Skip to content
A
ApexAI

Legal

Privacy Policy

Last updated: April 16, 2026

This is a template. Have a lawyer review before relying on it.

ApexAI (“we”, “us”, “our”) operates the ApexAI mobile application for iOS and Android and the ApexAI website (together, the “Service”). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and how you can exercise your rights.

By using the Service, you agree to the collection and use of your data as described in this policy. If you do not agree, please do not use the Service.

1. Information we collect

We collect data you provide directly and data generated through your use of the Service.

1.1 Account information

  • Name, email address, and a securely hashed password
  • Fitness profile: goal, experience level, available equipment, preferred training days
  • Optional body data: weight, height, age, and sex

1.2 Training and performance data

  • AI-generated workout plans and your completed sessions
  • Set logs: exercises, weights, reps, rest times, workout duration
  • Progression and plateau history
  • Streaks, personal records, and goal completion

1.3 Nutrition data

  • Calorie and macronutrient targets
  • Meal logs and food preferences
  • Training-day vs. rest-day nutrition settings

1.4 Recovery and wellbeing data

  • Self-reported sleep hours, stress level, and perceived readiness
  • AI-calculated fatigue scores and readiness assessments

1.5 Chat and coaching data

  • Messages you send to the AI coach
  • AI-generated responses and recommendations

1.6 Technical data

  • Device model, operating system, and app version
  • Crash logs and performance diagnostics
  • IP address (used for security and not stored long-term)

2. How we use your data

  • Generate personalized workouts: your profile, recent history, fatigue score, sleep data, and progression feed the AI workout engine to produce each session
  • Provide AI coaching: your context (goals, recent workouts, streaks, active goals) is included in conversational AI prompts so responses are personal, not generic
  • Detect plateaus and prescribe interventions: your strength trends are analyzed to identify stalls and adjust programming
  • Calculate deload recommendations: consecutive training weeks, volume trends, and projected fatigue are evaluated after every session
  • Guide nutrition: training load and recovery state inform your daily calorie and macro targets
  • Display progress: charts, streaks, PRs, and weekly summaries are derived from your training data
  • Improve the Service: aggregated, anonymized usage patterns help us improve features and fix issues
  • Communicate with you: transactional emails (password resets, billing) and optional product updates

We never sell, rent, or trade your personal data.

3. AI processing and third-party services

ApexAI uses third-party AI models to generate workouts, coaching responses, plateau diagnoses, and nutrition guidance. The following data is sent to AI providers when you use these features:

  • Your fitness profile (goal, level, equipment, constraints)
  • Recent workout history (typically the last 5 sessions)
  • Computed fatigue score and days rested
  • Progression data for relevant exercises
  • Your chat messages (for conversational coaching)
  • Active goals and completion percentages

OpenAI:we use OpenAI's GPT-4o model via their API. Under our agreement, data sent to OpenAI is processed solely to generate your response and is notused to train OpenAI's models. OpenAI may retain API inputs for up to 30 days for abuse and misuse monitoring, after which they are deleted. See OpenAI's API data usage policy.

Anthropic:we may also use Anthropic's Claude models for specific features. Anthropic does not train on API inputs. See Anthropic's privacy policy.

We do not send your name, email, payment details, or any data that directly identifies you to AI providers. The data sent is limited to what is necessary to generate your personalized output.

4. Data storage and security

Your data is stored on encrypted cloud infrastructure. We use industry-standard practices for security:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Password hashing with bcrypt (never stored in plaintext)
  • JWT-based authentication with token expiry
  • Rate limiting on all API endpoints
  • Principle of least-privilege access controls for internal systems

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours as required by applicable law.

5. Data retention

We retain your personal data for as long as your account is active. When you delete your account:

  • All personal data is permanently deleted within 30 days
  • Anonymized, aggregated data (e.g., total workout counts) may be retained for analytics
  • Backups containing your data are purged within 90 days

You can export all your data at any time from Settings → Account → Export Data, in a machine-readable JSON format.

6. Data sharing

We share your data only in these limited circumstances:

  • AI providers (OpenAI, Anthropic) as described in Section 3, to generate your personalized content
  • Infrastructure providers (cloud hosting, CDN) who process data on our behalf under data processing agreements
  • Payment processors (Apple, Google) who handle subscription billing — we never see or store your payment card details
  • Legal obligations: if required by law, court order, or governmental request
  • Business transfer: in the event of a merger, acquisition, or sale of assets, your data may be transferred — you will be notified

We do not share data with advertisers or data brokers.

7. Your rights

Depending on where you live, you may have the following rights under GDPR (EU/EEA/UK), CCPA (California), or other privacy laws:

  • Access: request a copy of all personal data we hold about you
  • Correction: request correction of inaccurate personal data
  • Deletion: request permanent deletion of your personal data
  • Portability: export your data in a structured, machine-readable format
  • Restriction: request that we limit processing of your data in certain circumstances
  • Objection: object to data processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, email privacy@apexai.fitness. We will respond within 30 days (or sooner where required by law).

California residents (CCPA): we do not sell your personal information. You have the right to know what data we collect, request its deletion, and opt out of any future sale (though we do not sell data). To make a request, contact privacy@apexai.fitness.

8. Cookies and tracking

The ApexAI mobile app does not use cookies. The website uses:

  • Vercel Analytics: privacy-focused, cookieless web analytics that track page views and Core Web Vitals without identifying individual users
  • Essential cookies: strictly necessary for site functionality (no tracking or advertising cookies)

We do not use third-party advertising trackers, remarketing pixels, or social media tracking scripts.

9. Children

ApexAI is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@apexai.fitness and we will promptly delete it.

10. International data transfers

Your data may be processed in countries outside your country of residence, including the United States. Where required, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with applicable privacy laws.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the app (in-app notification) and by email if you opted in to communications. The “Last updated” date at the top reflects the most recent revision.

12. Contact us

Questions, concerns, or data requests? Contact our privacy team: