta, LinkedIn, Bing Ads, Reddit Ads, StackAdapt, and X/Twitter; performance and error monitoring, such as Datadog; session replay and product-experience tools, such as Microsoft Clarity; form, CRM, enrichment, and marketing tools, such as HubSpot, Clearbit, Common Room, Marketo, Salesforce, and 6sense; and consent management, such as OneTrust.

Strictly necessary technologies are used to provide core site and service functionality, security, availability, fraud prevention, consent management, and similar essential functions.

Analytics, performance, functional, session replay, and advertising technologies are used as permitted by applicable law and your choices. On Apollo public marketing and documentation websites, advertising pixels, cross-context behavioral advertising tags, and similar targeting technologies are configured through Apollo's consent management platform to load only after affirmative Targeting Cookie consent, except for technologies expressly identified as strictly necessary in the Cookie Settings tool.

A current list of cookies and similar technologies, with categories and purposes, is available through "Cookie Settings."

You can manage cookie preferences through "Cookie Settings" or "Your Privacy Choices." Where required, Apollo honors browser-based opt-out preference signals, including Global Privacy Control, as an opt-out of sale, sharing, targeted advertising, and non-essential advertising technologies.

How We Use Information

We use personal information to provide, secure, maintain, and improve our websites, products, services, documentation, events, and support.

We use personal information to create and administer accounts, authenticate users, process transactions, provide customer support, troubleshoot issues, monitor security and availability, analyze performance, improve features, conduct research, personalize lawful communications, manage events, comply with legal obligations, and protect Apollo, our users, customers, and others.

We use telemetry and usage information to provide dashboards and insights, improve product quality, diagnose errors, understand feature adoption, identify performance trends, support customer success, develop new features, and, where permitted, identify organizations or business contacts that may benefit from Apollo outreach.

We may use personal information for marketing and sales purposes, including sending marketing communications, measuring campaign effectiveness, identifying likely business interest, tailoring website or product experiences, administering events, and conducting advertising where permitted by applicable law and your choices.

AI-Enabled and Revenue Tools

Apollo uses customer relationship, revenue, enrichment, analytics, and AI-enabled tools to analyze account, product usage, engagement, marketing, and business contact signals; identify organizations and business contacts that may benefit from Apollo outreach; generate internal summaries; and prepare draft sales or customer-success communications.

These tools may include Salesforce, Common Room, ZoomInfo, LinkedIn, 6sense, Outreach, and third-party large language model providers (such as Anthropic and OpenAI), where used and, where applicable, configured under confidentiality, retention, and training-related terms specific to the vendor and deployment.

Outbound communications informed by these tools are reviewed or sent by Apollo personnel. Apollo does not use these tools to make solely automated decisions that produce legal or similarly significant effects about individuals.

Session Replay and Product Analytics

Apollo uses Amplitude Session Replay in GraphOS Studio to understand product usage, identify workflow friction, improve usability, and troubleshoot product issues. Session replay may capture DOM snapshots, mouse movements, clicks, scrolls, limited input events, technical metadata, truncated IP address, device and browser information, and a pseudonymous user identifier.

Apollo also uses Microsoft Clarity on Apollo public websites to understand site usage and improve usability. Where required, Clarity is loaded only after affirmative Targeting Cookie consent. Clarity may capture interaction recordings, click and scroll data, and similar metadata, with masking and retention settings as documented in the Cookie Settings tool.

Apollo configures session replay technologies with masking controls intended to mask text inputs and sensitive fields, IP truncation, access restrictions, and applicable retention limits, including a 30-day retention period for Amplitude Session Replay in GraphOS Studio. Apollo does not use session replay on Apollo's public marketing or documentation websites unless disclosed through the applicable cookie or consent controls.

Apollo may also use product analytics and similar technologies to measure feature adoption, understand user journeys, diagnose errors, and improve Apollo services. Product analytics that are not strictly necessary are subject to applicable consent and opt-out controls.

How We Disclose Information

We disclose personal information to service providers, contractors, and subprocessors that help us provide hosting, infrastructure, analytics, security, support, communications, billing, customer relationship management, marketing automation, event management, advertising, and similar services.

