Skip to main content
Apex Training
Log in

Privacy Policy

Your privacy matters. Learn how we collect, use, and protect your personal and health data.

Effective Date: December 22, 2024 | Last Updated: December 22, 2024

Jump to section:

IntroductionInformation We CollectHow We Use Your InformationLegal Basis for ProcessingData Sharing & Third PartiesData RetentionSecurity MeasuresYour Privacy RightsCalifornia Privacy Rights (CCPA)European Privacy Rights (GDPR)Children's PrivacyCookies & TrackingChanges to This PolicyContact Us

Privacy at a Glance

We Never Sell Your Data

Your personal information is never sold to third parties. Period.

Data Minimization

We only collect what's necessary to provide our service.

You're in Control

Access, export, or delete your data anytime from your account.

1. Introduction

Apex Training ("we," "our," or "us") operates the Apex Training strength coaching platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services.

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Important: Our Service collects health and fitness data, which may be considered sensitive personal information under various privacy laws. We take extra precautions to protect this data as described below.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, password, and display name when you create an account
  • Profile Data: Age, gender, training experience, fitness goals, equipment availability, and injury history
  • Training Data: Workout logs, exercise performance, sets, reps, weights, RPE ratings, and personal records
  • Health Information: Body weight, known strength maxes (squat, bench, deadlift, overhead press), cycle tracking data (if enabled), and any injuries or physical limitations you disclose
  • Communications: Messages sent through our AI coach chat, feedback submissions, and support requests
  • Payment Information: Billing details are processed securely by Stripe; we do not store your full credit card number

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers, and screen resolution
  • Usage Data: Pages visited, features used, session duration, and interaction patterns
  • Log Data: IP address, access times, and referring URLs
  • Analytics Data: Aggregated usage statistics collected via Google Analytics and Vercel Analytics

2.3 Information from Third Parties

  • Wearable Integrations: If you connect services like Strava, Fitbit, Oura, WHOOP, or Garmin, we receive fitness and health data including sleep metrics, heart rate variability (HRV), resting heart rate, activity data, and recovery scores
  • Payment Processor: Stripe provides us with transaction confirmations and subscription status

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Generate personalized training programs, track your progress, and deliver AI coaching recommendations
  • Personalize Your Experience: Adapt workout difficulty, exercise selection, and recovery recommendations based on your performance and health data
  • Process Transactions: Handle subscription payments, renewals, and billing inquiries
  • Communicate with You: Send workout reminders, weekly progress summaries, and important service updates
  • Improve the Service: Analyze usage patterns to enhance features, fix bugs, and develop new functionality
  • Ensure Safety: Detect and prevent fraud, abuse, or security incidents
  • Comply with Legal Obligations: Respond to legal requests and enforce our terms

5. Data Sharing & Third Parties

We do not sell your personal information to third parties.

We may share your information with:

  • Service Providers: Third parties that help us operate the Service:
    • Supabase: Database hosting and authentication
    • Vercel: Web hosting and analytics
    • Stripe: Payment processing
    • Resend: Email delivery
    • OpenAI: AI model for coaching recommendations
    • Google Analytics: Usage analytics
  • Coach Programs: If you join a coach's program, the coach can view your training data and progress (not your personal health details unless you share them)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

6. Data Retention

We retain your data as follows:

  • Active Accounts: Data is retained as long as your account is active
  • Deleted Accounts: Personal data is deleted within 30 days of account deletion
  • Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics
  • Legal Requirements: Some data may be retained longer if required by law (e.g., tax records)
  • Backup Systems: Data may persist in backups for up to 90 days after deletion

7. Security Measures

We implement industry-standard security measures including:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access and row-level security for database access
  • Authentication: Secure password hashing and optional two-factor authentication
  • Infrastructure: Hosted on SOC 2 compliant platforms (Vercel, Supabase)
  • Monitoring: Continuous security monitoring and incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, visit Profile → Settings in the app or email legal@apextraining.io.

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit the use of sensitive personal information

To submit a request, email legal@apextraining.io with "CCPA Request" in the subject line. We will verify your identity before processing.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Data Controller: Apex Training is the data controller for your personal data
  • Data Protection Authority: You have the right to lodge a complaint with your local supervisory authority
  • International Transfers: Your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses and adequacy decisions for lawful transfers.
  • Special Category Data: Health and fitness data is treated as special category data requiring explicit consent

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at legal@apextraining.io and we will delete such information promptly.

12. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Help us understand how you use the Service (Google Analytics, Vercel Analytics)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • • Posting the updated policy on this page with a new effective date
  • • Sending an email notification for significant changes
  • • Displaying an in-app notification

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Legal & Privacy

legal@apextraining.io

General Inquiries

contact@apextraining.io

Data Protection Requests

Request Data Deletion

Related policies: Terms of Service | Data Deletion Policy