Privacy Policy

Reach Performance Ltd ("we", "us", "our") operates the Apex mobile application and website at myapex.app. We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

Apex is a men's intimate wellness app that helps users improve sexual performance through personalised training programmes. We recognise that the data we collect is highly sensitive and personal. We treat it with the utmost care and confidentiality.

We have conducted a Data Protection Impact Assessment (DPIA) for our processing of special category data, as required by Article 35 of the UK GDPR. This assessment is available on request.

1. Data Controller

Reach Performance Ltd is the data controller responsible for your personal data.

Company number: 17006304

Registered office: [REGISTERED OFFICE TO BE UPDATED]

Contact email: privacy@myapex.app

ICO registration: [TO BE INSERTED - register at ico.org.uk before launch]

There is no requirement for Reach Performance Ltd to appoint a Data Protection Officer. All data protection queries should be directed to privacy@myapex.app.

You have the right to complain directly to us about how we handle your data (see Section 11), and you may also contact the Information Commissioner's Office (ICO).

2. Data We Collect

Account Information

When you create an account, we collect your first name, surname, email address, and authentication credentials. If you sign up via Apple or Google, we receive limited profile information from those providers (typically your name and email).

Assessment and Onboarding Data

During onboarding, we ask you questions to personalise your training programme. These include questions about previous training experience, your current level of control, average climax time, training goals, availability, and any additional context you choose to share.

This data includes information relating to your sexual health and is classified as special category data under Article 9 of the UK GDPR. We process this data only with your explicit consent, which we request during onboarding before any such data is collected.

Training Activity Data

As you use the app, we collect records of drill completions, difficulty and control ratings you provide after each drill, arousal peak ratings, session duration, and any notes you add.

Performance Log (Sex Log) Data

The Log tab allows you to record real-world sexual performance sessions. Data includes the date, duration (from preset ranges), whether a condom was used, alcohol influence level (none, some, or a lot), a control rating, a satisfaction rating, and optional free-text notes. This is special category data processed with your explicit consent.

AI Coach Conversations

Messages you exchange with the AI Coach are stored so we can maintain conversation history and provide contextual advice. These conversations may contain sensitive personal information depending on what you choose to share.

Device and Technical Data

We collect device type, operating system version, app version, timezone (auto-detected from your device), push notification tokens, and basic usage analytics such as screens visited and feature engagement.

Payment Data

Subscription payments are processed by RevenueCat (in-app) and Stripe (as the underlying payment processor). We do not store your full payment card details. We receive confirmation of your subscription status, plan type, trial status, and transaction identifiers.

Marketing Data

If you subscribe to our email list via the landing page, we collect your email address through Kit (ConvertKit). If you arrive via a paid advertisement, Meta Pixel may collect anonymised interaction data for advertising attribution purposes (subject to your cookie consent).

3. Lawful Basis for Processing

Data type	Lawful basis
Account information	Contract performance - necessary to provide the service
Assessment and onboarding data (special category)	Explicit consent (Article 9(2)(a) UK GDPR)
Training activity and performance log data (special category)	Explicit consent (Article 9(2)(a) UK GDPR)
AI Coach conversations	Explicit consent
Payment data	Contract performance and legal obligation
Device and technical data	Legitimate interests (service improvement and security)
Marketing emails	Consent
Advertising attribution (Meta Pixel)	Consent

4. How We Use Your Data

To create and manage your account and authenticate your identity.
To generate a personalised training programme based on your assessment responses, using AI (Claude API by Anthropic, processed via Make.com).
To adapt your training plan weekly based on your drill completion data and performance ratings.
To power the AI Coach, which uses your training history and performance data to provide contextual guidance.
To send you push notifications about scheduled drills and training encouragement (via Firebase Cloud Messaging).
To process your subscription payments and manage your billing through RevenueCat and Stripe.
To send you marketing emails if you have opted in (via Kit/ConvertKit).
To measure advertising effectiveness through Meta Pixel (with your consent).
To monitor app performance, fix bugs, and improve the service.

5. AI and Automated Processing

Apex uses artificial intelligence (powered by Claude, developed by Anthropic) in two ways:

Personalisation Engine

Your assessment responses, drill completion data, and performance log entries are sent to Claude (by Anthropic) via Make.com to generate and adapt your training programme. This is automated decision-making that produces a significant effect on the service you receive, and involves the processing of special category data. We rely on your explicit consent as the lawful basis for this processing.

In relation to automated decisions that significantly affect you, you have the following rights under Article 22C of the UK GDPR (as amended by the Data (Use and Access) Act 2025):

The right to be informed that an automated decision has been made.
The right to make representations about the decision.
The right to obtain meaningful human intervention in the decision.
The right to contest the decision.

To exercise any of these rights, contact us at privacy@myapex.app. We will review any AI-generated plan you are dissatisfied with and, where appropriate, manually adjust it.

AI Coach

When you use the Coach feature, your messages and relevant training data are sent to Claude to generate responses. Conversation history is stored in our database to provide continuity.

We do not use your data to train AI models. Your data is processed by Claude solely to generate responses for you and is not retained by Anthropic for model training.