We disclose information to advertising and measurement partners where permitted by applicable law and your choices. This may include online identifiers, cookie identifiers, hashed email addresses, IP address, device information, internet or electronic network activity, and similar information.

We may disclose information to business partners, resellers, event platforms, or event co-sponsors when you register for or participate in an event, where the disclosure is described at the point of collection or otherwise permitted by law.

We may disclose information to professional advisors, auditors, insurers, financial institutions, legal counsel, and other parties involved in business administration, compliance, dispute resolution, and corporate governance.

We may disclose information if required by law, legal process, or government request; to protect rights, safety, security, or property; to investigate fraud or abuse; to enforce agreements; or in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction.

Subprocessors

Apollo's current list of subprocessors that process customer-controlled data on Apollo's behalf is available at https://www.apollographql.com/trust/subprocessors. Apollo provides notice of material subprocessor changes as required by applicable customer agreements or law.

Service providers and third parties that support Apollo's websites, marketing, advertising, events, sales, and internal operations are described in this Privacy Policy and, for cookie-based technologies, in the Cookie Settings tool.

Sale, Sharing, and Targeted Advertising

Apollo does not sell personal information for monetary or other valuable consideration as "sale" is defined under applicable U.S. state privacy laws.

Apollo does not share personal information for cross-context behavioral advertising or process personal information for targeted advertising unless you have affirmatively enabled Targeting Cookies or Apollo otherwise has consent or another lawful basis where required by applicable law.

Apollo may disclose online identifiers, cookie identifiers, IP address, device information, internet or electronic network activity, and similar information to advertising and measurement platforms, such as Google Ads, Meta, LinkedIn, Bing Ads, Reddit Ads, StackAdapt, and X/Twitter, through pixels, tags, and similar technologies operating on Apollo websites.

In jurisdictions requiring consent, including the EEA, UK, and Switzerland, Apollo uses consent-based controls for personalized advertising. If you do not enable Targeting Cookies, withdraw consent, opt out, or use a recognized opt-out preference signal such as Global Privacy Control where required, Apollo will not share your personal information for cross-context behavioral advertising or process it for targeted advertising.

Marketing Communications and Events

We may send marketing communications about Apollo products, services, events, webinars, and resources. You can unsubscribe from marketing emails at any time using the unsubscribe link in the email or by contacting us.

If you register for an Apollo event through Apollo or a third-party event platform, we may use your registration information to administer the event, send event-related communications, conduct follow-up, and, where permitted, send marketing communications. Registration data collected through event platforms, such as Lu.ma or similar services, may be imported into Apollo's marketing and CRM systems, such as Marketo and Salesforce, for these purposes. Where an event is co-hosted, registration information may be shared with named co-sponsors as disclosed at registration.

Developer Tools and Open Source Components

Apollo makes certain open-source components, source-available components, CLI tools, IDE extensions, and other developer tools available under their applicable licenses. To the extent those tools collect telemetry, include optional telemetry, or connect to Apollo-operated services, they may collect telemetry or diagnostic information as described in this Privacy Policy, product documentation, or applicable notices.

Developer-tool telemetry may include a pseudonymous install identifier, utilization events, command or feature activity, product version, environment and deployment information, performance and crash diagnostics, graph references, schema metadata, organization or account identifiers, and similar technical information. Telemetry may be processed by Apollo and, where applicable, by analytics or error-reporting providers. Some tools may provide settings, prompts, environment variables, documentation, or other controls describing how to disable or limit telemetry where available.

Customer Data and Customer Agreements

When Apollo processes customer content, customer graph data, or other customer-controlled data on behalf of a customer under an applicable agreement, Apollo processes that data in accordance with the agreement, any applicable data processing addendum, and customer instructions. For customer-controlled data, Apollo's processing terms are governed by the applicable Data Processing Addendum, and the list of subprocessors that process customer-controlled data on Apollo's behalf is published at https://www.apollographql.com/trust/subprocessors.

