Privacy Policy
Last updated 9 July 2026. This policy explains what personal data ApexYield Ltd collects, why we collect it, and the rights you have. Plain English, because opaque privacy policies are exactly the kind of thing we dislike.
Who we are
ApexYield Ltd ("we", "us", "our") is a bookshop registered in England and Wales, based at 14 Clerkenwell Green, London EC1R 0DP. We are the data controller responsible for your personal data, which means we decide how and why your information is processed. For any privacy question, or to exercise any of the rights described below, email us at hello@ape-xyield.com and a real person will reply.
This policy applies to everyone who visits ape-xyield.com, places an order, subscribes to our free resources, contacts our support team, or otherwise interacts with our services. It sits alongside our Terms of Service and Cookie Policy, and it is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We have deliberately avoided legalese wherever possible — if anything here is unclear, tell us and we will explain it plainly.
What data we collect
We only collect what we genuinely need to run a bookshop well. Depending on how you use the site, that may include:
- Order details: your name, delivery address, email and phone number when you place an order or book a consultation, along with the titles you purchased and the date of the order.
- Payment data: processed securely by our third-party payment provider. We never see or store your full card number, CVV, or banking credentials — we receive only a confirmation that payment succeeded and a masked reference.
- Communications: messages you send us by email, the support chat, or the forms on this site, including the content of your enquiry and any attachments you choose to share.
- Account preferences: the reading level and topics you filter by, items saved in your basket, and choices such as whether you have dismissed the cookie banner.
- Usage data: anonymised, aggregated information about how visitors use the site — pages viewed, books opened, rough device type — collected via cookies (see our Cookie Policy). This never identifies you personally.
We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
Why we use it and our lawful bases
Under UK GDPR we must have a lawful basis for every use of your data. We rely on the following:
- Contract: to take and fulfil your orders, arrange delivery, process returns and refunds, and provide the customer support you ask for.
- Consent: to send you marketing emails, our free budget checklist, and to set non-essential analytics cookies. You can withdraw consent at any time without affecting the lawfulness of earlier processing.
- Legitimate interest: to keep the site secure, prevent and detect fraud, understand which books and articles are popular, and improve our service — always balanced against your rights and freedoms.
- Legal obligation: to keep accounting and tax records and to respond to lawful requests from authorities.
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.
Sharing your data
We share data only with the suppliers who make the service work, and only the minimum they need to do their job. These "data processors" act on our instructions and are bound by contracts requiring them to protect your information:
- Our payment processor, to take payment securely.
- Our delivery couriers, to get your books to you.
- Our email and analytics providers, to send confirmations and understand site usage.
We never sell your personal data to anyone, and we never share it for third-party advertising. We may disclose data where we are legally required to do so — for example, in response to a valid court order — or to protect our rights, safety, and property. Some of our suppliers may process data outside the UK; where they do, we ensure appropriate safeguards such as UK adequacy regulations or Standard Contractual Clauses are in place.
How long we keep it
We keep personal data only for as long as we genuinely need it. Order and transaction records are retained for around six years to meet our legal and accounting obligations. Marketing data is kept only until you withdraw consent or become inactive for an extended period. Support conversations are kept for up to two years so we can help if you get back in touch. Anonymised analytics may be kept longer, as it no longer identifies you. When data is no longer needed, we securely delete or fully anonymise it.
Your rights
UK data protection law gives you strong rights over your personal data. You can ask us to:
- Access the personal data we hold about you, and receive a copy of it.
- Correct data that is inaccurate or incomplete.
- Erase your data where there is no overriding reason for us to keep it ("right to be forgotten").
- Restrict our processing of your data while a concern is investigated.
- Object to processing based on legitimate interest, including any direct marketing.
- Receive a portable, machine-readable copy of the data you have provided, or have it transferred to another provider.
- Withdraw consent at any time, where we rely on consent.
To exercise any of these rights, email us and we will respond within one calendar month, free of charge in all but exceptional cases. We may need to verify your identity first to protect your data. If you are unhappy with how we have handled your information, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling their helpline — though we would always appreciate the chance to put things right first.
Cookies and tracking
Like most websites, we use a small number of cookies. Essential cookies keep your basket working and the site secure; optional analytics cookies help us improve, and are only set with your consent. You can manage your choices at any time through our banner or your browser settings. Our separate Cookie Policy explains each cookie in detail, including what it does and how long it lasts.
Marketing and your inbox
If you request our free checklist or opt in to updates, we may occasionally email you reading recommendations, new arrivals, and money tips. Every email includes a one-click unsubscribe link, and we will never bombard you — a quiet, useful inbox is part of the ApexYield promise. We do not share your email with other companies for their own marketing.
Security
We take the security of your data seriously. We use encryption in transit (HTTPS), restricted access controls so only authorised staff can view personal data, and reputable, security-vetted suppliers. We regularly review our practices and keep our systems patched and up to date. No online service can promise perfect security, but we take reasonable and proportionate steps to protect your information, and in the unlikely event of a data breach that risks your rights, we will notify you and the ICO as required by law.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices, technology, or the law. Any material changes will be posted here with a revised "last updated" date, and where appropriate we will notify you by email. We encourage you to review this page periodically. Continued use of the site after changes take effect means you accept the updated policy.
How to contact us
If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please write to ApexYield Ltd, 14 Clerkenwell Green, London EC1R 0DP, United Kingdom, or email hello@ape-xyield.com. We aim to answer every privacy enquiry within a few working days.