6. Third-Party Processors

Provider	Purpose	Location
Supabase	Database and authentication	EU (West Europe)
Anthropic (Claude API)	AI personalisation and coaching	USA
Make.com	Automation and data orchestration	EU
Firebase (Google)	Push notifications	USA
RevenueCat	Subscription management	USA
Stripe	Payment processing	USA/EU
Kit (ConvertKit)	Email marketing	USA
Meta (Pixel)	Advertising attribution (consent required)	USA

Each provider processes data only as instructed by us and is bound by data processing agreements.

7. International Data Transfers

Your data is transferred to and processed in the United States by several of our service providers (see Section 6 above). We ensure appropriate safeguards are in place for these transfers, primarily through Standard Contractual Clauses (SCCs) incorporated into our data processing agreements with each provider. Where applicable, we also rely on the UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge") for processors who are certified under that framework.

The Data (Use and Access) Act 2025 introduced a revised "data protection test" for assessing the adequacy of international transfers, requiring that the standard of protection in a receiving country is "not materially lower" than in the UK. We monitor developments in this area and will update our transfer mechanisms as guidance from the ICO evolves.

8. Data Retention

Data type	Retention period
Account data	Duration of account plus 12 months after deletion
Training and performance data	Duration of account; deleted within 30 days of account deletion
AI Coach conversations	Duration of account; can be cleared at any time from Profile screen
Payment records	7 years (HMRC requirement)
Marketing data	Until unsubscribe; deleted within 30 days
Technical/device data	Aggregated and anonymised after 12 months; raw data deleted

9. Your Rights

Under the UK GDPR and the Data (Use and Access) Act 2025, you have the following rights:

Right of access: You can request a copy of all personal data we hold about you.
Right to rectification: You can ask us to correct any inaccurate data.
Right to erasure: You can request that we delete your account and all associated data. You can initiate this from the Profile screen ("Delete Account") or by emailing us.
Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
Right to data portability: You can request your data in a structured, machine-readable format. The "Export My Data" option in the app facilitates this.
Right to object: You can object to processing based on legitimate interests (e.g. device/technical data).
Right to withdraw consent: Where we process data based on consent (including special category data), you can withdraw consent at any time. This will not affect the lawfulness of processing carried out before withdrawal. Please note that if you withdraw consent for the processing of special category data, we will be unable to provide the core personalisation and training features of the app, and your account may need to be closed.
Right to complain to us: You have the right to complain directly to us about how we handle your data. We will acknowledge your complaint within 14 days and provide a substantive response within 30 days.
Right to complain to the ICO: You also have the right to lodge a complaint with the Information Commissioner's Office (ico.org.uk).
Rights regarding automated decisions: You have the right to be informed about, make representations about, obtain human intervention in, and contest any significant automated decision (see Section 5).

To exercise any of these rights, email privacy@myapex.app. We will respond within one month.

10. Age Requirements

Apex is intended for users aged 18 and over. The app is not designed for, directed at, or intended to be used by anyone under the age of 18. We do not knowingly collect data from anyone under 18. If you are under 18, please do not use the app or provide any personal data. If we become aware that we have collected data from a user under 18, we will delete it promptly.

During account creation, we require confirmation that you are at least 18 years of age.

11. How to Contact Us and Make a Complaint

If you have questions about this Privacy Policy, want to exercise your data rights, or wish to make a complaint about how we handle your data:

Email: privacy@myapex.app

Data Controller: Reach Performance Ltd

Company number: 17006304

Registered office: [REGISTERED OFFICE TO BE UPDATED]

We aim to acknowledge complaints within 14 days and resolve them within 30 days. If you are not satisfied with our response, you can escalate your complaint to the ICO at ico.org.uk or by calling 0303 123 1113.

12. Cookies and Tracking

The Apex mobile app does not use cookies.

Our landing page (myapex.app) does not currently use any cookies or tracking scripts. When we introduce analytics or advertising tools (such as Meta Pixel), we will implement a cookie consent mechanism before any tracking is activated. Cookies used for profiling and advertising will require your consent.

Under the Data (Use and Access) Act 2025, certain low-risk cookies (such as those used solely for collecting aggregate statistics to improve services) may be used without consent provided clear information and a simple opt-out are provided. However, advertising attribution cookies such as Meta Pixel do not fall within this exemption and will always require your consent.

13. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption in transit (TLS) and at rest.
Access controls limiting data access to essential personnel only.
Secure authentication via Supabase Auth (supporting Apple Sign-In, Google Sign-In, and email/password).
Regular review of third-party processor security practices.
Row-level security on our database ensuring users can only access their own data.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via push notification or email. The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of the app after changes constitutes acceptance of the revised policy. If changes affect the processing of special category data, we will seek fresh explicit consent where required.

15. Our Commitment to Sensitive Data

We understand that Apex handles some of the most personal and sensitive data a user can share. Our commitments to you:

We will never sell your personal data to third parties.
We will never share identifiable sexual health data with advertisers, insurers, employers, or any third party beyond the service processors listed in Section 6.
Your data is used solely to provide and improve the Apex service for you.
All staff with access to user data are bound by strict confidentiality obligations.
You can delete your account and all associated data at any time from within the app.