​

 

 

LAST UPDATED APRIL 18, 2025

 

 

Fulfillment Policy​

​​

Apex Scientific Inc's Fulfillment Policy for Payments via Stripe®:

 

This Fulfillment Policy outlines the terms for subscription orders paid through Stripe®. By making a payment, you agree to these terms.

‍

Fulfillment Policy: 

​

This Fulfillment Policy (the “Policy”) informs you about our delivery policy and the rules and guidelines relating to the refunds for services purchased from our Company. Please read this Policy carefully to understand your rights and also understand the requirements for refunds.

​

Purchase Currency: 

Our services are billed in either U.S. Dollars or Canada Dollars.   All payments are securely processed through Stripe®.

​​

Storage of Credit Card Details

Apex Scientific Inc. does not store any credit card details.

​​

Customer service contact information:

 

Customers have multiple ways to contact us: 

Email: info@apexscientific.com

Phone: 866-456-2739

Address: 6640-8181 Cambie Rd. Richmond, BC, Canada V6X 3X9

​

Description of Services:

​Apex Scientific Inc. is a full-service MSP (Managed Services Provider) of IT Services.  We are a result-driven MSP aimed at providing premier services in the field of IT consulting, Remote Management Services, Cybersecurity, Network Infrastructure, and Data Backup and Disaster Recovery.   

​

Apex Scientific does all of the heavy lifting of managing your company's IT systems and network so that you can focus on your business goals.   

​

‍Subscription Activation: Access to the Apex Scientific services is granted during the initial onboarding call.

​

Subscription Confirmation: You will receive a link confirmation to initiate your subscription and save a payment method for your recurring payments.   

 

To update your payment method, please contact info@apexscientific.com. 

A) Remote Monitoring & Management Services

​

Our 24 x 7 call center is staffed with IT pros for your business. 

We support a multitude of companies large and small. With around the clock access to technical resources, your business can offer unrivaled support to end-users and employees.

​

Apex Scientific's RMM Services are more than just a helpdesk. 

​

We offer full service IT with fast response times and consulting services that can help optimize efficiency in your business operations.

​

B) Security Centric

​

In today’s world, cyber security is an ever-growing threat. Robust security and protection are no longer simply nice to have–they’re must-haves.  Contrary to popular belief, most cyber-attacks are targeted towards small- and medium-sized businesses (SMEs).   We offering enterprise-level solutions into the reach of the SME market.

 

C) Network Infrastructure

​

Apex conducts comprehensive IT Site Surveys that identify and remove single point of failures ("SPOFs").  Our Site Surveys can certify that your company is equipped with the proper network infrastructure to succeed in your business goals.  

Fast & Reliable Internet

​

Apex provides enterprise network equipment aimed at providing 99.995% network uptime with reliable and super fast Wi-Fi connections throughout your building.   Our stack utilizes only the highest quality devices installed by Cisco certified technicians.  

​

Our Fulfillment Policies 

 

‍Recurring Payments: Subscriptions are billed automatically according to the billing cycle selected (e.g., monthly, annually).

​

Refund Policy:

 

Generally, subscriptions are non-refundable once accessed. However, in certain circumstances, we offer refunds. If you believe there has been an error in billing or have other concerns, please contact us at info@apexscientific.com or call us at 1-866-456-2739.

 

Cancellation or Return Policy: 

 

Cancellations or Returns: 

 

Subscriptions can be canceled and Returns can be initiated at any time by contacting info@apexscientific.com or call us at 1-866-456-2739.   
 

​Shipping or delivery policy

​We currently only ship and deliver to USA or Canada.   Methods are via local and international couriers such as UPS, USPS, DHL, FedEx, Canada Post, and other partnering vendors.   Times of delivery depends on the order and target location and recipient details.   For more specific details contact us at info@apexscientific.com or call us at 1-866-456-2739.

 

​

Policy Updates: Apex Scientific Inc. reserves the right to update this policy at any time.

Changes will be effective upon posting on our website.

 

Please review regularly to stay informed.

​

Our privacy policy is listed in our footer as well as here: Privacy Policy 

​

The security of your website and customer payment information

Our website does not take any credit card payments directly.   Apex Scientific will provide our customers with a direct payment link from Stripe, which enforces PCI DSS v4.0 replaces v3.2.1 effective March 31, 2024.   See https://stripe.com/ie/guides/pci-compliance for more details

​

Legal or export restrictions applicable: 

Apex Scientific Inc. does not export any goods that are restricted from Canada (country of origin) to the United States such as the following: 

• Drugs and health products.

• Cannabis.

• Food, plants and animals.

• Explosives.

• Fireworks.

• Nuclear substances.

• Energy sector.

• Controlled goods.

This list is in accordance to Canadian / US Export and Import Laws and Regulations and is frequently referred to here: 

https://www.tradecommissioner.gc.ca/guides/us-export_eu/141452.aspx?lang=eng

​

Standards and regulations compliance
Stripe uses best-in-class security practices to maintain a high level of security.

Per Stripe: 

​

System and Organization Controls (SOC) reports
Stripe’s systems, processes, and controls are regularly audited as part of our SOC 1 and SOC 2 compliance programs. SOC 1 and SOC 2 Type II reports are produced annually and can be provided upon request.

The Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC) developed the SOC 3 report. Stripe’s SOC 3 is a public report of internal controls over security, availability, and confidentiality. View our recent SOC 3 report.

​

EMVCo standard for card terminals

Stripe Terminal is certified to the EMVCo Level 1 and 2 standards of EMV® Specifications for card and terminal security and interoperability. Terminal is also certified to the PCI Payment Application Data Security Standard (PA-DSS)—the global security standard that aims to prevent payment applications developed for third parties from storing prohibited secure data.

​

NIST Cybersecurity Framework
Stripe’s suite of information security policies and their overarching design are aligned with the NIST Cybersecurity Framework. Our security practices meet the standards of our enterprise customers who must provide secure products like on-demand cloud computing and storage platforms (for example, DigitalOcean and Slack).

​

Privacy and data protection
Stripe’s privacy practices comply with CBPR and PRP systems as evidenced by the CBPR and PRP certifications Stripe has obtained. To view the status of our certifications, please click here (CBPR) and here (PRP). Stripe also complies with the U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. To view our certifications, please see here.

​

Security is one of Stripe’s guiding principles for all our product design and infrastructure decisions. Stripe offers a range of features to help our users better protect their Stripe data.

​

Sensitive action authentication
The Stripe Dashboard supports several forms of multi-factor authentication (MFA) including: SMS, time-based one-time password algorithm (TOTP), hardware security keys, and passkeys. Stripe also supports single sign-on through Security Assertion Markup Language (SAML) 2.0, allowing customers to mandate sign-in requirements, configure access control, and instantly onboard team members through Just-in-Time account provisioning.

Support requests from users must be authenticated by sending the request from the Dashboard (after login) or by verifying account access before a support response is proffered. By requiring authentication, Stripe minimizes the risk of providing any information to non-authorized people.

​

Access restriction and auditing
From the Dashboard, users can assign different detailed roles to enable least-privilege access for their employees, and create restricted access keys to reduce the security and reliability risk of API key exposure.

Users can also view audit logs of important account changes and activity in their security history. These audit logs contain records of sensitive account activity, like logging in or changing bank account information. Stripe monitors logins and note:

If they’re from the same or usual devices
If they’re from consistent IP addresses
Failed attempts

Users can export historical information from the logs. For time-sensitive activities, such as logins from unknown IPs and devices, Stripe sends automatic notifications so that logs don’t need to be reviewed manually.

​

HTTPS and HSTS for secure connections
Stripe mandates the use of HTTPS for all services using TLS (SSL), including our public website and the Dashboard. Stripe regularly audits the details of our implementation, including the certificates we serve, the certificate authorities Stripe use,s and the ciphers we support. We use HSTS to make sure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for all modern major browsers.

​

All server-to-sever communication is encrypted using mutual transport layer security (mTLS) and Stripe has dedicated PGP keys for users to encrypt communications with Stripe, or verify signed messages they receive from Stripe. Our systems automatically block requests made using older, less secure versions of TLS, requiring use of at least TLS 1.2.

The stripe.com domain, including the Dashboard and API subdomains, are on the top domains list for Chrome, providing extra protection against homoglyph attacks. This makes it harder to create fake pages that look like stripe.com in Chrome (for example, strípe.com), which renders as punycode (xn–strpe-1sa.com), in turn making it harder for Stripe credentials to be phished.

Proactive internet monitoring

Stripe encrypts sensitive data both in transit and at rest. Stripe’s infrastructure for storing, decrypting, and transmitting primary account numbers (PANs), such as credit card numbers, runs in a separate hosting infrastructure, and doesn’t share any credentials with the rest of our services. A dedicated team manages our CDV in an isolated Amazon Web Services (AWS) environment that’s separate from the rest of Stripe’s infrastructure. Access to this separate environment is restricted to a small number of specially trained engineers and access is reviewed quarterly.

​

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. Stripe tokenizes PANs internally, isolating raw numbers from the rest of our infrastructure. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including our API and website. It’s not just PANs that are tokenized this way; Stripe treats other sensitive data, like bank account information, in a similar way.

​

Corporate technology

Stripe takes a zero-trust approach to employee access management. Employees are authenticated leveraging SSO, two-factor authentication (2FA) using a hardware-based token, and mTLS through a cryptographic certificate on Stripe-issued machines. After connecting to the network, sensitive internal systems and those outside the scope of the employee’s standard work require additional access permissions.

​

Stripe monitors audit logs to detect abnormalities and watch for intrusions and suspicious activity, and also monitor changes to sensitive files in our code base. All of Stripe’s code goes through multiparty review and automated testing. Code changes are recorded in an immutable, tamper-evident log. Stripe constantly collects information about Stripe-issued laptops to monitor for malicious processes, connections to fraudulent domains, and intruder activity. Stripe has a comprehensive process for allowlisting permitted software on employee laptops, preventing the installation of non-approved applications.

​​​​​​