Apollo GraphQL Privacy Policy

Last updated: July 25, 2024

Overview and Topics

Your privacy and trust are important to us. We want to inform you as to how Apollo may collect, use, and share your personal information (also referred to as “information”). This policy relates to your access to, use of, or participation in, our applicable products, services, events, websites, or applications that link to, incorporate, or refer to this policy (collectively, “Apollo Products”). For the purposes of this policy, “Apollo,” “we,” “us,” or “our” refers to Apollo Graph, Inc., dba Apollo GraphQL, and any of our corporate affiliates. This policy provides both general and specific information about the following topics:

  1. Collected Information: The types of personal information we collect

  2. Information Usage: How we use the collected information

  3. Disclosure of Information: Circumstances under which we may share the information

  4. Storage and Security: How we securely store and protect your information

  5. Retention Period: How long we keep your information

  6. Your Choices: Your options regarding the collection and use of your information

  7. Specific Disclosures – United States Residents: Information and rights for U.S. residents, particularly California

  8. Specific Disclosures – EEA, UK, and Switzerland Residents: Information and rights for EEA, UK, and Switzerland residents

Scope of Policy

This policy applies to information we collect about you when you use Apollo Products or interact with us unless a different policy is displayed or referenced, or if your organization has a separate written agreement with Apollo that governs the use of such information.

If you do not agree with this policy, please do not use Apollo Products or submit any information to Apollo (unless you are contacting us to discuss prior use of your information).

Collected Information

We typically collect information about you in three ways: (1) when you use Apollo Products, (2) when you provide it to us, and (3) when we receive it from partners and third parties.

  1. When you use Apollo Products

    1. Interactions: We may track your interactions with Apollo Products, such as features used, links clicked, and attachments accessed or downloaded.

    2. Device and Connection Information: We may collect data about the devices you use, including operating system, browser type, and IP address, to enhance your user experience.

    3. Cookies and Tracking Technologies: We and our partners may use cookies and similar technologies to provide functionality and recognize you across different Services and devices. More details are below:

      1. Cookies: Apollo makes use of cookies and related tracking technologies. Cookies are small files that a site or its service provider transfers to your web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

      2. Web Beacons: Some of our website’s pages may contain electronic images known as Web beacons, which are also called single-pixel gifs. These images allow us to count users who have visited those pages and to deliver co-branded services. We also may include web beacons in promotional e-mail messages or newsletters in order to count how many messages have been opened and acted upon. Web beacons are not used to access your personal information, but they are a technique we use to compile aggregated statistics.

      3. Cookies’ Purpose: We use cookies to understand and save your preferences for future visits, to advertise to you on other sites (including but not limited to services such as Google AdWords and social media platforms), and to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

      4. Disabling Cookies: You can refuse cookies by adjusting your browser settings, but this may limit access to certain parts of our site.

      5. Disabling Web Beacons: Disable HTML images in your email program, which may also affect other images in emails.

      6. Third-Party Analysis: We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us analyze visitor activity on our websites. We may permit these service providers to use cookies and other technologies to perform these services for Apollo. These third party services include (but are not limited to) Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use Apollo Products. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/. You may also download the Google Analytics opt-out browser add on, available here: https://tools.google.com/dlpage/gaoptout.

      7. Social Media Features: Some parts of our websites may include social media features, such as the Facebook “like” button, and widgets, such as the “share this” button. These social media features are either hosted by a third party or hosted directly on the Apollo Products. When you use these tools, the party that provides the tool, the third party that operates the social media services, and/or we may receive information about you. By using these tools or by communicating with us through social media services, you acknowledge that some information, including personal information, from your social media services will be transmitted to us, and that information is therefore is covered by this policy, and some information, including personal information, may be shared with the third party services, and that information is therefore governed by their privacy policies.

      8. Public social media. When we interact with you on social media services, the information you share with us which can be seen by anyone other than you, us and the relevant social media service is not covered by this policy. Only information you share with us privately (e.g., through direct messages, private chat, etc.) is covered by this policy.