Apollo's public websites, marketing activities, developer tools to the extent they collect personal information or connect to Apollo-operated services, and product telemetry may involve Apollo acting as an independent controller or business for certain personal information, as described in this Privacy Policy.

Regulated and Sensitive Data

Apollo-hosted services, including GraphOS Studio, are not designed or intended to receive, store, or process protected health information, Controlled Unclassified Information, Covered Defense Information, export-controlled data, or similar regulated data unless Apollo has expressly agreed in writing.

Customers and users must not submit such regulated data to Apollo-hosted services unless permitted by a written agreement with Apollo. If you believe regulated data was submitted inadvertently, contact security@apollographql.com.

Apollo does not use sensitive personal information for purposes that require a right to limit under California law.

Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, preserve security, and support legitimate business operations.

Retention periods vary depending on the type of information, context of collection, customer agreements, legal requirements, and operational needs. For example, marketing contact information is generally retained until you unsubscribe or object and for a reasonable period thereafter for suppression-list, compliance, and recordkeeping purposes. Account records are generally retained for the life of the account and a reasonable period thereafter for legal, financial, security, and business-record purposes. Product telemetry, analytics, and session replay information are retained according to product, vendor, and operational settings, including the 30-day retention period used for Amplitude Session Replay in GraphOS Studio.

Security

Apollo uses administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is completely secure, but we work to protect information against unauthorized access, use, disclosure, alteration, and destruction.

Your Choices

You can manage cookie preferences through "Cookie Settings" or "Your Privacy Choices" where provided.

You can opt out of marketing emails by using the unsubscribe link in our emails.

You can configure certain browser, device, and product settings to limit cookies, telemetry, or other data collection where available.

You may also contact us to exercise privacy rights available under applicable law.

U.S. State Privacy Rights

Depending on where you live, you may have rights to request access to, correction of, deletion of, or portability of your personal information. You may also have rights to opt out of sale, sharing, targeted advertising, certain profiling, or certain uses of sensitive personal information.

To exercise applicable rights, contact us at legal@apollographql.com. We may need to verify your request before responding. You may designate an authorized agent where permitted by law.

California Privacy Notice

In the past 12 months, Apollo may have collected the following categories of personal information: identifiers; customer records information; commercial information; internet or electronic network activity; approximate geolocation derived from IP address; professional or employment-related information; audio, electronic, visual, or similar information where session replay or similar tools are used; inferences; and sensitive personal information such as account login credentials where necessary to provide secure account access.

Apollo collects these categories from you, your devices, your employer or organization, service providers, business partners, event platforms, advertising and analytics partners, and publicly available or commercially available sources.

Apollo uses these categories for the purposes described in this Privacy Policy, including providing services, security, support, analytics, product improvement, marketing, events, sales, compliance, and business operations.

Apollo may disclose these categories to service providers, contractors, subprocessors, advertising and measurement partners where permitted, event partners where disclosed, professional advisors, authorities where required, and parties involved in corporate transactions.

Apollo does not sell personal information for monetary or other valuable consideration. Apollo does not share personal information for cross-context behavioral advertising unless you have affirmatively enabled Targeting Cookies or Apollo otherwise has consent or another lawful basis where required by applicable law. California residents may opt out through "Your Privacy Choices," "Cookie Settings," or Global Privacy Control where required.

International Data Transfers

Apollo is based in the United States, and we may process information in the United States and other countries. Where required, Apollo relies on appropriate safeguards for international transfers, including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms recognized under Swiss data protection law.

EEA, UK, and Swiss Users

Where applicable, Apollo processes personal information based on legal bases including performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights and security.

You may have rights to access, correct, delete, restrict, or object to processing of your personal information, and to data portability. Where processing is based on consent, you may withdraw consent at any time.

Children

Apollo's services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. Where applicable law provides additional protections for minors, such as removal rights for California users under 18 under California Business and Professions Code Section 22580, Apollo complies with that law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we will provide notice as required by law.

Contact Us

Apollo Graph, Inc., dba Apollo GraphQL
1600 Bryant Street #411447, SMB#20356
San Francisco, CA 94141
legal@apollographql.com