Legal — AX Core

Privacy Policy.

Effective date: 19 May 2026 · AX Studio Labs Ltd

Overview

AX Core (“the app”, “we”, “us”) is developed and operated by AX Studio Labs Ltd, a company registered in England and Wales. This policy explains what data we collect, why we collect it, and how it is used and protected.

We do not sell your personal data. We do not use your data for advertising. The data we collect exists solely to make the app work and to help us understand how it is used so we can improve it.

Data We Collect

Account data

  • Email address — used for authentication and account recovery
  • Display name — optional, used in the app interface
  • User ID — internal identifier linking your data across app features

Workout and programme data

  • Workouts you log (exercises, sets, reps, weights, durations)
  • Programmes you select, customise, or create
  • Streak records and active day history
  • Favourites and saved sessions

Health data (HealthKit)

AX Core reads the following data from Apple HealthKit, with your explicit permission:

  • Heart Rate Variability (HRV)
  • Resting Heart Rate
  • Sleep analysis (duration, stages)
  • Active Energy and Step Count
  • Dietary intake (calories, protein, carbohydrates, fat) — if you record nutrition in HealthKit-connected apps

This data is used exclusively to display your recovery and nutrition information inside the app. It is read on-device, never stored on our servers, and never shared with third parties.

Device and notification data

  • APNs device token — used solely to deliver push notifications to your device
  • We do not collect device model, OS version, or hardware identifiers

Purchase data

  • Purchase status is managed by Apple
  • We receive confirmation of your entitlement (Pro or Free) only — no payment card details are ever accessible to us

Analytics data (PostHog)

We use PostHog Inc. (hosted in the European Union) as a data processor to collect anonymous product usage information that helps us understand how the app is used and improve it over time. This includes events such as when the app is opened, when workouts are started and completed, and aggregate engagement signals. We do not transmit your name, email address, individual workout content, or any personally identifiable information to PostHog. PostHog assigns each app installation an anonymous identifier that cannot be used to identify you outside of the app. You can review PostHog’s privacy practices at posthog.com/privacy. Analytics data is retained for one year.

How We Use Your Data

  • To authenticate your account and restore your session
  • To save and display your workouts, programmes, and streaks
  • To calculate your recovery score and nutrition summary from HealthKit data
  • To deliver push notifications about your daily workout
  • To enforce subscription tier feature gates (Free / Pro)
  • To understand how AX Core is used in aggregate, so we can improve it

Data Storage and Security

Your account data is stored on Supabase infrastructure, hosted on AWS in the EU region. Supabase uses row-level security to ensure users can only access data they are authorised to see.

Your workout data is stored locally on your device using iOS App Groups. It is never transmitted to our servers. This means uninstalling the app will erase your workout history — back it up if you wish to preserve it across reinstalls.

All data is transmitted over HTTPS. Passwords are never stored — authentication is handled via Supabase Auth using secure token-based sessions.

Device tokens used for push notifications are stored securely and used only to route notifications to your device.

Third-Party Services

  • Supabase — database, authentication, and push notification delivery
  • PostHog — anonymous product analytics (EU-hosted)
  • Apple HealthKit — recovery and nutrition data (read only, on-device, never transmitted)
  • Apple Push Notification Service (APNs) — notification delivery

We do not integrate with any advertising networks or data brokers.

Data Sharing

We do not sell, rent, or share your personal data with third parties except as described above (Supabase, PostHog, Apple) and only to the extent necessary to operate the app.

Data Retention

Your account data is retained for as long as your account is active. If you delete your account, your profile, workout history, programmes, and associated data will be permanently deleted from our systems within 30 days.

HealthKit data is never stored by us — it is read on-device in real time and never transmitted to our servers.

Anonymous analytics data is retained by PostHog for one year.

Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, contact us at hello@axstudios.co. We will respond within 30 days.

Children

AX Core is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via an in-app notification or email. Continued use of the app after changes constitutes acceptance of the updated policy. The effective date at the top of this page will always reflect the most recent version.

Contact

AX Studio Labs Ltd
England, United Kingdom
Email: hello@axstudios.co