  2. When you provide information to us

    1. Account and Profile Information: We automatically collect information when you register, create, or modify your profile, set preferences, or make changes to your Apollo account. This includes contact information and any other applicable profile details.

    2. Content Provided: We collect information that you submit to us through the Apollo Products, such as when you fill out a form on one of our websites. This information may include your contact details. This also may include information such as feedback, participation in surveys, promotions, events, etc. Please refer to our Website Terms of Service (“Website Terms”) for more information on our websites generally.

    3. Support Channels: When you contact our support team, we collect information such as contact details, a summary of the problem, and any relevant documentation or information needed to resolve an issue.

    4. Payment Information: For certain paid Apollo Products, we use secure payment processing services (defined as “Third-Party Services” in the Website Terms) to collect and process payment and billing information, including payment card details. As further stated in the Website Terms, when you access or use a Third-Party Service on the Apollo website, you interact with the applicable third party provider, not with Apollo, and you do so at your own risk. 

  3. When we receive information from other sources

    1. Linked Services: We may collect information about you when you choose to link your other accounts with Apollo Products. For example, if you create or log into your Apollo Studio account using your GitHub credentials, we will have access to certain information such as your name and email address, as authorized in your GitHub profile settings.

    2. Apollo Affiliates and Partners: We may receive information from our corporate affiliates and partners who provide consulting, implementation, training, and other services related to the Apollo Products.

    3. Public Sources and Third Parties: We may receive information from public sources and third-party providers, including physical addresses, job titles, email addresses, and social media profiles, for targeted advertising, personalized communications, and event promotion.

Information Usage

How we use your information generally depends on the Apollo Products you use, your usage patterns, and any preferences you have communicated. Specific purposes include:

  1. Providing and Supporting Apollo Products: To authenticate your access to the Apollo Products, as well as to manage your Apollo account, process transactions, and provide customer support to resolve technical or other issues.

  2. Research and Development: To improve your experience, troubleshoot issues, identify trends, and to develop and improve current and future Apollo Products based on collective learnings. We may combine your information with information we have received from others, to learn about how the Apollo Products are used and to further improve them.

  3. Communicating with You: To send routine business or administrative communications, respond to inquiries, and provide updates.

  4. Security and Verification: To maintain and increase security, verify accounts, detect and prevent security incidents, and monitor for fraudulent activity.

  5. Marketing and Promotions: To send promotional communications, display ads, and inform you about new features, products, and events.

  6. Legal Obligations and Business Interests: To comply with legal, compliance, regulatory, and audit obligations, and to protect Apollo’s and others’ legal rights and business interests.

  7. With Your Consent: For specific purposes with your consent, such as customer testimonials or event participation.

Disclosure of Information

We are Apollo GraphQL. Because there are several companies with our name, it is important to again clarify that our “Apollo” refers to Apollo Graph, Inc., dba Apollo GraphQL – we make software for developers by providing a better API platform – we are not a data broker, and we do not sell any personal information for monetary consideration. However, we may disclose information through Apollo Products and to certain third parties, including:

  1. Service Providers: In order to provide the Apollo Products, we engage trusted third-party service providers for necessary business functions such as hosting, authentication, cybersecurity, anti-fraud measures, and advertising. To receive these services, we may need to share your personal information with the relevant providers.

  2. Account Administrators (i.e., your company): Information may be accessible to your organization’s administrator if you register or access Apollo Products using an email address owned by your employer.

  3. Third-Party Applications: If you choose to install and use third-party applications with the Apollo Products, we may share your personal information with the third-party providers. For clarity, use of your information by such third-party applications is subject to the terms and policies of such third-party providers.

  4. With Your Consent: We will disclose your information with your consent, for example, when publishing customer testimonials.

  5. Legal and Compliance: In the rare instance where we believe disclosure is advisable or required by applicable laws, regulations, or legal processes (e.g., to comply with an applicable subpoena or court order) or is otherwise necessary to enforce or protect our rights and interests, we may share information about you.

  6. Apollo Affiliates and Partners: If needed or required, information is shared with Apollo’s affiliates and partners, for example to operate and improve Apollo Products or to comply with any other purposes set forth in this policy.

  7. Business Transfers: If needed or required, information may be disclosed in connection with, or during the negotiation of, business transactions, such as mergers or sales of company assets.

Storage and Security

Security Measures: Storing and securing your personal information is a top priority. We use a variety of technical and organizational measures to protect your data from unauthorized access and processing. Notwithstanding such measures, it is important to understand that no system is completely flawless, and no organization can guarantee absolute security. You can learn more about our specific security controls by visiting our Trust Center.

Children Under 18: For clarity, Apollo Products are not intended for, and should not be used by, any individuals under the age of 18. Under no circumstances does Apollo knowingly collect or disclose the personal information of children under the age of 18. If you are under the age of 18, we ask that you do not use the Apollo Products or submit any information to us.

Retention Period

Our retention period depends on the type of information. Apollo’s intention and practice is to retain your information only as long as necessary to achieve the purposes for which it was collected. After those purposes are fulfilled, your information will be deleted or archived unless we need to comply with legal obligations or other legitimate purposes (including as outlined under this policy). We consider several factors when determining appropriate retention periods, including contractual terms and obligations, Apollo’s legitimate business interests, legal and compliance standards, and the nature of your personal information. In some cases, we may anonymize your personal information so that it no longer identifies you. Once anonymized, we may use this information without further notice to you.

Your Choices

You have choices as to how Apollo collects and uses your information:

Accessing and Updating Your Account: You can access, update, or change your account by logging into the relevant Apollo Products or emailing us at support@apollographql.com. Please refer to the Apollo Documentation for more information.

Deactivating Your Account: You can delete your user account any time on your Personal Settings page, or by emailing us at support@apollographql.com. Subject to our agreements, we may retain certain personal information to comply with legal obligations or for legitimate business purposes, such as resolving disputes or enforcing agreements. We may also keep cached or archived copies of personal information for a certain period. 

Opting Out of Promotional Communications: You can opt out of most Apollo promotional communications by following the instructions in those emails (e.g., unsubscribe links) or by emailing us at support@apollographql.com. However please note, if you opt out of promotional communications, we may still send you non-promotional emails related to your account or our ongoing business relationship.

Specific Disclosures – United States Residents

This section provides more information about the personal information we collect and the rights you have under various United States data protection and privacy laws, including the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and Virginia Consumer Data Protection Act (VCDPA).

Your Rights: Subject to applicable law, you have the following rights regarding your personal information:

  • Delete: Request deletion of your personal information

  • Access: Request disclosure of the personal information we collect and share

  • Correct: Correct errors in your personal information

  • Update: Request inaccurate personal information be corrected

  • Opt-Out: Opt-out of behavioral or targeted advertising and sales of personal information

  • Restrict Use and Disclosure: Request limitations on the use and disclosure of sensitive personal information (for clarity, Apollo does not knowingly collect or process sensitive personal information)

  • Nondiscrimination: Not receive discriminatory treatment for exercising your rights under CCPA

Please see “Data Subject Access Request” section below to learn how to exercise your rights.

Categories of personal information collected (CCPA). In the past 12 months, we have collected, or may have collected, the following categories of personal information as defined by the CCPA:

  • Identifiers: Real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address

  • Information Under Cal. Civ. Code §1798.80(e): Name, address, telephone number, or any financial information

  • Commercial Information: Information related to products or services you may have purchased

  • Internet or Electronic Network Activity: Information about your interaction with Apollo Products

  • Geolocation Data: Location information

  • Audio, Electronic, Visual, or Similar Information: Audio recordings of calls with you

  • Inferences: Inferences drawn from the information above, such as aggregated metrics

  • Sensitive Information: Account log-in or credit card number in combination with your credentials allowing access to your account

For more details, see the “Collected Information” section above.

Categories of personal information disclosed for a business purpose (CCPA). In the past 12 months, we have disclosed, or may have disclosed, the following categories of personal information for a business purpose, including to our service providers, as defined by the CCPA:

  • Identifiers: Real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address

  • Information Under Cal. Civ. Code §1798.80(e): Name, address, telephone number, or any financial information

  • Commercial Information: Information related to Apollo Products you may have purchased

  • Internet or Electronic Network Activity: Information about your interaction with Apollo Products

  • Geolocation Data: Location information

  • Audio, Electronic, Visual, or Similar Information: Audio recordings of calls with you

  • Inferences: Inferences drawn from the information above, such as aggregated metrics

  • Sensitive Information: Account log-in or credit card number in combination with your credentials allowing access to your account

For more information on how we share personal information with other parties, including our service providers, see the “Disclosure of Information” section above.

No sale or sharing of personal information. For clarity, we do not sell or share your personal information for cross-context behavioral advertising, as defined by the CCPA.

Specific Disclosures – EEA, UK, and Switzerland Residents

This section provides more information about the personal information we process under the General Data Protection Regulation (GDPR) and UK GDPR. Please note that in accordance with Article 27(2)(a) of the GDPR, it is Apollo’s understanding that we are not required to appoint an EU representative.

Controller of your information. Unless stated otherwise in a supplemental notice, Apollo Graph, Inc. is the data controller of your personal information.

Your rights. Subject to applicable law, you have the following rights regarding your personal information:

  • Delete: Request deletion of your personal information

  • Access: Request access to your personal information

  • Update: Request that we update your personal information

  • Restrict Processing: Request restriction or suppression of your personal information processing

  • Object: Object to processing of your personal information

  • Withdraw Consent: Withdraw consent at any time

Please see “Data Subject Access Request” section below to learn how to exercise your rights.

Legal Bases for Processing. We process your personal information based on one or more of the following legal bases:

  • Contractual Necessity: Where necessary to enter into or perform under a contract with you, including to provide Apollo Products

  • Legal Obligation: Where necessary for us to comply with a legal obligation

  • Legitimate Interests: For our legitimate interests, as outlined in this policy

  • Consent: With your consent

International Data Transfers: If you are using the Apollo Products from outside the United States, please be aware that in most instances you are sending personal information to the United States, where our servers are primarily located (certain cloud products currently in private-preview, and subject to written agreement between you and Apollo, may be hosted in EEA). The United States may not have data protection laws that are as comprehensive or protective as those in your country of residence. However, our collection, storage, and processing of your personal information will at all times be in accordance with this policy. Additionally, Apollo always seeks to follow applicable data protection laws and takes efforts to implement safeguards for the transfer of personal information (for example, between Apollo and our partners and service providers), such as the European Commission’s Standard Contractual Clauses and other equivalent measures.

Complaints. You may lodge a complaint with a data protection authority in your country or region, where you have your habitual residence, where you work, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available here, and the contact details for the UK Information Commissioner’s Office are available here

Data Subject Access Request

To assist you with the exercise of any your rights, Apollo has implemented a process to intake, review, and fulfill requests, sometimes referred to as “data subject access requests.” Such requests will be handled by Apollo on a case-by-case basis and in accordance with applicable laws. We may ask you for additional information to confirm your identity. If you disagree with our decision regarding your request, you may have the right to appeal under applicable law. To do so, please reply to our response.

Data Deletion Request: Email support@apollographql.com with the subject “Data Deletion Request” and indicate a description of the data to be deleted, timestamp of when such data was reported to Apollo, and the graph ID with which the data is associated.

Other Data Rights Request: Email both support@apollographql.com and legal@apollographql.com with the subject “Other Data Subject Access Request” indicating the specific right you are seeking to exercise, timestamp of when such data was reported to Apollo, and the graph ID with which the data is associated.

Changes to this Policy

We may occasionally update this policy. The date at the top indicates the last revision. Changes are effective when posted on this page.

Contact Apollo

If you have questions or concerns about this policy, contact us at:

Apollo Graph, Inc. Attn: Legal Department 1600 Bryant Street #411447 SMB#20356 San Francisco, CA 94141 (USA). Email: legal@apollographql.com with a copy to: support@apollographql.com